Lukas Reschke
c42927c6e4
Add SARIF as report output ( #4582 )
...
https://docs.oasis-open.org/sarif/sarif/v2.0/sarif-v2.0.html
2021-01-29 11:46:13 +01:00
Matt Brown
2c69618347
Break out TaintedInput issues into a lot of separate ones
2021-01-29 11:46:13 +01:00
Dusk
4e7bd1e39b
Allow named arguments to variadic functions ( #4575 )
...
Closes #4563
2021-01-29 11:46:11 +01:00
Lukas Reschke
ff55dba130
Add sinks for popen and proc_open ( #4572 )
...
User input in those two functions could lead to a RCE.
popen: https://www.php.net/manual/en/function.popen.php
proc_open: https://www.php.net/manual/en/function.proc-open.php
2021-01-29 11:46:11 +01:00
orklah
2f368244a4
Detect trying to access to a list with a negative offset ( #4552 )
2021-01-29 11:46:11 +01:00
Matt Brown
4fff920952
Fix #4529 - allow unsetting with complex array key
2021-01-29 11:46:10 +01:00
Matt Brown
4a8c98257e
Add closure-use termination for byref flows
2021-01-29 11:46:10 +01:00
Matt Brown
ad840e4b7a
Fix #4547 - mark unused uses
2021-01-29 11:46:10 +01:00
Matt Brown
c1d57ba6a5
Uses by ref should be assigned that way
2021-01-29 11:46:10 +01:00
Matt Brown
5f01ea788a
Fix #4544 - improve handling of get_class in match
2021-01-29 11:46:10 +01:00
Matt Brown
5219932408
Fix #4545 - allow intersections in more places
2021-01-29 11:46:10 +01:00
Matt Brown
63bf00513b
Split out trait template tests
2021-01-29 11:46:09 +01:00
Matt Brown
8392fb429c
Fix #4540 - use correct method when simulating property setting
2021-01-29 11:46:09 +01:00
Matt Brown
e8c755c7c0
Fix #4537 - use more rigorous inerhitance for return and param types
2021-01-29 11:46:09 +01:00
Matt Brown
bd20313a14
Use better way to determine which signture to use
...
Fixes #4524
2021-01-29 11:46:09 +01:00
Matt Brown
fb5ee1e46d
Bind lower bounds to upper bounds as well when no upper bound can be inferred
...
Ref #4485
2021-01-29 11:46:08 +01:00
Matt Brown
e624f972dd
Fix #4524 - do better template param inheritance
2021-01-29 11:46:08 +01:00
Matt Brown
f3b6846c70
Fix #4527 - improve interpolated string types
2021-01-29 11:46:08 +01:00
Adrien LUCAS
9ab0ab9472
Add a proxy
capability to the flow annotation ( #4495 )
...
* Add a `passthru` capability to the flow annotation
* Fix passthru-calls type
* Fix types and rename to proxy
* Allow to proxy a method
Co-authored-by: Matthew Brown <github@muglug.com>
2021-01-29 11:46:07 +01:00
Matt Brown
d07a8bb4a5
Add descendant variables for closure uses
...
Fixes #4522
2021-01-29 11:46:07 +01:00
Matt Brown
1ad65fb899
Fix #4517 - track type contradiction issues in match expressions
2021-01-29 11:46:07 +01:00
Matt Brown
9fd4a24c55
Fix #4516 - treat exit() as the empty type
2021-01-29 11:46:07 +01:00
Matt Brown
ec9d8e6700
Fix #4519 - prevent crash with empty match
2021-01-29 11:46:07 +01:00
Matt Brown
e2eee4cb46
Break apart complex method
2021-01-29 11:46:07 +01:00
Matt Brown
fbafb9e97f
Fix #4509 - treat expression-derived constants as mixed
2021-01-29 11:46:06 +01:00
Matt Brown
36af6d70d2
Fix tests
2021-01-29 11:46:05 +01:00
Matt Brown
b68995582e
Preserve reconciled taints for all but non-string scalar types
2021-01-29 11:46:05 +01:00
Matt Brown
fb5e30850a
Fix #4503 - don’t ignore assertions on possibly-null mixed
2021-01-29 11:46:05 +01:00
Matt Brown
64ade75d13
Get rid of version test, which is dumb
2021-01-29 11:46:04 +01:00
Axel H
2f10ad0c24
Fix type inference when unpacking typed iterables ( #4487 )
...
* Add test for unpacking typed iterables
* Fix type inference when unpacking typed iterables into arrays
* Fix possibly undefined array offset
2021-01-29 11:46:04 +01:00
Matt Brown
578e65820a
Ensure we flush out re-assigned vars also referenced
...
Fixes #4488
2021-01-29 11:46:04 +01:00
Matt Brown
57cd29ee9d
Put assignment-in-conditional tests in their own file
2021-01-29 11:46:04 +01:00
Matt Brown
1389dc6adf
Allow opt-in to strict return type checking
2021-01-29 11:46:03 +01:00
Matt Brown
3483c59d9b
Fix #4479 - use correct keys in message
2021-01-29 11:46:03 +01:00
Matt Brown
d688d5fd74
Add support for @return never
2021-01-29 11:45:02 +01:00
Matt Brown
8b44459c7c
Fix overeager inference
2021-01-29 11:45:02 +01:00
Matt Brown
d4846b14e6
Reorganise things a little
2021-01-29 11:45:02 +01:00
Matt Brown
e3a352d287
Fix int-mask-of expansion
2021-01-29 11:45:02 +01:00
Matt Brown
2a7feef5f6
Fix #4466 use better differentiation for class_exists second param
2021-01-29 11:45:01 +01:00
Matt Brown
c07378a713
Fix #4467 - variables are only the same if they were set in the same location
2021-01-29 11:45:01 +01:00
Matt Brown
badf0855ce
Invalidate child methods when signature changes
2021-01-29 11:45:01 +01:00
Matt Brown
9d35e3c251
Fix #4464 - bust cache when Psalm’s version changes, not just composer’s
2021-01-29 11:45:01 +01:00
Matt Brown
b217916f37
Use better inference for getAttributes return type
...
Fixes #4367
2021-01-29 11:45:00 +01:00
Matt Brown
0ea0604cf3
Fix #4453 - sanitise @extends types before attempting to parse
2021-01-29 11:44:36 +01:00
Matt Brown
881068d5c0
Detect when targets are incorrectly targeted
2021-01-29 11:44:36 +01:00
Matt Brown
98b755fb6c
Add support for int-mask<...> and int-mask-of<...>
2021-01-29 11:44:35 +01:00
Matt Brown
fb81fa13f4
Ensure Stringable is always available to tests that need it
2021-01-29 11:44:35 +01:00
Matt Brown
9f87b99fac
Fix #4435 - ensure casts are always flow-sensitive
2021-01-29 11:44:35 +01:00
Matt Brown
ab90097baf
Remove subpar test
2021-01-29 11:44:35 +01:00
Matt Brown
3ebdb3b952
Use more accurate comparison for non-empty-lists
2021-01-29 11:44:34 +01:00