danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-12-15 19:07:00 +01:00
Code Issues Projects Releases Wiki Activity
7,062 Commits 43 Branches 314 Tags 108 MiB
afce2dc66f
Commit Graph

1806 Commits

Author SHA1 Message Date
Brown
fca350c498 Prevent a few crashes with really bad code 2020-07-01 10:30:10 -04:00
Brown
6047b7b6cb Fix #3719 - prevent crash when cloning missing class 2020-07-01 10:10:55 -04:00
Brown
4c368da75e Fix #3721 - prevent crash on empty @method 2020-07-01 09:00:33 -04:00
Brown
17558a5c0e Fix #3676 - add multiline output for TaintedInput issues 2020-06-30 13:17:51 -04:00
Brown
671009a70c Specialize constructor taints cc @TysonAndre 2020-06-29 21:08:43 -04:00
Brown
ab29ac0e51 Only cast in echo when tracking taints 2020-06-29 15:06:11 -04:00
Brown
cff976049d Remove unused vars 2020-06-29 13:24:05 -04:00
Brown
f6e2e0a84a Perform string casting for taints in ArgumentAnalyzer 2020-06-29 13:21:33 -04:00
Brown
45c21853e5 Fix #3709 - don’t crash on inherited __toString tainting 2020-06-29 12:11:11 -04:00
Brown
aab90fb74e Fix Psalm errors 2020-06-29 09:29:19 -04:00
Brown
38977d797e Fix #3697 - cast types via implied __toString method 2020-06-29 09:13:19 -04:00
Brown
b54b832838 Break out method call tainting 2020-06-29 00:14:49 -04:00
Brown
bcd7478352 Reduce memory footprint a little 2020-06-25 19:12:30 -04:00
Brown
559b3d3471 Fix #3681 - taint exit like echo 2020-06-25 17:17:08 -04:00
Brown
95bf7f835b Improve handling of array_map, faking out calls where nececssary 2020-06-25 13:05:34 -04:00
Brown
b84cf74754 Fix #3668 - taint property types for magic properties without @property 2020-06-25 00:24:37 -04:00
Brown
dd25b81d3a Fix #3670 - taint mixed foreach access 2020-06-24 19:16:30 -04:00
Brown
a6c7a48387 Add support for argument unpacking 
Ref #3670
 2020-06-24 18:43:15 -04:00
Tyson Andre
1670848267
Mark print() statement as the same sink type as echo (#3669) 2020-06-24 17:23:16 -04:00
Brown
7a7cd91c24 Fix #3631 - better treatment for assignments in complex conditionals 2020-06-24 13:16:52 -04:00
Brown
9aa0aca949 Fix handling of coerced callmap args 2020-06-24 11:51:31 -04:00
Brown
c29b3744ec Change storage of out types 2020-06-24 11:51:31 -04:00
Brown
96d05ab06b Fix #3654 - use correct function id for namespaced functions 2020-06-23 16:53:11 -04:00
Brown
6a746b65ea Fix #3655 - taint encapsulated strings 2020-06-23 16:38:59 -04:00
Brown
13fc8a75fd Allow taints to flow where no return type exists 
Fixes #3652
 2020-06-23 15:52:19 -04:00
Brown
f72b609d42 Fix #3642 - detect missing property when name matches 2020-06-23 13:12:46 -04:00
Brown
4d6fc4d0ca Fix get_class($foo) === static::class checks 2020-06-23 13:11:19 -04:00
Brown
1f86afece7 Revert "Fix #3631 - apply assertions to RHS of equality in conditional" 
This reverts commit 9c17795545.
 2020-06-22 20:01:27 -04:00
Brown
fc8212e207 Fix static call specialisation via annotation 2020-06-22 18:40:43 -04:00
Brown
e8be2c500e Support taint flows in more functions 2020-06-22 17:53:03 -04:00
Brown
7f05b3c530 Add $_REQUEST as a taint source 
Ref #3636
 2020-06-22 17:16:15 -04:00
Brown
9c17795545 Fix #3631 - apply assertions to RHS of equality in conditional 2020-06-22 15:16:16 -04:00
Brown
dddc159694 Add explicit path object 2020-06-22 02:10:03 -04:00
Brown
36f1630e03 Add more steps for clearer output 2020-06-22 01:08:58 -04:00
Brown
02e8313c39 Allow taintedness to propagate to some stubbed methods 2020-06-21 18:07:39 -04:00
Brown
fbe3433edd Use escape terminology 2020-06-21 11:43:08 -04:00
Brown
07adecc6eb Use correct method id when creating taints 2020-06-21 02:06:08 -04:00
Brown
dc83c2e2fc Add annotation for taint sources 2020-06-21 00:58:56 -04:00
Brown
f21d3a8346 Remove html and sql taints for simple preg_replace patterns 2020-06-20 23:11:42 -04:00
Brown
8edee96d8d Fix taint regression 2020-06-20 18:10:01 -04:00
Brown
80ed1daf33 Allow static method mixin to invoke instance method 2020-06-20 18:05:35 -04:00
Brown
2c5c9e95e1 Don’t add two @return docblocks after @method 2020-06-20 15:30:47 -04:00
Brown
edbeec2c6a Fix @method annotation namespacing 2020-06-20 15:18:22 -04:00
Ilija Tovilo
2f646d29db
Fix #3607 - constant string class reference with leading backslash (#3612) 2020-06-19 18:02:39 -04:00
Andrei Petre
6024fe4761
use original case in error messages when reporting undefined methods (#3615) 2020-06-19 11:51:08 -04:00
Brown
b1c836e5f3 Improve specialisation after call 2020-06-19 01:59:45 -04:00
Brown
8f2e28c36b Improve tainting of specializable classes 2020-06-19 01:22:51 -04:00
Brown
078b8b7b1a Fix #3618 - add way to load non-analyzed files 2020-06-19 00:13:09 -04:00
Brown
eecdc43ce7 Remove stray commas 2020-06-18 20:15:38 -04:00
Brown
49f0592794 Improve tracking of array taints 2020-06-18 18:48:19 -04:00
Brown
562a7c1ca4 Track taints from all tainted arrays 2020-06-18 13:45:58 -04:00
Brown
7d9a99a956 Fix #3609 - interpret strings as regular static calls 2020-06-18 11:56:08 -04:00
Brown
f609a01497 Move static property fetch analyzer to own class 2020-06-18 11:53:24 -04:00
Bruce Weirdan
6fb63903c1
Infer better types for magic constants used in const initializers (#3602) 
Fixes vimeo/psalm#3464
 2020-06-18 09:48:51 -04:00
Brown
137647a1a0 Fix #3603 - better typed value comparisons for loose equality 2020-06-18 09:31:38 -04:00
Brown
0a8b9b56ab Fix #3600 - conditional return should be removed before comparison 2020-06-17 12:57:50 -04:00
Olle Härstedt
e1cc27f7a2
Add new config: sealAllMethods (#3578) 
* Add new config: sealAllMethods

* Add some more tests

* Fix codesniffer issue with preg_quote

* Fix missing method in test

Co-authored-by: Olle <noemail>
 2020-06-15 22:36:42 -04:00
Brown
03e9649d49 Fix tainting of function calls absent taintable params 2020-06-15 20:59:48 -04:00
Brown
bbada7ba8d Ensure correct vars are used 2020-06-15 17:16:12 -04:00
Brown
05cb39814c Improve performance of long switch checks 2020-06-15 16:23:19 -04:00
Brown
8c5a434dc8 Allow updating array by reference 2020-06-15 14:45:08 -04:00
Matthew Brown
081a284759 Fix #3567 - remember which variables a callable sets byref in use 2020-06-14 11:58:50 -04:00
Matthew Brown
a49a0e5650 Fix #3551 - count method can be impure 2020-06-14 11:06:53 -04:00
Matthew Brown
683bde9540 Fix #3573 - allow UnnecessaryVarAnnotation to be suppressed 2020-06-13 16:48:10 -04:00
Matthew Brown
19ba53f28c Fix too-long line 2020-06-13 16:45:54 -04:00
Matthew Brown
edb2b4c5ef Get type of requires 2020-06-13 15:48:12 -04:00
Andrei Petre
3497ca07b6
Extending final class is prohibited #3037 (#3576) 2020-06-13 00:29:59 -04:00
Brown
9bfe50b20a Always analyse cast expressions 
Fixes #3577
 2020-06-12 17:25:46 -04:00
Brown
211f014356 Fix #3571 - make callable():void valid for callable():?Foo 2020-06-12 14:26:31 -04:00
Brown
45ea5d0bfe Add a couple more shortcuts for common pattern 
Fixes #3563
 2020-06-12 11:18:34 -04:00
Brown
9ca6c868b7 Fix #3563 - add workaround for == true 2020-06-12 10:58:44 -04:00
Brown
5617e9d7c9 Fix array_values call 2020-06-09 19:06:08 -04:00
Brown
286a8f911a Add support for static mixin calls 
Fixes #3552
 2020-06-09 18:39:52 -04:00
Brown
a6c0991073 Fix #3532 - expand type alias types recursively 2020-06-07 12:01:04 -04:00
Matthew Brown
91e76f7173 Fix #3536 - Make method return type provider aware of original called method 2020-06-06 23:35:08 -04:00
Matthew Brown
0ac739fd48 Fix #3534 - allow magic method call on mixin 2020-06-06 23:28:32 -04:00
Matthew Brown
ce445636e7 Fix #3535 - match template param class constants properly 2020-06-06 20:02:14 -04:00
Matthew Brown
74a34f066c Don’t check classes if literal strings are allowed 
Fixes #3538
 2020-06-06 19:31:42 -04:00
Brown
4f87cca55b Fix #3537 - improve parsing for @mixin annotations 2020-06-06 18:15:24 -04:00
Brown
fcf0a681d9 Fix #3531 - ignore mixed returns from template 2020-06-06 10:33:49 -04:00
Brown
438eb17e58 Fix #3367 - ensure --diff works after second run, not third 2020-06-05 12:09:38 -04:00
Brown
cf92361338 Fix #3522 - only use property pass-through when it’s visible 2020-06-04 16:15:07 -04:00
Brown
a4aa44494f Fix #3519 - prevent empty callable string 2020-06-04 15:40:53 -04:00
Matthew Brown
c9ee691595
Fix suppression 2020-06-04 09:55:32 -04:00
Brown
fd74d3284d Add support for PHPParser 4.5.0 2020-06-03 14:58:08 -04:00
Brown
7caaa64825 Fix #3418 - don’t override with send type when @psalm-yield is given 2020-06-02 13:27:17 -04:00
Brown
be8fd3ea19 Fix #3481 - treat an iterable like a Traversable when comparing to object 2020-05-31 01:22:43 -04:00
Brown
86b894eca5 Treat iterables as traversable when comparing to named object 2020-05-31 00:55:45 -04:00
Brown
4e21e54ee1 Fix #3491 - provide correct types for substitution 2020-05-30 19:11:41 -04:00
El Azimov
bed5a74065
Add wildcard support for class constants in template. (#3489) 
Co-authored-by: El Azimov <el.azimov@rocks>
 2020-05-30 16:55:18 -04:00
orklah
1621a9f3ea
Add checks for duplicated params and returns (#3487) 2020-05-30 16:54:16 -04:00
Brown
db67be5965 Fix #3483 - analyse variable static property access properly 2020-05-29 09:28:34 -04:00
Brown
30907f0269 Clean up comment parsing 2020-05-28 22:14:41 -04:00
Brown
b932163d5d Make parser a little cleaner 2020-05-28 14:31:17 -04:00
feek
5330dcbd7a
fix: pass along final (#3471) 2020-05-28 01:59:24 -04:00
still-dreaming-1
1bb884bd84
__TRAIT__ can be string or non-empty-string (#3469) 
depending on whether or not it is used from inside a __TRAIT__
 2020-05-27 19:23:46 -04:00
still-dreaming-1
9189335715
Fixes #3464 by typing __DIR__, __TRAIT__, and __FILE__ as non-empty-s… (#3468) 
* Fixes #3464 by typing __DIR__, __TRAIT__, and __FILE__ as non-empty-string

* __TRAIT__ should stay string in case used outside a trait

Co-authored-by:  <jesse@LAPTOP-73CA4O5T.localdomain>
 2020-05-27 18:21:26 -04:00
Brown
3c60609c21 Support better mixin handling 2020-05-27 11:12:09 -04:00
Brown
9b413cfccc Improved understanding of array_key_exists 
Fixes #3463
 2020-05-27 09:03:36 -04:00
Brown
ef53ee3a3b Fix crash on aliased exception 
Ref #3465
 2020-05-27 08:09:58 -04:00
Brown
769ac5c052 Fix #3458 - scope templated mixin accurately 2020-05-26 23:32:07 -04:00
Brown
d04e21ee5a Define mixin declaring classname 2020-05-26 23:32:07 -04:00
Brown
3da3d61270 Fix #3434 by removing extraneous call to simplifyType 2020-05-26 17:55:54 -04:00
Brown
0ef00f5756 Fix #3460 - allow isset checks on static properties 2020-05-26 17:40:27 -04:00
Brown
f0a5bd74b6 Detect never-return statement same as a throw 2020-05-26 15:02:23 -04:00
Brown
a2b6326a84 Change specialize-call to taint-specialize 2020-05-26 14:18:43 -04:00
Brown
ecb179c784 Migrate min/max function calls back to CallMap 2020-05-26 12:28:56 -04:00
Brown
a266d4748b Fix build 2020-05-26 07:50:11 -04:00
Brown
953be61cf2 Allow limiting connected taint paths 2020-05-25 23:28:11 -04:00
Brown
7e7456c863 Make taint checks more thorough 2020-05-25 17:10:53 -04:00
Brown
2e6fc24867 Template callmap methods too 
Fixes #3453
 2020-05-25 14:21:06 -04:00
Brown
118b700436 Simplify sink mapping for internal calls 2020-05-25 13:10:06 -04:00
Brown
be847472a2 Fix #3453 - allow conditional return types on instance methods 2020-05-25 09:39:30 -04:00
Brown
3416e33348 Fix indentation 2020-05-25 01:23:28 -04:00
Brown
240b2f898c Add some negative test cases for @mixin 
Also fix #3452
 2020-05-25 00:19:52 -04:00
Matthew Brown
806db80d63 Fix #3440 - literal string doesn’t contain numeric-string 2020-05-24 22:42:08 -04:00
Brown
ff5c17c044 Switch subtype messagearg order 2020-05-24 09:43:54 -04:00
Brown
92a9a7efdf Handle flows into arguments a little better 2020-05-23 23:54:16 -04:00
Matthew Brown
1d17c02fba Fix #3442 - support broader type after initial array assignment 2020-05-23 23:23:50 -04:00
Brown
a198b09eb7 Add intermediary concat op node 2020-05-23 21:38:09 -04:00
Brown
f5a0622ad2 Fix style 2020-05-23 08:06:31 -04:00
Matthew Brown
0dee85d0b7
Remove redundancy 2020-05-23 01:48:56 -04:00
Brown
16af6a5773 Improve concat taint propagation 2020-05-23 01:11:16 -04:00
Brown
ee493909d7 Fix bugs 2020-05-23 00:08:16 -04:00
Brown
10c106f7eb Add eval sink 2020-05-23 00:03:29 -04:00
Brown
dc73e25157 Detect taints in include calls 2020-05-22 23:53:37 -04:00
Brown
e72288c85f Don’t error on badly-formatted taint annotation 2020-05-22 22:38:03 -04:00
Brown
e82c317d53 Adjust tolerances 2020-05-22 21:37:18 -04:00
Brown
fb3cb2c4d1 Only use plain return type if we’re not memoizing 2020-05-22 17:05:39 -04:00
Brown
4b1c3db760 Don’t memoize method call where we have a getter standin 
Fixes #3427
 2020-05-22 15:54:32 -04:00
Brown
27a009fd69 Fix #3417 - Treat $this as static-y 2020-05-22 13:32:26 -04:00
Brown
8632cdb3cd Improve taint tracking during scanning phase 2020-05-22 12:33:48 -04:00
Brown
63c3678ae5 Improve property location resolution 2020-05-22 12:33:38 -04:00
Matthew Brown
187b944680 Add faster taint analysis 2020-05-22 12:33:29 -04:00
Joe Hoyle
6f28d741bc
Display variable assignment type in LSP hovers (#3401) 
* Add node references for variable assignments

* Break up line

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-05-20 17:40:22 -04:00
Matthew Brown
3effdc5b69 Improve yield type substitution 2020-05-20 09:12:24 -04:00
Brown
2ec76f01c2 Fix redundant condition 2020-05-19 20:11:25 -04:00
Brown
27cb660377 Respect possibly-undefined array keys while merging 
Fixes #3393
 2020-05-19 20:10:01 -04:00
Brown
a4141a7581 Fix #3327 - convert void to null when comparing conditional type with nullable 2020-05-19 19:48:11 -04:00
Brown
f335560b69 Allow setting property on templated type 2020-05-19 17:31:05 -04:00
Brown
a3214012a6 Only convert userland functions 2020-05-19 16:15:41 -04:00
Brown
4415e0f69c Fix special case calling callable param with string non-global function 
Fixes #3411
 2020-05-19 15:48:31 -04:00
Brown
b5ae0167a2 Fix typo 2020-05-19 14:58:53 -04:00
Brown
b38d945b12 Cast null and false to empty string 
Ref #3408
 2020-05-19 14:53:06 -04:00
Brown
0b2da18f1e Break up StatementsAnalyzer 2020-05-19 12:56:30 -04:00
Brown
666cc3b4c9 Fix BinaryOp analysis 2020-05-18 23:00:53 -04:00
Brown
8e5b330c5a Break apart CallAnalyzer 2020-05-18 22:57:00 -04:00
Brown
5b06c206e0 Move classes into deeper namespace 2020-05-18 22:52:33 -04:00
Brown
ace049a068 Beautify BinaryOpAnalyzer 2020-05-18 18:57:09 -04:00
Brown
8c86d47eb7 Downgrade some PossiblyInvalidClone issues 2020-05-18 17:18:13 -04:00