Brown
07a38706f6
Fix #3610 - add security analysis documeentation
2020-06-22 00:18:15 -04:00
Brown
02e8313c39
Allow taintedness to propagate to some stubbed methods
2020-06-21 18:07:39 -04:00
Brown
317571f1b2
Fix reset call
2020-06-21 13:03:55 -04:00
Brown
fbe3433edd
Use escape terminology
2020-06-21 11:43:08 -04:00
Brown
07adecc6eb
Use correct method id when creating taints
2020-06-21 02:06:08 -04:00
Brown
5e9dc9520e
Improve docs
2020-06-21 01:02:00 -04:00
Brown
dc83c2e2fc
Add annotation for taint sources
2020-06-21 00:58:56 -04:00
Brown
cbd7ba8ed8
Fix return type
2020-06-20 23:34:39 -04:00
Brown
10e4e9ac65
Fix #3617 - prevent crash when constant class doesn’t exist
2020-06-20 23:30:36 -04:00
Brown
f21d3a8346
Remove html and sql taints for simple preg_replace patterns
2020-06-20 23:11:42 -04:00
Brown
8edee96d8d
Fix taint regression
2020-06-20 18:10:01 -04:00
Brown
80ed1daf33
Allow static method mixin to invoke instance method
2020-06-20 18:05:35 -04:00
Brown
2ccec821f8
Fix #3624 - inherit magic property annotations from traits
2020-06-20 16:53:17 -04:00
Brown
2c5c9e95e1
Don’t add two @return docblocks after @method
2020-06-20 15:30:47 -04:00
Brown
edbeec2c6a
Fix @method annotation namespacing
2020-06-20 15:18:22 -04:00
Ilija Tovilo
2f646d29db
Fix #3607 - constant string class reference with leading backslash ( #3612 )
2020-06-19 18:02:39 -04:00
Brown
5bc657504d
Add more docs
2020-06-19 12:12:28 -04:00
Brown
67f7079c1a
More better docs
2020-06-19 11:57:34 -04:00
Brown
51202c75ea
Add taint docs
2020-06-19 11:56:12 -04:00
Andrei Petre
ce39bab966
Update InvalidExtendClass.md ( #3616 )
...
suggestion by @weirdan
2020-06-19 11:51:30 -04:00
Andrei Petre
6024fe4761
use original case in error messages when reporting undefined methods ( #3615 )
2020-06-19 11:51:08 -04:00
Brown
a7a23b4c1c
Remove letter
2020-06-19 09:41:25 -04:00
Jeroen De Dauw
8d4df25b87
Document the new extraFiles config ( #3619 )
...
Follow up to 078b8b7b1a
2020-06-19 02:28:20 -04:00
Brown
b1c836e5f3
Improve specialisation after call
2020-06-19 01:59:45 -04:00
Brown
8f2e28c36b
Improve tainting of specializable classes
2020-06-19 01:22:51 -04:00
Brown
078b8b7b1a
Fix #3618 - add way to load non-analyzed files
2020-06-19 00:13:09 -04:00
Brown
eecdc43ce7
Remove stray commas
2020-06-18 20:15:38 -04:00
Brown
49f0592794
Improve tracking of array taints
2020-06-18 18:48:19 -04:00
Brown
562a7c1ca4
Track taints from all tainted arrays
2020-06-18 13:45:58 -04:00
Brown
7d9a99a956
Fix #3609 - interpret strings as regular static calls
2020-06-18 11:56:08 -04:00
Brown
f609a01497
Move static property fetch analyzer to own class
2020-06-18 11:53:24 -04:00
Brown
98622783ec
Allow lists to have their types refined
...
Fixes #3605
2020-06-18 10:01:16 -04:00
Bruce Weirdan
6fb63903c1
Infer better types for magic constants used in const initializers ( #3602 )
...
Fixes vimeo/psalm#3464
2020-06-18 09:48:51 -04:00
Brown
137647a1a0
Fix #3603 - better typed value comparisons for loose equality
2020-06-18 09:31:38 -04:00
Brown
21e567832f
Add API method for adding custom taint sources
2020-06-18 00:16:19 -04:00
Brown
7fc1f50f54
Fix potential nullref
2020-06-17 16:40:35 -04:00
Brown
4870774ea4
Allow falsable issues on DateInterval::$days
2020-06-17 16:28:26 -04:00
Brown
0a8b9b56ab
Fix #3600 - conditional return should be removed before comparison
2020-06-17 12:57:50 -04:00
Jaik Dean
02b15b83ff
Fix argument types for Redis::zRevRangeByScore() and Redis::zRevRangeByLex() ( #3597 )
2020-06-17 11:50:03 -04:00
Teemu Koskinen
bfae4af030
tidyNode->child will be null if the node does not have any children ( #3599 )
...
https://github.com/php/php-src/blob/master/ext/tidy/tidy.c#L696
2020-06-17 09:29:23 -04:00
Olle Härstedt
948be8243e
Add @method to docs ( #3595 )
...
* Add @method
* Fix links
2020-06-16 22:20:34 -04:00
Matthew Brown
aff2805794
Add annotations ref
2020-06-16 20:55:39 -04:00
Olle Härstedt
e1cc27f7a2
Add new config: sealAllMethods ( #3578 )
...
* Add new config: sealAllMethods
* Add some more tests
* Fix codesniffer issue with preg_quote
* Fix missing method in test
Co-authored-by: Olle <noemail>
2020-06-15 22:36:42 -04:00
Brown
03e9649d49
Fix tainting of function calls absent taintable params
2020-06-15 20:59:48 -04:00
Brown
56ef220e49
Fix bugs in taint specialisation
2020-06-15 18:34:56 -04:00
Brown
30db5d10cf
Add laravel/framework fork to test-with-real-projects
2020-06-15 17:24:23 -04:00
Brown
bbada7ba8d
Ensure correct vars are used
2020-06-15 17:16:12 -04:00
Brown
05cb39814c
Improve performance of long switch checks
2020-06-15 16:23:19 -04:00
Brown
8c5a434dc8
Allow updating array by reference
2020-06-15 14:45:08 -04:00
Matthew Brown
8da80870e3
Optimise check
2020-06-14 22:07:04 -04:00