danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-12-15 19:07:00 +01:00
Code Issues Projects Releases Wiki Activity
9,168 Commits 43 Branches 314 Tags 108 MiB
afbda6d0f6
Commit Graph

1968 Commits

Author SHA1 Message Date
Matt Brown
58b306b6e3 Ensure class template types are mapped to static methods where necessary 
Ref #4733
 2020-11-29 17:40:52 -05:00
Matt Brown
8da676f5bf Improve param name 2020-11-29 17:26:42 -05:00
Matt Brown
ea314cc1c0 Simplify calling of replacer methods 2020-11-29 16:27:00 -05:00
Matt Brown
4d22723525 Break out replacement of templated types with their inferred result 2020-11-29 16:16:16 -05:00
Matt Brown
15a5bd5e29 Simplify storage and retrieval of extended template params 2020-11-29 15:05:32 -05:00
Matthew Brown
60ac109c01
Add RedundantPropertyInitializationCheck (#4732) 
* Add RedundantPropertyInitializationCheck

* add documentation for RedundantPropertyInitializationCheck (#4734)

Co-authored-by: orklah <orklah@users.noreply.github.com>
 2020-11-29 11:57:20 -05:00
Matt Brown
0efd4ebd7d Detect some erroneous issets 2020-11-29 09:26:39 -05:00
Matthew Brown
fd53192ad2
Fix redundant mappings 2020-11-28 21:05:31 -05:00
Matt Brown
8adc0918ae Fix the bug 2020-11-28 09:55:40 -05:00
Matt Brown
de1fa03f77 Fix template type selection 2020-11-28 09:53:11 -05:00
Matt Brown
4af7e818b2 Simplify ArrayFetchAnalyzer::getArrayAccessTypeGivenOffset 
Ref #4714
 2020-11-27 23:36:47 -05:00
Matt Brown
73cd07a01f Simplify FunctionCallAnalyzer 
Ref #4714
 2020-11-27 16:34:27 -05:00
Matt Brown
6db8132b4c Simplify call analysers a bit 
Ref #4714
 2020-11-27 16:31:10 -05:00
Matt Brown
5dd4912a99 Simplify ArrayAnalyzer 
Ref #4714
 2020-11-27 14:19:55 -05:00
Matt Brown
1ce45516db Don’t alter behaviour 2020-11-27 11:47:12 -05:00
Matt Brown
5f065d3d74 Turn template bound tuples into object 
Ref #4714
 2020-11-27 11:43:30 -05:00
Matt Brown
6de97e3779 Skip missing function params in taint analysis 2020-11-26 11:58:14 -05:00
orklah
4bbb72329e
Fix PHPMAXINT offset (#4707) 2020-11-26 09:24:32 -05:00
Matt Brown
01ceaf7006 Fix style issues 2020-11-25 21:36:37 -05:00
orklah
58736924dd
fix wrong cast to int when string offset is a number > MAX INT (#4702) 2020-11-25 15:48:53 -05:00
Matt Brown
f3e0201a99 Treat $a ?? $b identically to isset($a) ? $a : $b 2020-11-25 14:34:05 -05:00
Matt Brown
d40d63f180 Fix #4699 - treat isset like !== null when variable is defined 2020-11-25 14:04:55 -05:00
Matt Brown
6aa052475a Pass correct flags when referencing from finally 2020-11-25 14:04:55 -05:00
orklah
b6a3282589
Detect redundant cast (#4695) 
* detect redundant cast

* fix redundant cast issues

* fix redundant cast in tests
 2020-11-25 12:04:48 -05:00
Matt Brown
f8ddc7e58a Add slash 2020-11-24 15:07:15 -05:00
Matt Brown
e9c00b8395 Switch order to satisfy new refinement 2020-11-24 14:57:34 -05:00
Matt Brown
41af653bd4 Add support for some dependent types 2020-11-24 14:50:35 -05:00
orklah
b6cb9785ac
Prevent illegal array keys (#4660) 
* Emit an issue when an array-key is not legal

* tests
 2020-11-23 15:20:39 -05:00
erikjwaxx
25d8c6d21e
Narrow inference of $a <=> $b from "int" to "-1|0|1" (#4680) 
* A <=> operator has a literal type of -1|0|1 and not simply int

* Test to verify inferred type of $a <=> $b is -1|0|1
 2020-11-23 13:10:51 -05:00
Matt Brown
17ceba5c06 Fix bug 2020-11-22 23:32:14 -05:00
Matt Brown
f164a45843 Fix bugs 2020-11-22 19:45:54 -05:00
Matt Brown
9a03a9a5d0 Move param taint sink addition after arguuments have been analysed 2020-11-22 19:39:40 -05:00
Matt Brown
b782dd4225 Make sure conditional escaping works for static methods too 2020-11-22 13:39:32 -05:00
Matt Brown
af008953a8 Fix #4661 - support conditional escaping for functions 2020-11-22 13:24:33 -05:00
orklah
a3217265ce
null operations should return mixed results (#4655) 2020-11-22 09:06:03 -05:00
Matt Brown
f0ae0e5cb4 Break aparat type combiner 2020-11-21 18:11:29 -05:00
Lukas Reschke
ffb0c4ae17
Implement variadic taint propagation (#4649) 
* Implement variadic taint propagation

* Lint code
 2020-11-21 17:41:40 -05:00
orklah
ae0486529e
Unused psalm-suppress (#4646) 2020-11-21 17:39:40 -05:00
Matt Brown
1cead18760 Fix #4637 - prevent regression when negating function call with === false 2020-11-20 09:56:53 -05:00
Matt Brown
ce8938263e Fix #4636 - prevent crashes on aliased classes 2020-11-20 09:29:24 -05:00
Matt Brown
c562e1dd52 Don’t taint foreach keys with array-fetch 
We could use array-keyfetch or similar, but for now gives false-positives
 2020-11-19 19:08:59 -05:00
Matt Brown
78d644d1a1 Change TaintedText to TaintedCallable 2020-11-19 19:01:19 -05:00
Matt Brown
4c315ec45c Closure calls aren’t sinks 2020-11-19 18:44:36 -05:00
Matt Brown
70c9fd97c7 Return empty instead of throwing 2020-11-19 16:25:53 -05:00
Matt Brown
ead63894a1 Fix formatting 2020-11-19 16:09:30 -05:00
Matt Brown
b5d4b59c33 Be more refined 2020-11-19 15:57:05 -05:00
Matt Brown
de49892525 Fix #4626 - array_key_exists should infer type for first arg where possible 2020-11-19 15:40:27 -05:00
Matt Brown
ff3fff56d4 Simplify assertion negations, centralising as much as possible 
Now the flag passed to scrapeAssertions just determines the errors emitted
 2020-11-19 14:32:49 -05:00
Matt Brown
7803cc228b Revert "Fix #4624 - allow in_array to work with list arrays" 
This reverts commit 08ae85a735.
 2020-11-19 12:49:26 -05:00
Matt Brown
08ae85a735 Fix #4624 - allow in_array to work with list arrays 2020-11-19 09:26:41 -05:00
Matt Brown
95de6cf177 Allow immutable classes to be specialised through calls 2020-11-19 01:38:20 -05:00
Matt Brown
d60abaf858 Unfix fixes 2020-11-18 19:19:07 -05:00
Matt Brown
8dd229f6c0 Only ignore literal flows when tainting 2020-11-18 18:43:41 -05:00
Matt Brown
be275ae972 Fix #4605 - taint parent-declared property 2020-11-18 13:34:47 -05:00
Matt Brown
236292ff05 Fix #4600 - set attributes in a bunch of places 2020-11-18 12:44:59 -05:00
Matt Brown
3f7f959726 Fix #4599 - propagate taints to parent callers where necessary 2020-11-18 09:59:54 -05:00
Matt Brown
28dee4146a Fix tests 2020-11-17 17:53:46 -05:00
Matt Brown
adeaa33a64 Don’t propagate taints to child constructor args 2020-11-17 16:49:29 -05:00
Matt Brown
4e5111f1a8 Fix #4472 - if something flows into a byref var it’s used 2020-11-17 15:30:53 -05:00
Matt Brown
43af3b1a57 Break out TaintedInput issues into a lot of separate ones 2020-11-17 12:44:31 -05:00
Matt Brown
42802e11d1 Allow PHP major version to determine substr return type 2020-11-16 16:31:33 -05:00
Dusk
0fe3e1f83b
Allow named arguments to variadic functions (#4575) 
Closes #4563
 2020-11-16 15:49:27 -05:00
orklah
6f8b463860
Detect trying to access to a list with a negative offset (#4552) 2020-11-15 20:26:50 -05:00
Matt Brown
26b4cd1fb9 Fix #4529 - allow unsetting with complex array key 2020-11-14 08:57:25 -05:00
Matt Brown
086237aab7 Fix #4544 - improve handling of get_class in match 2020-11-13 11:55:42 -05:00
Matt Brown
5a62dc5c40 Fix #4540 - use correct method when simulating property setting 2020-11-12 23:56:29 -05:00
Matt Brown
556fb12966 Move mutation checks to more appropriate place 2020-11-12 23:54:50 -05:00
Matt Brown
2f7bf2a144 Bind lower bounds to upper bounds as well when no upper bound can be inferred 
Ref #4485
 2020-11-11 17:46:09 -05:00
Matt Brown
a8d7248c31 Fix #4524 - do better template param inheritance 2020-11-11 13:25:17 -05:00
Matt Brown
5ad1e80e99 Fix #4527 - improve interpolated string types 2020-11-11 00:38:26 -05:00
Matt Brown
46ebca4497 Fix coalesce operation tainting 2020-11-10 14:36:36 -05:00
Matt Brown
a82a9558d2 Experiment with refactor 2020-11-10 12:50:17 -05:00
Matt Brown
b731b53d5e Add debug stuff for code complexity 2020-11-10 12:49:42 -05:00
Matt Brown
81babf2430 Clone to prevent incorrect references 2020-11-10 09:01:46 -05:00
Matt Brown
e27cbfba57 Reduce size of data flow graph when analysing array assignments 2020-11-09 22:44:36 -05:00
Adrien LUCAS
4cb8e86737
Add a proxy capability to the flow annotation (#4495) 
* Add a `passthru` capability to the flow annotation

* Fix passthru-calls type

* Fix types and rename to proxy

* Allow to proxy a method

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-11-09 15:22:35 -05:00
Matt Brown
e97a9c86eb Fix #4517 - track type contradiction issues in match expressions 2020-11-09 10:00:53 -05:00
Matt Brown
3aaa1d8447 Fix #4516 - treat exit() as the empty type 2020-11-09 08:44:03 -05:00
Matt Brown
683546e024 Fix #4519 - prevent crash with empty match 2020-11-09 08:36:59 -05:00
Matt Brown
8799e1a337 Break apart complex method 2020-11-09 00:58:45 -05:00
Matt Brown
0be4f2fedf Fix/ignore reflection bugs 2020-11-08 14:27:37 -05:00
Matt Brown
20e37d8cb6 Add a comment to show workings 2020-11-08 13:08:45 -05:00
Matt Brown
24c9702aa5 Remove unused imports 2020-11-08 12:31:21 -05:00
Matt Brown
6da0905478 Separate out good from the bad 2020-11-08 12:29:23 -05:00
Matt Brown
b635353cf4 Fix redundant thing 2020-11-08 10:18:32 -05:00
Matt Brown
dccf236d16 Fix #4503 - don’t ignore assertions on possibly-null mixed 2020-11-08 10:06:39 -05:00
Matt Brown
b8f5d16e9f Consolidate similar functionality 2020-11-07 00:58:20 -05:00
Matt Brown
bb5b5142d6 Add more info to mic drop code 2020-11-06 21:36:38 -05:00
Matt Brown
45b3dce631 Break apart IfElseAnalyzer 2020-11-06 21:01:17 -05:00
Matt Brown
3359e7699a Rename IfAnalyzer 2020-11-06 20:51:14 -05:00
Axel H
271e0d86be
Fix type inference when unpacking typed iterables (#4487) 
* Add test for unpacking typed iterables

* Fix type inference when unpacking typed iterables into arrays

* Fix possibly undefined array offset
 2020-11-06 17:24:01 -05:00
Matt Brown
9daa534656 Ensure we flush out re-assigned vars also referenced 
Fixes #4488
 2020-11-06 12:51:41 -05:00
Matt Brown
6b06ecec39 Fix #4491 - support assertions in new calls 2020-11-06 11:55:19 -05:00
Matthew Brown
1c66646e72
Fix formatting 2020-11-05 19:23:54 -05:00
Matt Brown
d47d817843 Fix #4479 - use correct keys in message 2020-11-05 10:13:08 -05:00
Matt Brown
b3ff107c20 Add functions 2020-11-04 23:34:38 -05:00
Matt Brown
3bde327f1b Break up CommentAnalyzer 2020-11-04 23:25:08 -05:00
Matt Brown
f3c6d70a9b Use more accurate type for div of ints 2020-11-04 22:39:27 -05:00
Matt Brown
eacc05e73f Fix #2132 - get value of literal int division 2020-11-04 22:32:33 -05:00
Matt Brown
3e9c5d3600 Add support for @return never 2020-11-04 12:30:02 -05:00
Matt Brown
b5a3f45d52 Remove use of PHP 7.2 function 2020-11-04 11:02:34 -05:00
Matt Brown
91d9dc3759 Fix overeager inference 2020-11-03 16:44:24 -05:00
Matt Brown
b35db3e523 Reorganise things a little 2020-11-03 16:15:54 -05:00
Matt Brown
3d4e77beb6 Fix int-mask-of expansion 2020-11-02 00:40:36 -05:00
Matt Brown
09228131d8 Use falsy value 2020-11-01 22:57:30 -05:00
Matt Brown
6922caf9f6 Fix #4466 use better differentiation for class_exists second param 2020-11-01 13:14:17 -05:00
Matt Brown
966b139504 Fix dupe semicolons 2020-11-01 11:42:09 -05:00
Matt Brown
024d93b7fd Fix #4467 - variables are only the same if they were set in the same location 2020-11-01 11:26:42 -05:00
Joe Hoyle
4bb675ea72
Pass CodeLocation to FunctionParamsProviderInterface interface (#4444) 
Currently the `getFunctionParams()` method of the `FunctionParamsProviderInterface` is never passed the CodeLocation of the analyzed function call. As this is in-scope in the only call site, we can pass the CodeLocation. This means the `getFunctionParams()` is able to issue it's own Issues (which required the code location to attached the Issue to)
 2020-10-29 19:53:21 -04:00
Matt Brown
5c784dc7cb Fix #4435 - ensure casts are always flow-sensitive 2020-10-28 14:06:05 -04:00
Matt Brown
4aef96bbac Use lists everywhere for args 2020-10-28 12:45:26 -04:00
Matt Brown
1da6615ac2 Fix comma 2020-10-27 09:13:57 -04:00
Matt Brown
d3464cb22a Fix #4418 - improve try analysis for mixed, too 2020-10-26 09:05:48 -04:00
Matt Brown
462f8ba32b Fix #4397 - allow offsetGet on inside isset 2020-10-25 22:16:43 -04:00
Matt Brown
18f3a3721f Fix #4414 - allow multiple @psalm-assert-if-true on same var 2020-10-25 10:49:39 -04:00
Matt Brown
94e26b2257 Empty checks variables are really falsy checks 2020-10-24 12:46:27 -04:00
Matt Brown
5ff3f1377d Fix a few bugs 2020-10-24 12:23:59 -04:00
Matt Brown
f72e2d7de5 Fix #4374 - prevent paradox and allow Psalm to understand more assignments in conditionals 2020-10-20 14:43:05 -04:00
Matt Brown
66780716aa Fix #3625 - getIterator call is used inside loop 2020-10-20 10:59:09 -04:00
Matt Brown
3803bbfce0 Fix #4368 - improve handling of try with finally 2020-10-20 09:07:10 -04:00
Matt Brown
1a6b684993 Fix #4366 - possibly-undefined vars in finally block should not error 2020-10-19 09:56:38 -04:00
Matt Brown
fe294a4dc0 Don’t overwrite true flag 2020-10-18 01:24:36 -04:00
Matt Brown
3c29ffd0b7 Ignore just-coerced vars 2020-10-17 23:35:24 -04:00
Matt Brown
b646414304 Prevent unnecessary assignments 2020-10-17 18:44:42 -04:00
Matt Brown
055fe551c1 Suppress errors from fake statements 2020-10-17 18:35:55 -04:00
Matt Brown
9502e51a08 Fix reversed negation check 2020-10-17 17:46:00 -04:00
Matt Brown
c0f6afbd87 Improve binary op || analysis for chain 2020-10-17 17:16:47 -04:00
Matt Brown
559abb7b6a Fix style 2020-10-17 14:50:14 -04:00
orklah
ceaaa39ec3
improve phpdoc (#4352) 2020-10-17 12:36:44 -04:00
Matt Brown
9f29e77adc Fix #4354 - allow assignments on RHS of || in if conditional 2020-10-17 12:29:57 -04:00
Matt Brown
083cc29c04 Fix #4347 - fix combinatorial expansion when negating if conditions 2020-10-16 10:23:15 -04:00
orklah
ffe7874906
Misc improvements (#4314) 
* extract the operation out of the loop when possible

* remove unnecessary interfaces when already inherited in parent

* simplify expressions

* avoid using alias functions

* redundant phpdoc

* unused imports
 2020-10-15 13:23:35 -04:00
Matt Brown
b69e28f26a Fix default value 2020-10-15 13:20:42 -04:00
Matt Brown
8d2e88ef41 Fix #4333 - don’t get tripped up on try with no catches 2020-10-15 10:15:55 -04:00
Matt Brown
8a2983e5e9 Fix #4336 - don’t merge sources twice for null coalesce 2020-10-15 09:57:37 -04:00
Matt Brown
da257a0fa5 Break apart InstancePropertyFetchAnalyzer and others 2020-10-15 09:21:44 -04:00
Matt Brown
2902a8cc60 Fix #4326 - Prevent later remapping of properties 2020-10-14 21:35:57 -04:00
Matt Brown
b2382cdf18 Use correct count 2020-10-14 18:56:49 -04:00
Matt Brown
4488d5fb1f Use more accurate arguments count 2020-10-14 18:51:15 -04:00
Matt Brown
864a7bbb4c Add better support for get_debug_type 2020-10-14 17:30:08 -04:00
Matt Brown
a0fbac347e Prevent features pre-php-8 2020-10-14 17:09:56 -04:00
Matt Brown
724b25b918 Change control_flow_graph to data_flow_graph 2020-10-13 17:28:12 -04:00
Matt Brown
516141a380 Rename ControlFlowGraph to more appropriate DataFlowGraph 2020-10-13 16:49:03 -04:00
Matt Brown
1ae9a6127e Fix #4315 - prevent crash when setting unknown property in finally 2020-10-13 08:32:26 -04:00
Matt Brown
bb7d7132f7 Do arithmetic for preg_split arguments 2020-10-12 20:26:02 -04:00
orklah
62e79fb7ea
param types (#4313) 2020-10-12 15:46:47 -04:00
orklah
10f2966dcb
return types (#4311) 
* return types

* remove willReturn for void methods
 2020-10-12 15:02:52 -04:00
Matt Brown
fcfa746ba8 Fix #4310 - prevent literal class check on union 2020-10-12 14:45:11 -04:00
Matt Brown
d16c0de872 Add slash 2020-10-12 14:32:44 -04:00
Matt Brown
464795d86c Fix #4309 - improve reuse of callmap callable inference 2020-10-12 13:46:43 -04:00
Matt Brown
7195275993 Fix #4299 - only allow unpacking for the zeroeth-indexed element 2020-10-08 09:51:27 -04:00
Matt Brown
e9b520d72d Ignore precondition issues in loop 2020-10-07 20:24:50 -04:00
Matt Brown
3b19913b44 Unbreak CI 2020-10-07 18:50:30 -04:00
Matt Brown
a9c145a725 Convert numeric literal strings to their int/float equivalents for numeric operations 2020-10-07 18:06:41 -04:00
Matt Brown
443025eab8 Fix addition of int and string type 2020-10-07 18:01:41 -04:00
Matt Brown
c8d4bafb85 Improve accuracy of messages 2020-10-07 17:26:37 -04:00
Matt Brown
c2108e89db Warn about impossible/redundant conditions in RHS of || 2020-10-07 17:04:01 -04:00
Matt Brown
595b8178e0 Improve error message 2020-10-07 15:36:31 -04:00
Matt Brown
54ec83c5ee Use better locations for errors 2020-10-07 13:53:35 -04:00
Matt Brown
639ae61284 Always check LHS of or condition before applying to RHS 2020-10-07 13:40:09 -04:00
feek
8d2db4e673
feature: universal object crates (#3948) 
* feature: universal object crates

* docs: document universal object crate config option

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-10-07 09:56:21 -04:00
Matt Brown
377dc8da8f 4.x - change/remove some default config values 2020-10-05 10:08:41 -04:00
Matt Brown
fb604bfacb 4.x - move class constants into their own storage object 2020-10-05 09:50:32 -04:00
Matt Brown
ea47548dd0 4.x - Prevent AfterFunctionCallAnalysisInterface from rewriting return types 2020-10-04 23:39:20 -04:00
Matt Brown
939297484c 4.x - rename TFn to TClosure 2020-10-04 23:32:01 -04:00
Matt Brown
549b200aa7 Remove mixed assignment issue 2020-10-04 17:53:26 -04:00
Matt Brown
127e66df65 Elevate trait mismatch issues in PHP 8.0 2020-10-03 22:59:43 -04:00
Matt Brown
1a11897849 4.x - add support for the nullsafe operator 2020-10-03 20:21:52 -04:00
Matt Brown
6a91c2f70e Fix @no-named-arguments more 2020-10-02 21:09:37 -04:00
Matt Brown
009b33b17d Support @no-named-args when calling in PHP 8 2020-10-02 20:58:51 -04:00
Matt Brown
5a94043a7f Unbreak gettype support 2020-10-02 20:33:35 -04:00
Matt Brown
63a11bae15 4.x - Support named arguments 
Ref #4089
 2020-10-02 20:27:01 -04:00
Matt Brown
5bcd1bbb75 4.x - add support for get_debug_type function 
Ref #4089
 2020-10-02 19:15:47 -04:00
Matt Brown
74934ffdbb 4.x - rename GetClassT to TDependentGetClass 2020-10-02 18:47:23 -04:00
Matt Brown
c9e47450a7 Fix #4266 - prevent OOM when analysing closure unioned with invokable class 2020-10-02 00:47:42 -04:00
Matt Brown
35081c0d21 Ensure catch variables are marked as used 2020-09-30 13:51:02 -04:00
Matt Brown
fc001cdf65 Treat func_get_args as using function params 2020-09-30 13:08:01 -04:00
Matt Brown
14efde286f 4.x - refactor unused variable detection 
This turns unused variable detection into an explicit control-flow problem, where before we had a more simplistic mark-and-sweep algorithm
 2020-09-30 12:28:13 -04:00
Matt Brown
169b2b7023 Fix analysis when there’s a break in a loop after a reassignment 2020-09-30 00:04:07 -04:00
Brown
19f88a2e31 Add improvements from unused variable checks 2020-09-28 00:45:02 -04:00
Brown
1afbce82ca Ensure loop marks vars as possibly assigned 2020-09-27 17:50:48 -04:00
Brown
4f28b38556 Fix unused var in finally false-positive 2020-09-25 10:20:22 -04:00
Brown
d52d7ef6aa Add extra loops for more reliable analysis 2020-09-25 00:59:58 -04:00
Brown
da65a4327f Move taint graph functionality into its own object 2020-09-25 00:37:40 -04:00
orklah
83ca918824
preg_split can't take null in limit (#4236) 
* preg_split can't take null in limit

* fix wrong type in preg_split
 2020-09-22 13:46:37 -04:00
orklah
37a2f8a33d
unused use statements (#4228) 2020-09-22 01:10:46 -04:00
Brown
3593a120f3 Add missing = true 2020-09-22 01:10:11 -04:00
orklah
250fa8e42d
misc changes (#4227) 
* misc changes

* misc changes
 2020-09-22 00:44:31 -04:00
Brown
275c6bf4e7 Propagate has_returned flag 2020-09-22 00:43:13 -04:00
Brown
3015aca2df Fix fudging var 2020-09-21 16:23:44 -04:00
Brown
b501db6dd2 Skip currently-failing undefined variable test 2020-09-21 16:01:14 -04:00
Brown
cdb2b5caf6 Be a little bit more robust in finally handling 2020-09-21 15:37:10 -04:00
Brown
3e0f449163 Detect more issues inside finally block 2020-09-21 15:16:19 -04:00
Brown
fe94ae0603 Make sure to union try-set vars 2020-09-21 14:33:34 -04:00
Brown
56cddd16bf Rename TaintGraph to ControlFlowGraph because it’s about to do more 2020-09-20 23:59:52 -04:00
Brown
0f6a271858 Improve file-based suppression of taints 2020-09-20 19:37:25 -04:00
Brown
5c23a3d7b3 Localise taint analysis better 2020-09-20 19:26:49 -04:00
Brown
2968b3b065 Add to StatementsAnalyzer taint object instead of Context 2020-09-20 18:42:21 -04:00
Brown
abb9502921 Rename Taint object to TaintGraph 2020-09-20 18:27:02 -04:00
orklah
de16308f2e
useless comparison (#4223) 
* remove unused code

* fix wrong fix
 2020-09-20 13:01:27 -04:00
orklah
24a38f21ce
Use array destructuring when possible (#4221) 
* list usage

* fix inversion
 2020-09-20 12:55:38 -04:00
orklah
1a1b88bb5e
add visibilities to constants (#4219) 2020-09-20 12:54:46 -04:00
Brown
ef3cf67f50 Fix #4198 - make analysis of class-string property assignments more robust 2020-09-20 09:18:35 -04:00
orklah
a9a364e363
Misc improvements (#4216) 
* misc changes

* fix CI
 2020-09-20 08:55:28 -04:00
orklah
b19f0a7034
Remove empty() and use strict comparison when safe (#4211) 
* replace empty usage with stricter checks

* use strict comparison when safe

* replace is_null with === null for consistency
 2020-09-19 18:26:51 -04:00
Brown
1ac527bbf1 Meke staticy methods properly static 2020-09-19 18:24:36 -04:00
Brown
0ae436d335 Fix a couple of false-positive redundant conditions 2020-09-19 18:12:14 -04:00
orklah
191495328a
Fix errors in return types (#4189) 
* FunctionLikeAnalyzer::verifyReturnType returns void

* ArrayFunctionArgumentsAnalyzer::checkArgumentsMatch returns void

* AssertionFinder::scrapeAssertions can't return null
 2020-09-16 17:35:55 -04:00
Brown
dda013dc2e Only refine for matching closure union members 
Ref #4136
 2020-09-15 09:40:27 -04:00
Brown
77e84b3817 Fix a few more things 2020-09-13 23:28:31 -04:00
Brown
c4450b930c Fix various things 2020-09-13 22:39:03 -04:00
Brown
249903e18a Fix style issues 2020-09-13 21:45:07 -04:00
Brown
56bae3b587 Add check for strpos dictionaries 
Ref #4070
 2020-09-13 21:42:44 -04:00
orklah
da47588f91
replace return; by return null; in every non-void method, add return null; when mising, add return types, remove redundant phpdoc (#4176) 2020-09-13 16:39:06 -04:00
ygottschalk
5b0c9b1a28
added array-size max constraint to greater check (#4175) 
added a few unit tests
 2020-09-12 16:13:13 -04:00
Brown
09d22cb05c Fix #4169 - add appropriate bounds check 2020-09-12 11:33:26 -04:00
Toshiyuki Goto
ad437c5265
Workaround to PhpScoper group use bug in Box (#4174) 2020-09-12 11:24:40 -04:00
orklah
ead107fa9e
More return types (#4173) 
* add native return types

* redundant phpdoc
 2020-09-12 11:24:05 -04:00
Brown
6ffe471525 Make new InvalidLiteralArgument issue for strpos refs 
Ref #4070
 2020-09-10 22:54:32 -04:00
Brown
eda426a594 Improve unique issue solution 2020-09-10 22:54:30 -04:00
Brown
aaede393d4 Fix #4070 - prevent literal strpos argument 2020-09-10 18:28:34 -04:00
Brown
fe4af8ff1a Minor fixes 2020-09-07 17:22:43 -04:00
Brown
8737abf3b8 Fix real projects bug 2020-09-07 15:14:14 -04:00
Brown
88e0811cdd Fix #4136 - allow union type properly 2020-09-07 14:08:56 -04:00
Brown
d174fc6f3f Improve fix 2020-09-07 13:19:37 -04:00
Brown
afce416bfb Fix #4136 - allow inference of callabe type param in union of callables 2020-09-07 12:56:47 -04:00
Brown
f78fbbe4c9 Fix #4146 - allow null checks on Iterator::current output 2020-09-07 11:40:36 -04:00
orklah
8c7423505a
add native param types (#4137) 
* add native param types

* redundant phpdoc

* add more param types and adds "?" to nullable types

* remove redundant phpdoc

* add more param types and remove redundant phpdoc

* add more param types and remove redundant phpdoc
 2020-09-06 19:36:47 -04:00
Matthew Brown
422271b2cf Prevent variables named "haystack" from receiving literal strings 
cc @staabm
 2020-09-05 00:35:48 -04:00
Matthew Brown
3605eeee04 Support analysing preg_match_all args in reverse to infer matches type 2020-09-04 20:33:02 -04:00
Brown
4d82d3ddad Fix #4128 - improve understanding of preg_match_all 2020-09-04 18:10:14 -04:00
Brown
22fe7458d8 Break up large method 2020-09-04 17:45:22 -04:00
Brown
f4c2edf40b Fix #4132 - ignore purity of $this when checking for initialisation 2020-09-04 16:46:20 -04:00
orklah
f66d57f19d
add native return types (#4116) 
* add native return types

* remove redundant phpdoc
 2020-09-04 16:26:33 -04:00
Brown
68ebef2a2e Clean up immutable fix 2020-09-03 15:32:14 -04:00
Brown
8505ca2a23 Allow passing mutable object into immutable class to store reference 2020-09-03 15:28:09 -04:00
Brown
bd27e8b17b Fix #4109 - detect duplicate match condition 2020-09-02 20:08:09 -04:00
orklah
73f6fcde48
Short list syntax (#4102) 
* Short list syntax

* revert unrelated CS
 2020-09-02 00:17:41 -04:00
Brown
f105f6aca9 Fix Psalm errors 2020-09-01 13:21:24 -04:00
Brown
b5279cd7d4 Fix erroneous Closure::__invoke return type 2020-09-01 12:33:25 -04:00
Bruce Weirdan
ffb316a9e6
Converted MissingPropertyType to property issue (#4099) 
Fixes vimeo/psalm#2200
 2020-09-01 09:21:03 -04:00
Brown
4f578b42b8 Fix exhaustiveness checks for const value 2020-08-31 23:23:24 -04:00
Brown
ab063e80d7 Keep going 2020-08-31 23:11:16 -04:00
Brown
3cdb13f7ab Fix issues 2020-08-31 23:03:36 -04:00
Brown
940459787a Catch unmatched matches 2020-08-31 22:59:47 -04:00
Brown
9935f647ab Fix some magic method calls when a return type provider exists 2020-08-31 18:56:45 -04:00
Brown
940b673a36 Fix fns 2020-08-30 18:29:28 -04:00
Brown
2cbe89d55a Fix Psalm errors 2020-08-30 16:30:43 -04:00
Brown
5c043b0d41 Ignore redundant conditions inside match potentially in perpetuity? 2020-08-30 16:23:53 -04:00
Brown
54a781ad28 Support match expressions and throw expressions 2020-08-30 16:08:22 -04:00
Brown
92239add4d Add some backwards-incompatible changes for 4.x 2020-08-30 11:44:14 -04:00
Brown
c13b0efd49 Improve understanding of negated count queries 2020-08-30 11:32:01 -04:00
Brown
3ca4a576e7 Fix treatment of closure params in array_map 2020-08-29 11:10:09 -04:00
Brown
df0d426f61 Fix #4081 - better inference of positive ints 2020-08-28 16:38:50 -04:00
Brown
98ce590e9d Remove some redundant calls 2020-08-28 12:48:33 -04:00
Brown
efe143a396 Fix #4077 - always track closure purity 2020-08-28 12:42:55 -04:00
Brown
5f5ce6eb32 Fix typo 2020-08-26 18:16:12 -04:00
Brown
e64d45b644 Fix #4061 - allow indirect null comparison check 2020-08-26 17:58:01 -04:00
Saif Eddin G
5a20092fbd
add pure-callable type (#4066) 2020-08-26 16:51:22 -04:00
Brown
988e17f11d Make clause fully immutable 2020-08-26 15:35:29 -04:00
Brown
b2b329d1a9 Prevent unset on immutable properties 2020-08-26 12:18:34 -04:00
Brown
8ad1c2eeb1 Use immutable data structures for clause calculations 2020-08-26 10:41:47 -04:00
Brown
20e004744f Fix #4064 - assume most iterators are impure 2020-08-25 18:04:36 -04:00
Brown
6ab3e732fb Fix #4038 - don’t remove null types unnecessarily in mixed union 2020-08-25 15:50:33 -04:00
Brown
346d475f55 Create empty params by default for SplObjectStorage 
Fixes #4055
 2020-08-25 11:52:21 -04:00
Brown
2b060b75d3 Fix #4052 - foreach over an iterable is impure 2020-08-25 11:24:57 -04:00
Brown
4e10a0ed6f Fix #4036 - add immutable annotations automatically too 2020-08-24 19:29:00 -04:00
Brown
6103cf0f51 Fix ImpureVariable test 2020-08-23 22:07:02 -04:00
Brown
140d37c7ef Prevent isset on uknown property in pure function 2020-08-23 18:50:17 -04:00
Brown
10f7031080 Prevent use of $this in pure functions 2020-08-23 18:37:46 -04:00
Matthew Brown
ef0486ce35 Add some pure annotations 2020-08-23 13:52:31 -04:00
Matthew Brown
89dd5ee563 Nest new impure checks 2020-08-23 13:39:08 -04:00
Matthew Brown
9418be79cc Restrict pure annotation addition a little more 2020-08-23 13:34:32 -04:00
Matthew Brown
6a8ad1876f Static property fetching is bad 2020-08-23 13:10:47 -04:00
Brown
c8ea4b4e8b Prohibit property fetches from pure contexts except when they’re on immutable objects 2020-08-23 10:57:24 -04:00
Brown
67f9adb33c Allow adding pure annotations to functions 
Ref #4036
 2020-08-23 10:28:26 -04:00
Bruce Weirdan
5bf7cc6434
Resolve typedefs that are used in var docblocks of foreach (#4037) 
Fixes vimeo/psalm#4029
 2020-08-22 08:20:05 -04:00
Brown
ebe37392eb Fix #4019 - new static isn’t static if class is final 2020-08-18 11:25:11 -04:00
Daniel Melchior
17ed440f2e
fix #4013: prevent exception when two mixins declare methods with same name (#4018) 
fixes #4013
 2020-08-18 08:38:30 -04:00
Brown
12798d1cab Prevent access to possibly unset var 2020-08-17 15:25:13 -04:00
Brown
42c3a703b5 Fix #3741 - detect scalar class constants in if-true assertions 2020-08-12 17:03:41 -04:00
m0003r
e81593f359
Localize types on magic properties (#3971) 
* Fix #3949 - localize types on magic properties

* fix failing tests

* fix code style

Co-authored-by: m03r <m03r@m03r.net>
 2020-08-10 12:45:21 -04:00
Brown
6def99d653 Add ConstructorSignatureMismatch issue distinct from MethodSignatureMismatch 2020-08-10 12:26:25 -04:00
kazusuke sasezaki
90a50be9f0
quit using combineUnionTypes, when specific TSend provided. (#3966) 2020-08-09 08:26:10 -04:00
the-toster
3a1c861c43
minor: typo in message (#3960) 2020-08-08 08:08:57 -04:00
Brown
b6d9ee5eb1 Fix things 2020-08-07 12:16:35 -04:00
Brown
e61765ff9b Fix #3954 - catch ComplicatedExpressionException with added workaround 2020-08-07 08:20:35 -04:00
Brown
afce2dc66f Tighten up rules around instantiation a bit more 2020-08-06 10:18:55 -04:00
Matthew Brown
ccd4eaa8e7 Clarify language a little 2020-08-06 09:02:24 -04:00
Brown
bcf0df4170 Fix a bug with lowercase-string unions 2020-08-05 20:05:57 -04:00
Brown
488a899823 Fix Psalm issues 2020-08-05 19:49:09 -04:00
Brown
c0b0036109 Fix #3934 - prevent unsafe use of new static 2020-08-05 19:39:27 -04:00
Brown
e0f5595307 Fix #3932 - try to get assertions of negated expression if instant negation fails 2020-08-05 16:53:30 -04:00
Daniel Melchior
fa73c7c9d9
Fix #3757 - allow multiple mixins (#3772) 2020-08-05 15:49:19 -04:00
Brown
38bfc12b98 Fix array_shift behaviour to be more accurate with lists 
Fixes #3941
 2020-08-05 12:43:37 -04:00
Matthew Brown
9dfdcbef31 Fix #3928 - preserve list-ness when assigning with no offset 2020-08-03 12:30:58 -04:00
Brown
bc053e5ee8 Fix #3923 - remember class name when appending array with key 2020-08-03 01:34:46 -04:00
Matthew Brown
ab64ccab88 Fix #3913 properly 2020-07-31 14:56:29 -04:00
Brown
fd4ced42a7 Don’t register new assignment inside isset expr 2020-07-31 12:44:01 -04:00
Brown
57cd21346c Fix #3914 - treat $i++ like $i = $i + 1 2020-07-31 11:26:54 -04:00
Brown
a8c0d81dc1 Prevent bool > 1 in strict mode 2020-07-30 11:25:47 -04:00
Brown
6949a34ded Put RedundantIdentityWithTrue behind a flag cc @greg0ire 2020-07-30 10:25:59 -04:00
Brown
abe91adbe7 Fix #3801 - convert static to Foo&static when @method is given 2020-07-30 09:42:23 -04:00
Brown
d9d5fdd6c9 Add more rules around positive ints 2020-07-26 18:29:17 -04:00
Brown
4a5f74c091 Add positive-int type 2020-07-26 15:51:55 -04:00
Brown
657f9db2e0 Fix bugs 2020-07-26 15:21:05 -04:00
Brown
23f5d66516 Fix #3897 - support aliasing final methods 2020-07-26 14:46:52 -04:00
Brown
eddd7b8c11 Fix #1916 - support @var docblock annotations in more places 2020-07-26 13:23:21 -04:00
Brown
e398535f9f Fix #3872 - detect namespace violations in non-methods 2020-07-26 10:42:04 -04:00
Grégoire Paris
2f673fbbd7
Detect redundant identity with true (#3893) 
Using === true on a known boolean results in the same boolean.
 2020-07-25 17:27:45 -04:00
Matthew Brown
ab714a40c4 Allow binding of static to current final class 
Ref #3892
 2020-07-25 17:26:07 -04:00
Brown
b1e583ebed Detect concat operation on property 
Ref #3870
 2020-07-24 16:01:45 -04:00
Brown
3687d34a5a Detect bad class constants more explicitly 2020-07-24 15:38:56 -04:00
Brown
cb979262c7 Add slash 2020-07-24 10:51:04 -04:00
Matthew Brown
84945a7d1b Fix #3877 - prevent impossible subtr comparisons 2020-07-24 10:08:57 -04:00
Barney Laurance
ff432ff73d
Simplify error messages and implementation for internal errors (#3881) 
* Use more consistent language for Internal errors

There's no meaningful distinction between something being internal and
being 'marked as internal'.

* Rename property psalm_internal to internal in all storage classes

This property holds metadata that can be set using either @internal
or @psalm-internal in docblocks

* Change types of internal properties in storage from ?string to string

Simpler type is easier to handle. Non-internal methods can be considered
to be internal to the entire universe of PHP code, i.e. that code whose
namespace starts with the empty string. It's not a special case.
 2020-07-24 09:32:54 -04:00
Brown
344a732829 Warn about simple assignments 2020-07-23 02:40:35 -04:00
Barney Laurance
3bc91b9944
Fix multiple issues with @internal and @psalm-internal (#3841) 
* Add passing tests for property fetch on an @internal class

I'm trying to work out why the equivilent InvalidCodeParse test is
failing for PsalmInternal

* Treat all properties of a psalm-internal class as psalm-internal

* Remove all $internal properties from storage - use psalm_internal instead

@internal can be represented as internal to the namespace root, avoiding
the need to check for both properties in storage later.

* Raise InternalClass issue when an internal class is used with e.g. instanceOf

* fix docs and tests

* Add return type declartion to code example in doc

* Don't allow class psalm-internal to overide a tighter method psalm-internal

* Break up long line

* Code style - move && from EOL to SOL

* Restore misplaced &&

* Fix code style

* Fix namespace fetching so it works

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-07-22 19:27:35 -04:00
Brown
983f233026 Improve unpacking 2020-07-22 00:35:18 -04:00
Brown
962265e98e Hopefully final fixes 2020-07-21 23:59:11 -04:00
Brown
7ef3d4711f Fix some more tests 2020-07-21 23:16:56 -04:00
Brown
76bd5b6278 Refactor type comparison 2020-07-21 19:40:35 -04:00
Brown
3ce5478e5e Fix what source we give the afterMethodCall analysis hook 2020-07-21 15:00:47 -04:00
Brown
ae89a71c84 Prevent false-positive comparing template to true 2020-07-21 12:59:50 -04:00
Brown
223b0619c5 Fix #3858 - support @psalm-assert falsy for abort_if expressions 2020-07-21 12:55:11 -04:00
Gregor Harlan
5212bd1f9c
Readonly: allow assignments in __unserialize (#3845) 2020-07-20 04:50:50 -04:00
Evgeniy
2c51f47ff6
Fix invalid UndefinedClass using array|callable (#3842) 
* Do not treat string array argument as callable if it can be traeted just as string array.

* cs
 2020-07-20 04:50:07 -04:00
Brown
9ca8fb80b7 Carry over taints after @var docblock type hints 2020-07-17 11:30:44 -04:00
Brown
26a61c47c0 Prevent mixed erasure in get_class call 2020-07-16 13:56:42 -04:00
Brown
a2dbd31371 Fix usage of array_push results 2020-07-16 13:44:51 -04:00
Brown
262bb9fd89 Invalidate memoized getter method results after property assignment 2020-07-16 12:59:49 -04:00
Brown
b361b44889 Rip out plain getter property logic cc @m0003r 
It gets in the way of the other IMO more useful memoisation logic (e.g. when a getter is declared final)
 2020-07-16 12:42:59 -04:00
Brown
96bfd144df Fix #3825 - ensure final getters are treated as mutation free 2020-07-16 11:58:27 -04:00
kesselb
aaba3a08ec
Add option to supress a referenced but undefined global variable. (#3827) 2020-07-16 09:49:59 -04:00
Brown
8fbc8de98a Fix #3820 - don’t treat a method call as memoisable if it has assertions 2020-07-15 15:09:19 -04:00
Brown
3c9028c182 Fix #3808 - allow detection of paradoxes in switch condition function calls 2020-07-14 10:51:12 -04:00
Brown
f0a5463834 Catch string subtypes that cannot be identical 2020-07-14 10:08:31 -04:00
Brown
2399643472 Fix #3811 - allow more complex negations inside boolean expressions 2020-07-13 21:31:58 -04:00
Brown
9177ad5ce0 Add back fix 2020-07-10 17:13:11 -04:00
Brown
8d022307d2 Fix #3797 - prevent many chained assignments crashing Psalm 2020-07-10 16:49:45 -04:00
Brown
d71f12d250 Fix #3802 - allow increment inside isset expression 2020-07-10 16:14:24 -04:00
Brown
4f872674f9 Add space 2020-07-10 14:40:25 -04:00
Brown
cd8420aa94 Skip optimisation for unpacked args 2020-07-10 13:04:37 -04:00
Brown
d8eca89b44 Remove redundancy 2020-07-10 10:35:26 -04:00
Brown
38fdf4bef6 Treat array_push($a, ... as $a[]= ... 2020-07-10 10:20:02 -04:00
Brown
bf7bcc0dca Fix #3779 - allow ParadoxicalCondition of default to be suppressed 2020-07-08 14:51:20 -04:00
Brown
33a834bb0b Fix some property inference bugs 2020-07-08 14:43:36 -04:00
Brown
619c384509 Add indentation as necessary between property docblocks 2020-07-08 14:32:16 -04:00
Brown
f173ef6ef0 Add mixed types to prevent bad recommendations 2020-07-08 12:18:36 -04:00
Brown
0034f2e4bd Don’t manipulate property storage during analysis 2020-07-07 19:32:44 -04:00
Brown
1b498e6dae Remove unused variable 2020-07-06 17:41:07 -04:00
Brown
eb3ce8d368 Remove unused code 2020-07-06 15:39:52 -04:00
Brown
ada2fe033e Remove comma 2020-07-05 15:21:44 -04:00
Brown
ab6df0a5d1 Fix #3753 - resolve self-references in trait as statements earlier 2020-07-05 12:05:25 -04:00
Brown
42a3cedd31 Fix #3742 - add null to type after possibly null array access 2020-07-05 09:12:07 -04:00
jarstelfox
3096afed99
Fix echo false issue (#3751) 
* Echo: add failing test case

echo false; is a noop, not an issue

* Echo: Fix failing test case
 2020-07-05 08:55:42 -04:00
Brown
44d7f51857 Generalise init vars inside for loops 
Ref #3085
 2020-07-03 11:13:44 -04:00
Brown
6419788a49 Remove false from template param as necessary 
Fixes #3737
 2020-07-03 01:07:50 -04:00
Brown
1745f5cafa Fix too-long line 2020-07-02 15:32:13 -04:00
Brown
0c582e9993 Fix #3685 - improve handling of if conditionals inside do 2020-07-02 13:59:59 -04:00
Brown
cf1a8ac5fc Suppress taints in instance properties 2020-07-02 12:08:42 -04:00
Brown
67b2edc328 Allow more things to be suppressed with @psalm-suppress TaintedInput 2020-07-02 11:53:51 -04:00
Brown
ea82cdc6ea Fix #3726 - infer generic template from class-string 2020-07-02 01:11:46 -04:00
Brown
ae7c5b095b Fix #3712 - allow taints to be suppressed with @psalm-suppress 2020-07-01 23:23:45 -04:00
Brown
0f548c83ea Fix redundant condition 2020-07-01 19:31:10 -04:00
Brown
6c62e46d15 Only emit one error for erroneous array_map string closure types 2020-07-01 19:18:01 -04:00
Brown
70ab4c18f4 Fix #3720 - allow literal unions in keys to map to object-like arrays 2020-07-01 18:57:19 -04:00
Olle Härstedt
d8e8ce428e
Add new annotation: @psalm-self-out (#3650) 
* Add new config: sealAllMethods

* Add some more tests

* Fix codesniffer issue with preg_quote

* Fix missing method in test

* New tag @self-out (WIP)

* Add self_out_type to method storage

* Add some notes

* More work on self-out (WIP)

* More work on self-out (WIP)

* Use psalm-self-out instead of self-out

* Remove extra file

* Cleanup

* Wrap around try-catch - how to check if a method has/should have storage?

* New method hasStorage()

* Fix indentation

* Fix some errors

* Fix indentation

* Cast storage type to type

* Add proper use-statement in method storage

* Correct test class name

* Allow self_out to be null

* method_id can be string (why, when?)

Co-authored-by: Olle <noemail>
 2020-07-01 18:10:24 -04:00
Brown
e13da22292 Allow cloning interfaces 2020-07-01 11:14:31 -04:00
Brown
fca350c498 Prevent a few crashes with really bad code 2020-07-01 10:30:10 -04:00
Brown
6047b7b6cb Fix #3719 - prevent crash when cloning missing class 2020-07-01 10:10:55 -04:00
Brown
671009a70c Specialize constructor taints cc @TysonAndre 2020-06-29 21:08:43 -04:00
Brown
ab29ac0e51 Only cast in echo when tracking taints 2020-06-29 15:06:11 -04:00
Brown
cff976049d Remove unused vars 2020-06-29 13:24:05 -04:00
Brown
f6e2e0a84a Perform string casting for taints in ArgumentAnalyzer 2020-06-29 13:21:33 -04:00
Brown
45c21853e5 Fix #3709 - don’t crash on inherited __toString tainting 2020-06-29 12:11:11 -04:00
Brown
aab90fb74e Fix Psalm errors 2020-06-29 09:29:19 -04:00
Brown
38977d797e Fix #3697 - cast types via implied __toString method 2020-06-29 09:13:19 -04:00
Brown
b54b832838 Break out method call tainting 2020-06-29 00:14:49 -04:00
Brown
559b3d3471 Fix #3681 - taint exit like echo 2020-06-25 17:17:08 -04:00
Brown
95bf7f835b Improve handling of array_map, faking out calls where nececssary 2020-06-25 13:05:34 -04:00
Brown
b84cf74754 Fix #3668 - taint property types for magic properties without @property 2020-06-25 00:24:37 -04:00
Brown
dd25b81d3a Fix #3670 - taint mixed foreach access 2020-06-24 19:16:30 -04:00
Brown
a6c7a48387 Add support for argument unpacking 
Ref #3670
 2020-06-24 18:43:15 -04:00
Tyson Andre
1670848267
Mark print() statement as the same sink type as echo (#3669) 2020-06-24 17:23:16 -04:00
Brown
7a7cd91c24 Fix #3631 - better treatment for assignments in complex conditionals 2020-06-24 13:16:52 -04:00
Brown
9aa0aca949 Fix handling of coerced callmap args 2020-06-24 11:51:31 -04:00
Brown
c29b3744ec Change storage of out types 2020-06-24 11:51:31 -04:00
Brown
6a746b65ea Fix #3655 - taint encapsulated strings 2020-06-23 16:38:59 -04:00
Brown
13fc8a75fd Allow taints to flow where no return type exists 
Fixes #3652
 2020-06-23 15:52:19 -04:00
Brown
f72b609d42 Fix #3642 - detect missing property when name matches 2020-06-23 13:12:46 -04:00
Brown
4d6fc4d0ca Fix get_class($foo) === static::class checks 2020-06-23 13:11:19 -04:00
Brown
1f86afece7 Revert "Fix #3631 - apply assertions to RHS of equality in conditional" 
This reverts commit 9c17795545.
 2020-06-22 20:01:27 -04:00
Brown
fc8212e207 Fix static call specialisation via annotation 2020-06-22 18:40:43 -04:00
Brown
e8be2c500e Support taint flows in more functions 2020-06-22 17:53:03 -04:00
Brown
7f05b3c530 Add $_REQUEST as a taint source 
Ref #3636
 2020-06-22 17:16:15 -04:00
Brown
9c17795545 Fix #3631 - apply assertions to RHS of equality in conditional 2020-06-22 15:16:16 -04:00
Brown
dddc159694 Add explicit path object 2020-06-22 02:10:03 -04:00
Brown
36f1630e03 Add more steps for clearer output 2020-06-22 01:08:58 -04:00
Brown
02e8313c39 Allow taintedness to propagate to some stubbed methods 2020-06-21 18:07:39 -04:00
Brown
07adecc6eb Use correct method id when creating taints 2020-06-21 02:06:08 -04:00
Brown
dc83c2e2fc Add annotation for taint sources 2020-06-21 00:58:56 -04:00
Brown
f21d3a8346 Remove html and sql taints for simple preg_replace patterns 2020-06-20 23:11:42 -04:00
Brown
8edee96d8d Fix taint regression 2020-06-20 18:10:01 -04:00
Brown
80ed1daf33 Allow static method mixin to invoke instance method 2020-06-20 18:05:35 -04:00
Ilija Tovilo
2f646d29db
Fix #3607 - constant string class reference with leading backslash (#3612) 2020-06-19 18:02:39 -04:00
Andrei Petre
6024fe4761
use original case in error messages when reporting undefined methods (#3615) 2020-06-19 11:51:08 -04:00
Brown
b1c836e5f3 Improve specialisation after call 2020-06-19 01:59:45 -04:00
Brown
8f2e28c36b Improve tainting of specializable classes 2020-06-19 01:22:51 -04:00
Brown
eecdc43ce7 Remove stray commas 2020-06-18 20:15:38 -04:00
Brown
49f0592794 Improve tracking of array taints 2020-06-18 18:48:19 -04:00
Brown
562a7c1ca4 Track taints from all tainted arrays 2020-06-18 13:45:58 -04:00
Brown
7d9a99a956 Fix #3609 - interpret strings as regular static calls 2020-06-18 11:56:08 -04:00
Brown
f609a01497 Move static property fetch analyzer to own class 2020-06-18 11:53:24 -04:00
Bruce Weirdan
6fb63903c1
Infer better types for magic constants used in const initializers (#3602) 
Fixes vimeo/psalm#3464
 2020-06-18 09:48:51 -04:00
Brown
137647a1a0 Fix #3603 - better typed value comparisons for loose equality 2020-06-18 09:31:38 -04:00
Olle Härstedt
e1cc27f7a2
Add new config: sealAllMethods (#3578) 
* Add new config: sealAllMethods

* Add some more tests

* Fix codesniffer issue with preg_quote

* Fix missing method in test

Co-authored-by: Olle <noemail>
 2020-06-15 22:36:42 -04:00
Brown
03e9649d49 Fix tainting of function calls absent taintable params 2020-06-15 20:59:48 -04:00
Brown
bbada7ba8d Ensure correct vars are used 2020-06-15 17:16:12 -04:00
Brown
05cb39814c Improve performance of long switch checks 2020-06-15 16:23:19 -04:00
Brown
8c5a434dc8 Allow updating array by reference 2020-06-15 14:45:08 -04:00
Matthew Brown
081a284759 Fix #3567 - remember which variables a callable sets byref in use 2020-06-14 11:58:50 -04:00
Matthew Brown
a49a0e5650 Fix #3551 - count method can be impure 2020-06-14 11:06:53 -04:00
Matthew Brown
683bde9540 Fix #3573 - allow UnnecessaryVarAnnotation to be suppressed 2020-06-13 16:48:10 -04:00
Matthew Brown
edb2b4c5ef Get type of requires 2020-06-13 15:48:12 -04:00
Brown
9bfe50b20a Always analyse cast expressions 
Fixes #3577
 2020-06-12 17:25:46 -04:00
Brown
45ea5d0bfe Add a couple more shortcuts for common pattern 
Fixes #3563
 2020-06-12 11:18:34 -04:00
Brown
9ca6c868b7 Fix #3563 - add workaround for == true 2020-06-12 10:58:44 -04:00
Brown
5617e9d7c9 Fix array_values call 2020-06-09 19:06:08 -04:00
Brown
286a8f911a Add support for static mixin calls 
Fixes #3552
 2020-06-09 18:39:52 -04:00
Matthew Brown
91e76f7173 Fix #3536 - Make method return type provider aware of original called method 2020-06-06 23:35:08 -04:00
Matthew Brown
0ac739fd48 Fix #3534 - allow magic method call on mixin 2020-06-06 23:28:32 -04:00
Matthew Brown
ce445636e7 Fix #3535 - match template param class constants properly 2020-06-06 20:02:14 -04:00
Matthew Brown
74a34f066c Don’t check classes if literal strings are allowed 
Fixes #3538
 2020-06-06 19:31:42 -04:00
Brown
fcf0a681d9 Fix #3531 - ignore mixed returns from template 2020-06-06 10:33:49 -04:00
Brown
cf92361338 Fix #3522 - only use property pass-through when it’s visible 2020-06-04 16:15:07 -04:00
Brown
a4aa44494f Fix #3519 - prevent empty callable string 2020-06-04 15:40:53 -04:00
Matthew Brown
c9ee691595
Fix suppression 2020-06-04 09:55:32 -04:00
Brown
fd74d3284d Add support for PHPParser 4.5.0 2020-06-03 14:58:08 -04:00
Brown
7caaa64825 Fix #3418 - don’t override with send type when @psalm-yield is given 2020-06-02 13:27:17 -04:00
Brown
4e21e54ee1 Fix #3491 - provide correct types for substitution 2020-05-30 19:11:41 -04:00
El Azimov
bed5a74065
Add wildcard support for class constants in template. (#3489) 
Co-authored-by: El Azimov <el.azimov@rocks>
 2020-05-30 16:55:18 -04:00
Brown
db67be5965 Fix #3483 - analyse variable static property access properly 2020-05-29 09:28:34 -04:00
feek
5330dcbd7a
fix: pass along final (#3471) 2020-05-28 01:59:24 -04:00
still-dreaming-1
1bb884bd84
__TRAIT__ can be string or non-empty-string (#3469) 
depending on whether or not it is used from inside a __TRAIT__
 2020-05-27 19:23:46 -04:00
still-dreaming-1
9189335715
Fixes #3464 by typing __DIR__, __TRAIT__, and __FILE__ as non-empty-s… (#3468) 
* Fixes #3464 by typing __DIR__, __TRAIT__, and __FILE__ as non-empty-string

* __TRAIT__ should stay string in case used outside a trait

Co-authored-by:  <jesse@LAPTOP-73CA4O5T.localdomain>
 2020-05-27 18:21:26 -04:00
Brown
3c60609c21 Support better mixin handling 2020-05-27 11:12:09 -04:00
Brown
9b413cfccc Improved understanding of array_key_exists 
Fixes #3463
 2020-05-27 09:03:36 -04:00
Brown
ef53ee3a3b Fix crash on aliased exception 
Ref #3465
 2020-05-27 08:09:58 -04:00
Brown
769ac5c052 Fix #3458 - scope templated mixin accurately 2020-05-26 23:32:07 -04:00