1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-04 02:27:59 +01:00
Commit Graph

7228 Commits

Author SHA1 Message Date
Brown
7c7ebd068f Make invalidation more robust 2020-07-03 12:59:07 -04:00
Brown
5da29955ee Use better replacement when analysing potentially-inherited templated type 2020-07-03 12:25:33 -04:00
Brown
44d7f51857 Generalise init vars inside for loops
Ref #3085
2020-07-03 11:13:44 -04:00
Brown
3d0a8c4c59 Fix #3738 - allow storing references to class-strings inside immutable 2020-07-03 08:47:50 -04:00
Brown
6419788a49 Remove false from template param as necessary
Fixes #3737
2020-07-03 01:07:50 -04:00
lhchavez
ba63ccb825
Improve \Psalm\Internal\Scanner\DocblockParser::parse() (#3736)
This change avoids calling `str_replace()` on the original docblock and
instead only operates on the parsed (and modified) lines. This now makes
it so that if there are substrings of the docblock that match a tag
match, it won't get prematurely removed, therefore avoiding mangling of
the parsed docblock's description.

Fixes: #3735
2020-07-02 17:55:57 -04:00
Brown
1745f5cafa Fix too-long line 2020-07-02 15:32:13 -04:00
Brown
cb94764d22 Prevent false-positive for Exception::__toString overriding 2020-07-02 14:09:56 -04:00
Brown
0c582e9993 Fix #3685 - improve handling of if conditionals inside do 2020-07-02 13:59:59 -04:00
Brown
cf1a8ac5fc Suppress taints in instance properties 2020-07-02 12:08:42 -04:00
Brown
67b2edc328 Allow more things to be suppressed with @psalm-suppress TaintedInput 2020-07-02 11:53:51 -04:00
Matthew Brown
fab07c58bd Add slash 2020-07-02 01:32:40 -04:00
Brown
ea82cdc6ea Fix #3726 - infer generic template from class-string 2020-07-02 01:11:46 -04:00
Brown
fa0f43f0cf Skip failing test 2020-07-02 00:22:14 -04:00
Brown
ae7c5b095b Fix #3712 - allow taints to be suppressed with @psalm-suppress 2020-07-01 23:23:45 -04:00
Tyson Andre
e3d59bf5d4
Support taint detection on Throwable::getTraceAsString() (#3731)
And `__toString()`, which uses getTraceAsString().

Fixes #3696

```php
function login($username, $password, $secret) {
    throw new RuntimeException('login failure');
}
try {
    login('user', $_GET['pass'], SECRET);
} catch (Exception $e) {
    // This output includes unescaped 'pass' and SECRET
    echo $e, "\n";
    echo $e->getTraceAsString();
}
```
2020-07-01 21:27:40 -04:00
Brown
0f548c83ea Fix redundant condition 2020-07-01 19:31:10 -04:00
Brown
6c62e46d15 Only emit one error for erroneous array_map string closure types 2020-07-01 19:18:01 -04:00
Brown
4d73b2501b Allow multiple args passed to array_map 2020-07-01 19:11:49 -04:00
Brown
70ab4c18f4 Fix #3720 - allow literal unions in keys to map to object-like arrays 2020-07-01 18:57:19 -04:00
Olle Härstedt
d8e8ce428e
Add new annotation: @psalm-self-out (#3650)
* Add new config: sealAllMethods

* Add some more tests

* Fix codesniffer issue with preg_quote

* Fix missing method in test

* New tag @self-out (WIP)

* Add self_out_type to method storage

* Add some notes

* More work on self-out (WIP)

* More work on self-out (WIP)

* Use psalm-self-out instead of self-out

* Remove extra file

* Cleanup

* Wrap around try-catch - how to check if a method has/should have storage?

* New method hasStorage()

* Fix indentation

* Fix some errors

* Fix indentation

* Cast storage type to type

* Add proper use-statement in method storage

* Correct test class name

* Allow self_out to be null

* method_id can be string (why, when?)

Co-authored-by: Olle <noemail>
2020-07-01 18:10:24 -04:00
Tyson Andre
b0a3de47e8
Mark create_function() as a taint sink (#3729)
create_function() is a thin wrapper around eval().
Fixes #3723
2020-07-01 18:09:30 -04:00
Brown
e13da22292 Allow cloning interfaces 2020-07-01 11:14:31 -04:00
Brown
fca350c498 Prevent a few crashes with really bad code 2020-07-01 10:30:10 -04:00
Brown
6047b7b6cb Fix #3719 - prevent crash when cloning missing class 2020-07-01 10:10:55 -04:00
Brown
cb0f65dd91 Skip taint tests in Windows 2020-07-01 09:49:52 -04:00
binarious
ff990e5f8f
docs(MoreSpecificImplementedParamType): less to more (#3725) 2020-07-01 09:01:58 -04:00
jarstelfox
ac5823095d
TemplateChecker: Ensure it's working again (#3724)
* TemplateChecker: Ensure it's working again

The template checker is erroring on my first template file due to storage missing on my pseudo method. I traced back to your original + noticed the optional param had been removed.

* TemplateChecker: Add missing use
2020-07-01 09:01:25 -04:00
Brown
4c368da75e Fix #3721 - prevent crash on empty @method 2020-07-01 09:00:33 -04:00
Brown
cceacde01d Hide fixable issues when running with taint analysis
Fixes #3722
2020-07-01 08:55:58 -04:00
Brown
17558a5c0e Fix #3676 - add multiline output for TaintedInput issues 2020-06-30 13:17:51 -04:00
Olle
290207dd3f Merge remote-tracking branch 'upstream/master' 2020-06-30 17:01:56 +00:00
Olle
ee9a7c00fe method_id can be string (why, when?) 2020-06-30 16:02:48 +00:00
Olle
1aec75292a Allow self_out to be null 2020-06-30 16:00:33 +00:00
Olle
e6626f8cb3 Correct test class name 2020-06-30 15:35:30 +00:00
Olle
111f4b4f6e Add proper use-statement in method storage 2020-06-30 15:33:14 +00:00
Olle
4cd3c93d0d Cast storage type to type 2020-06-30 15:22:55 +00:00
Olle
a2faf70c0f Fix indentation 2020-06-30 15:13:15 +00:00
Brown
671009a70c Specialize constructor taints cc @TysonAndre 2020-06-29 21:08:43 -04:00
Brown
7288dfc620 Fix #3715 - unserialize is a taint sink 2020-06-29 17:54:47 -04:00
Brown
7253e01000 Fix #3716 - prevent crash for Foo|? return type 2020-06-29 17:52:55 -04:00
Brown
e56483bb54 Fix #3711 - generalize call of specialized class without specializations 2020-06-29 17:42:01 -04:00
Brown
ab29ac0e51 Only cast in echo when tracking taints 2020-06-29 15:06:11 -04:00
Brown
cff976049d Remove unused vars 2020-06-29 13:24:05 -04:00
Brown
f6e2e0a84a Perform string casting for taints in ArgumentAnalyzer 2020-06-29 13:21:33 -04:00
Brown
1a582fa636 Change InvalidArgument to InvalidCast in test 2020-06-29 12:55:12 -04:00
Brown
45c21853e5 Fix #3709 - don’t crash on inherited __toString tainting 2020-06-29 12:11:11 -04:00
Matthew Brown
18f9e7487b
Remove string cast
Cc @TysonAndre
2020-06-29 09:54:07 -04:00
Brown
aab90fb74e Fix Psalm errors 2020-06-29 09:29:19 -04:00
Brown
38977d797e Fix #3697 - cast types via implied __toString method 2020-06-29 09:13:19 -04:00