danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-12-15 10:57:08 +01:00
Code Issues Projects Releases Wiki Activity
7,361 Commits 43 Branches 314 Tags 108 MiB
c9e47450a7
Commit Graph

2929 Commits

Author SHA1 Message Date
Nat Zimmermann
2ee126c567
correct *getcsv return types (#3832) 2020-07-17 10:09:21 -04:00
Brown
5392ae0b39 Fix UnusedMethodCall examples 2020-07-16 18:14:15 -04:00
Brown
26a61c47c0 Prevent mixed erasure in get_class call 2020-07-16 13:56:42 -04:00
Brown
a2dbd31371 Fix usage of array_push results 2020-07-16 13:44:51 -04:00
Brown
262bb9fd89 Invalidate memoized getter method results after property assignment 2020-07-16 12:59:49 -04:00
Brown
b361b44889 Rip out plain getter property logic cc @m0003r 
It gets in the way of the other IMO more useful memoisation logic (e.g. when a getter is declared final)
 2020-07-16 12:42:59 -04:00
Brown
96bfd144df Fix #3825 - ensure final getters are treated as mutation free 2020-07-16 11:58:27 -04:00
kesselb
aaba3a08ec
Add option to supress a referenced but undefined global variable. (#3827) 2020-07-16 09:49:59 -04:00
Brown
8fbc8de98a Fix #3820 - don’t treat a method call as memoisable if it has assertions 2020-07-15 15:09:19 -04:00
Brown
06ee1b71c7 Improve check for empty array 2020-07-15 09:49:30 -04:00
ygottschalk
94e2552d1c
Fix #3810 removing ignore-nullable-return (#3817) 
* Fix #3810 removing ignore-nullable-return form stubs of key, array_key_first, array_key_last

* fixed test failing due to changes to key()

* Improve key return type

* Remove unnecessary check

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-07-14 17:43:26 -04:00
Tyson Andre
f17a4911d5
Add more impure functions (#3814) 2020-07-14 17:14:09 -04:00
Evgeniy
fcd2ac3078
array_column check result non-emptyness (#3813) 
* Update

* Update test

* Fix test

* Fix test

* inline function res in test

* cs
 2020-07-14 17:13:45 -04:00
Brown
3c9028c182 Fix #3808 - allow detection of paradoxes in switch condition function calls 2020-07-14 10:51:12 -04:00
Brown
f0a5463834 Catch string subtypes that cannot be identical 2020-07-14 10:08:31 -04:00
Brown
2399643472 Fix #3811 - allow more complex negations inside boolean expressions 2020-07-13 21:31:58 -04:00
Bruce Weirdan
931d35a703
Collect and scan files included by the autoloaders (#3183) 
Refs vimeo/psalm#2861
 2020-07-11 17:17:22 -04:00
Joe Hoyle
b8c4abf08b
Add ability to Go to Definition on Use statements (#3805) 
This adds the ability to use the LSP's "Go to Definition" on `use MyClass` statements.

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-07-11 17:16:44 -04:00
Joe Hoyle
0b6d682964
Fix going to definition on return type (#3806) 
* Fix going to definition on return type

If a return type of a method or function is set incorrectly (with the PHP doc), then the references are not added for the `function() : MyClass` symbol, so the "Go to definition" feature of the LSP won't work. I don't believe an invalid return type or not should stop the symbol location being tracked (and not allowing code navigation).

In moved the symbol location tracking to be before the return early short circuit.

* Update SymbolLookupTest.php

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-07-11 17:14:39 -04:00
Joe Hoyle
11af82a97f
Fix jumping to definition on nullable parameters (#3804) 
Currently it's not possible to "Go to definition" (LSP) on nullable args like `function( ?MyClass )` as the reference is stored a `MyClass|null` in the reference map, which will now resolve to a class name.

This PR removed any nullable type from the union before adding it to the reference map (as the reference map is only use to indicate a symbol was used in a given location, I think this makes sense).
 2020-07-11 17:12:03 -04:00
Brown
2afbf58324 Prevent adding trait property types 2020-07-10 19:11:06 -04:00
Brown
9177ad5ce0 Add back fix 2020-07-10 17:13:11 -04:00
Brown
8d022307d2 Fix #3797 - prevent many chained assignments crashing Psalm 2020-07-10 16:49:45 -04:00
Brown
d71f12d250 Fix #3802 - allow increment inside isset expression 2020-07-10 16:14:24 -04:00
Brown
4f872674f9 Add space 2020-07-10 14:40:25 -04:00
Brown
8349564cc4 Fix #3790 - removing false/null from template not redundant 2020-07-10 13:19:23 -04:00
Brown
cd8420aa94 Skip optimisation for unpacked args 2020-07-10 13:04:37 -04:00
Brown
d8eca89b44 Remove redundancy 2020-07-10 10:35:26 -04:00
Brown
38fdf4bef6 Treat array_push($a, ... as $a[]= ... 2020-07-10 10:20:02 -04:00
Tyson Andre
018c4bf545
Support generating a .console report text file. (#3777) 
This is useful for use cases such as saving multiline taint detection results.

Only the compact and console reports seem to use color right now.
In many cases, adding color codes to a text file would make it harder to read
in an editor.
 2020-07-08 15:09:31 -04:00
Brown
bf7bcc0dca Fix #3779 - allow ParadoxicalCondition of default to be suppressed 2020-07-08 14:51:20 -04:00
Brown
33a834bb0b Fix some property inference bugs 2020-07-08 14:43:36 -04:00
Brown
619c384509 Add indentation as necessary between property docblocks 2020-07-08 14:32:16 -04:00
Brown
f173ef6ef0 Add mixed types to prevent bad recommendations 2020-07-08 12:18:36 -04:00
Brown
cf67b9eef1 Fix #435 - add psalter fix for MissingPropertyType 2020-07-08 12:03:12 -04:00
Brown
6bdff42cda Add support for potentially-assigned properties 2020-07-08 11:46:55 -04:00
Brown
0034f2e4bd Don’t manipulate property storage during analysis 2020-07-07 19:32:44 -04:00
Tyson Andre
cda6bd0553
Fix "Could not get class storage" from cache (#3769) 
Fixes #3671

This is better than an uncaught exception, at least, and I can detect
new issues if the constructor body changes
 2020-07-07 17:10:51 -04:00
Brown
8ecee6df6d Fix #3760 - prevent param remapping twice 2020-07-07 11:44:22 -04:00
Brown
82a85791f2 Fix #3764 - preserve sealed-ness of array into array_map 2020-07-07 09:31:43 -04:00
Brown
279cad3599 Fix #3755 - prevent crash when throw class not found 2020-07-07 00:29:46 -04:00
Tyson Andre
cad86aae5b
Fix typo for printr (#3754) 
Related to #3744

`print_r` is only a taint sink when `$return` is false or absent.
 2020-07-07 00:25:14 -04:00
Brown
1b498e6dae Remove unused variable 2020-07-06 17:41:07 -04:00
Brown
eb3ce8d368 Remove unused code 2020-07-06 15:39:52 -04:00
Brown
ada2fe033e Remove comma 2020-07-05 15:21:44 -04:00
Brown
ab6df0a5d1 Fix #3753 - resolve self-references in trait as statements earlier 2020-07-05 12:05:25 -04:00
Brown
42a3cedd31 Fix #3742 - add null to type after possibly null array access 2020-07-05 09:12:07 -04:00
jarstelfox
3096afed99
Fix echo false issue (#3751) 
* Echo: add failing test case

echo false; is a noop, not an issue

* Echo: Fix failing test case
 2020-07-05 08:55:42 -04:00
Brown
7c7ebd068f Make invalidation more robust 2020-07-03 12:59:07 -04:00
Brown
5da29955ee Use better replacement when analysing potentially-inherited templated type 2020-07-03 12:25:33 -04:00
Brown
44d7f51857 Generalise init vars inside for loops 
Ref #3085
 2020-07-03 11:13:44 -04:00
Brown
3d0a8c4c59 Fix #3738 - allow storing references to class-strings inside immutable 2020-07-03 08:47:50 -04:00
Brown
6419788a49 Remove false from template param as necessary 
Fixes #3737
 2020-07-03 01:07:50 -04:00
lhchavez
ba63ccb825
Improve \Psalm\Internal\Scanner\DocblockParser::parse() (#3736) 
This change avoids calling `str_replace()` on the original docblock and
instead only operates on the parsed (and modified) lines. This now makes
it so that if there are substrings of the docblock that match a tag
match, it won't get prematurely removed, therefore avoiding mangling of
the parsed docblock's description.

Fixes: #3735
 2020-07-02 17:55:57 -04:00
Brown
1745f5cafa Fix too-long line 2020-07-02 15:32:13 -04:00
Brown
cb94764d22 Prevent false-positive for Exception::__toString overriding 2020-07-02 14:09:56 -04:00
Brown
0c582e9993 Fix #3685 - improve handling of if conditionals inside do 2020-07-02 13:59:59 -04:00
Brown
cf1a8ac5fc Suppress taints in instance properties 2020-07-02 12:08:42 -04:00
Brown
67b2edc328 Allow more things to be suppressed with @psalm-suppress TaintedInput 2020-07-02 11:53:51 -04:00
Brown
ea82cdc6ea Fix #3726 - infer generic template from class-string 2020-07-02 01:11:46 -04:00
Brown
ae7c5b095b Fix #3712 - allow taints to be suppressed with @psalm-suppress 2020-07-01 23:23:45 -04:00
Tyson Andre
e3d59bf5d4
Support taint detection on Throwable::getTraceAsString() (#3731) 
And `__toString()`, which uses getTraceAsString().

Fixes #3696

```php
function login($username, $password, $secret) {
    throw new RuntimeException('login failure');
}
try {
    login('user', $_GET['pass'], SECRET);
} catch (Exception $e) {
    // This output includes unescaped 'pass' and SECRET
    echo $e, "\n";
    echo $e->getTraceAsString();
}
```
 2020-07-01 21:27:40 -04:00
Brown
0f548c83ea Fix redundant condition 2020-07-01 19:31:10 -04:00
Brown
6c62e46d15 Only emit one error for erroneous array_map string closure types 2020-07-01 19:18:01 -04:00
Brown
4d73b2501b Allow multiple args passed to array_map 2020-07-01 19:11:49 -04:00
Brown
70ab4c18f4 Fix #3720 - allow literal unions in keys to map to object-like arrays 2020-07-01 18:57:19 -04:00
Olle Härstedt
d8e8ce428e
Add new annotation: @psalm-self-out (#3650) 
* Add new config: sealAllMethods

* Add some more tests

* Fix codesniffer issue with preg_quote

* Fix missing method in test

* New tag @self-out (WIP)

* Add self_out_type to method storage

* Add some notes

* More work on self-out (WIP)

* More work on self-out (WIP)

* Use psalm-self-out instead of self-out

* Remove extra file

* Cleanup

* Wrap around try-catch - how to check if a method has/should have storage?

* New method hasStorage()

* Fix indentation

* Fix some errors

* Fix indentation

* Cast storage type to type

* Add proper use-statement in method storage

* Correct test class name

* Allow self_out to be null

* method_id can be string (why, when?)

Co-authored-by: Olle <noemail>
 2020-07-01 18:10:24 -04:00
Tyson Andre
b0a3de47e8
Mark create_function() as a taint sink (#3729) 
create_function() is a thin wrapper around eval().
Fixes #3723
 2020-07-01 18:09:30 -04:00
Brown
e13da22292 Allow cloning interfaces 2020-07-01 11:14:31 -04:00
Brown
fca350c498 Prevent a few crashes with really bad code 2020-07-01 10:30:10 -04:00
Brown
6047b7b6cb Fix #3719 - prevent crash when cloning missing class 2020-07-01 10:10:55 -04:00
Brown
4c368da75e Fix #3721 - prevent crash on empty @method 2020-07-01 09:00:33 -04:00
Brown
17558a5c0e Fix #3676 - add multiline output for TaintedInput issues 2020-06-30 13:17:51 -04:00
Brown
671009a70c Specialize constructor taints cc @TysonAndre 2020-06-29 21:08:43 -04:00
Brown
7288dfc620 Fix #3715 - unserialize is a taint sink 2020-06-29 17:54:47 -04:00
Brown
7253e01000 Fix #3716 - prevent crash for Foo|? return type 2020-06-29 17:52:55 -04:00
Brown
e56483bb54 Fix #3711 - generalize call of specialized class without specializations 2020-06-29 17:42:01 -04:00
Brown
ab29ac0e51 Only cast in echo when tracking taints 2020-06-29 15:06:11 -04:00
Brown
cff976049d Remove unused vars 2020-06-29 13:24:05 -04:00
Brown
f6e2e0a84a Perform string casting for taints in ArgumentAnalyzer 2020-06-29 13:21:33 -04:00
Brown
45c21853e5 Fix #3709 - don’t crash on inherited __toString tainting 2020-06-29 12:11:11 -04:00
Brown
aab90fb74e Fix Psalm errors 2020-06-29 09:29:19 -04:00
Brown
38977d797e Fix #3697 - cast types via implied __toString method 2020-06-29 09:13:19 -04:00
Brown
b54b832838 Break out method call tainting 2020-06-29 00:14:49 -04:00
Barney Laurance
3f8aa64ee9
Treat methods of internal or psalm internal classes as internal (#3698) 
When both the method and the class are annotated as psalm-internal,
but to different namespaces, we consider the method internal to
whichever namespace is longer, i.e. the smaller code module.

Issue reported at https://github.com/vimeo/psalm/issues/3457
 2020-06-28 13:15:54 -04:00
Simon Podlipsky
0f727e7607
Add RdKafka\ProducerTopic::producev() to CallMap (#3700) 2020-06-28 13:15:11 -04:00
Brown
c95ebfeb21 Fix #3694 - allow two args for PDO::query 2020-06-26 18:26:06 -04:00
Fabien Villepinte
c42dadaf0d
Redis::getDbNum|getHost can return false (#3673) (#3693) 2020-06-26 18:14:10 -04:00
Tyson Andre
3a9c7432e1
Add psalm-taint-specialize for preg_replace_callback (#3683) 
Fixes https://psalm.dev/r/517c4a169e
 2020-06-26 08:58:57 -04:00
Brown
bcd7478352 Reduce memory footprint a little 2020-06-25 19:12:30 -04:00
Brown
559b3d3471 Fix #3681 - taint exit like echo 2020-06-25 17:17:08 -04:00
Brown
07f7e5ccaf Reconciling should preserve taints 
Fixes #3680
 2020-06-25 17:04:18 -04:00
Brown
9837a60853 Fix #3675 - add taints to filter_var return 
Doesn’t yet take callback into account
 2020-06-25 13:24:26 -04:00
Brown
9e7650586b Fix bugs 2020-06-25 13:21:11 -04:00
Brown
95bf7f835b Improve handling of array_map, faking out calls where nececssary 2020-06-25 13:05:34 -04:00
Brown
f458959af5 Add param type 2020-06-25 01:40:19 -04:00
Brown
d7f1bde6da Refactor taint acccess checks 2020-06-25 01:32:57 -04:00
Brown
b8ebed0b85 Add a bit more accuracy 2020-06-25 01:00:11 -04:00
Brown
e26922010a Improve accuracy of array nesting checks 2020-06-25 00:50:52 -04:00
Brown
b84cf74754 Fix #3668 - taint property types for magic properties without @property 2020-06-25 00:24:37 -04:00
Brown
dd25b81d3a Fix #3670 - taint mixed foreach access 2020-06-24 19:16:30 -04:00
Brown
a6c7a48387 Add support for argument unpacking 
Ref #3670
 2020-06-24 18:43:15 -04:00
Tyson Andre
1670848267
Mark print() statement as the same sink type as echo (#3669) 2020-06-24 17:23:16 -04:00
Brown
de85e7c539 Fix blips 2020-06-24 13:19:14 -04:00
Brown
7a7cd91c24 Fix #3631 - better treatment for assignments in complex conditionals 2020-06-24 13:16:52 -04:00
Brown
9aa0aca949 Fix handling of coerced callmap args 2020-06-24 11:51:31 -04:00
Brown
c29b3744ec Change storage of out types 2020-06-24 11:51:31 -04:00
Brown
96d05ab06b Fix #3654 - use correct function id for namespaced functions 2020-06-23 16:53:11 -04:00
Brown
6a746b65ea Fix #3655 - taint encapsulated strings 2020-06-23 16:38:59 -04:00
Brown
13fc8a75fd Allow taints to flow where no return type exists 
Fixes #3652
 2020-06-23 15:52:19 -04:00
Brown
f46236ad71 Taint flows through preg_replace_callback 2020-06-23 15:28:31 -04:00
Brown
f72b609d42 Fix #3642 - detect missing property when name matches 2020-06-23 13:12:46 -04:00
Brown
4d6fc4d0ca Fix get_class($foo) === static::class checks 2020-06-23 13:11:19 -04:00
Brown
9b860214d5 Fix #3639 - allow coerced types to count when picking callmap options 2020-06-22 20:24:34 -04:00
Brown
1f86afece7 Revert "Fix #3631 - apply assertions to RHS of equality in conditional" 
This reverts commit 9c17795545.
 2020-06-22 20:01:27 -04:00
Brown
fc8212e207 Fix static call specialisation via annotation 2020-06-22 18:40:43 -04:00
Brown
e8be2c500e Support taint flows in more functions 2020-06-22 17:53:03 -04:00
Brown
7f05b3c530 Add $_REQUEST as a taint source 
Ref #3636
 2020-06-22 17:16:15 -04:00
Brown
9c17795545 Fix #3631 - apply assertions to RHS of equality in conditional 2020-06-22 15:16:16 -04:00
Brown
dddc159694 Add explicit path object 2020-06-22 02:10:03 -04:00
Brown
36f1630e03 Add more steps for clearer output 2020-06-22 01:08:58 -04:00
Brown
02e8313c39 Allow taintedness to propagate to some stubbed methods 2020-06-21 18:07:39 -04:00
Brown
fbe3433edd Use escape terminology 2020-06-21 11:43:08 -04:00
Brown
07adecc6eb Use correct method id when creating taints 2020-06-21 02:06:08 -04:00
Brown
dc83c2e2fc Add annotation for taint sources 2020-06-21 00:58:56 -04:00
Brown
f21d3a8346 Remove html and sql taints for simple preg_replace patterns 2020-06-20 23:11:42 -04:00
Brown
8edee96d8d Fix taint regression 2020-06-20 18:10:01 -04:00
Brown
80ed1daf33 Allow static method mixin to invoke instance method 2020-06-20 18:05:35 -04:00
Brown
2ccec821f8 Fix #3624 - inherit magic property annotations from traits 2020-06-20 16:53:17 -04:00
Brown
2c5c9e95e1 Don’t add two @return docblocks after @method 2020-06-20 15:30:47 -04:00
Brown
edbeec2c6a Fix @method annotation namespacing 2020-06-20 15:18:22 -04:00
Ilija Tovilo
2f646d29db
Fix #3607 - constant string class reference with leading backslash (#3612) 2020-06-19 18:02:39 -04:00
Brown
51202c75ea Add taint docs 2020-06-19 11:56:12 -04:00
Andrei Petre
6024fe4761
use original case in error messages when reporting undefined methods (#3615) 2020-06-19 11:51:08 -04:00
Brown
b1c836e5f3 Improve specialisation after call 2020-06-19 01:59:45 -04:00
Brown
8f2e28c36b Improve tainting of specializable classes 2020-06-19 01:22:51 -04:00
Brown
078b8b7b1a Fix #3618 - add way to load non-analyzed files 2020-06-19 00:13:09 -04:00
Brown
eecdc43ce7 Remove stray commas 2020-06-18 20:15:38 -04:00
Brown
49f0592794 Improve tracking of array taints 2020-06-18 18:48:19 -04:00
Brown
562a7c1ca4 Track taints from all tainted arrays 2020-06-18 13:45:58 -04:00
Brown
7d9a99a956 Fix #3609 - interpret strings as regular static calls 2020-06-18 11:56:08 -04:00
Brown
f609a01497 Move static property fetch analyzer to own class 2020-06-18 11:53:24 -04:00
Brown
98622783ec Allow lists to have their types refined 
Fixes #3605
 2020-06-18 10:01:16 -04:00
Bruce Weirdan
6fb63903c1
Infer better types for magic constants used in const initializers (#3602) 
Fixes vimeo/psalm#3464
 2020-06-18 09:48:51 -04:00
Brown
137647a1a0 Fix #3603 - better typed value comparisons for loose equality 2020-06-18 09:31:38 -04:00
Brown
7fc1f50f54 Fix potential nullref 2020-06-17 16:40:35 -04:00
Brown
4870774ea4 Allow falsable issues on DateInterval::$days 2020-06-17 16:28:26 -04:00
Brown
0a8b9b56ab Fix #3600 - conditional return should be removed before comparison 2020-06-17 12:57:50 -04:00
Jaik Dean
02b15b83ff
Fix argument types for Redis::zRevRangeByScore() and Redis::zRevRangeByLex() (#3597) 2020-06-17 11:50:03 -04:00
Teemu Koskinen
bfae4af030
tidyNode->child will be null if the node does not have any children (#3599) 
https://github.com/php/php-src/blob/master/ext/tidy/tidy.c#L696
 2020-06-17 09:29:23 -04:00
Olle Härstedt
e1cc27f7a2
Add new config: sealAllMethods (#3578) 
* Add new config: sealAllMethods

* Add some more tests

* Fix codesniffer issue with preg_quote

* Fix missing method in test

Co-authored-by: Olle <noemail>
 2020-06-15 22:36:42 -04:00
Brown
03e9649d49 Fix tainting of function calls absent taintable params 2020-06-15 20:59:48 -04:00
Brown
56ef220e49 Fix bugs in taint specialisation 2020-06-15 18:34:56 -04:00
Brown
bbada7ba8d Ensure correct vars are used 2020-06-15 17:16:12 -04:00
Brown
05cb39814c Improve performance of long switch checks 2020-06-15 16:23:19 -04:00
Brown
8c5a434dc8 Allow updating array by reference 2020-06-15 14:45:08 -04:00
Matthew Brown
081a284759 Fix #3567 - remember which variables a callable sets byref in use 2020-06-14 11:58:50 -04:00
Matthew Brown
a49a0e5650 Fix #3551 - count method can be impure 2020-06-14 11:06:53 -04:00
Matthew Brown
683bde9540 Fix #3573 - allow UnnecessaryVarAnnotation to be suppressed 2020-06-13 16:48:10 -04:00
Matthew Brown
19ba53f28c Fix too-long line 2020-06-13 16:45:54 -04:00
Matthew Brown
427f470806 Fix #3586 - ensure templated trait params more accurate 2020-06-13 16:37:39 -04:00
Matthew Brown
edb2b4c5ef Get type of requires 2020-06-13 15:48:12 -04:00
Gabriel Ostrolucký
8ca7a88c41
Mark fgetcsv impure (#3582) 
fgetcsv standalone is used to skip current row for consecutive reads
 2020-06-13 00:32:00 -04:00
Andrei Petre
3497ca07b6
Extending final class is prohibited #3037 (#3576) 2020-06-13 00:29:59 -04:00
Bruce Weirdan
a99f92ae3a
Fix vimeo/psalm#3572 (#3575) 
session_decode has side effects
 2020-06-13 00:28:56 -04:00
Brown
9bfe50b20a Always analyse cast expressions 
Fixes #3577
 2020-06-12 17:25:46 -04:00
Brown
211f014356 Fix #3571 - make callable():void valid for callable():?Foo 2020-06-12 14:26:31 -04:00
Brown
45ea5d0bfe Add a couple more shortcuts for common pattern 
Fixes #3563
 2020-06-12 11:18:34 -04:00
Brown
9ca6c868b7 Fix #3563 - add workaround for == true 2020-06-12 10:58:44 -04:00
Tim van Dijen
7fa48f3508
Fix return type for preg_grep (#3565) 2020-06-11 11:59:14 -04:00
Brown
f67b61f6cc Fix reconciliation of template param to literal string 
Fixes #3510
 2020-06-11 11:58:31 -04:00
Brown
16189782ab Inherit whether methods are sealed from parent 
Ref #3561
 2020-06-11 11:28:41 -04:00
Brown
ec0a4c7c96 Require ReflectionMethod get a class-string 2020-06-11 11:07:57 -04:00
Jáchym Toušek
c6611cfcd1
Update ext-ds stubs (#3559) 2020-06-10 17:27:39 -04:00
Gregor Harlan
235093ecc4
Add PharData::offsetGet/offsetExists to CallMap (#3557) 2020-06-10 17:26:22 -04:00
Brown
5617e9d7c9 Fix array_values call 2020-06-09 19:06:08 -04:00
Brown
286a8f911a Add support for static mixin calls 
Fixes #3552
 2020-06-09 18:39:52 -04:00
Brown
a6c0991073 Fix #3532 - expand type alias types recursively 2020-06-07 12:01:04 -04:00
Matthew Brown
91e76f7173 Fix #3536 - Make method return type provider aware of original called method 2020-06-06 23:35:08 -04:00
Matthew Brown
0ac739fd48 Fix #3534 - allow magic method call on mixin 2020-06-06 23:28:32 -04:00
Matthew Brown
739d23e5f0 Use alias 2020-06-06 23:27:25 -04:00
Matthew Brown
3d7288afcb Fix #3529 - static intersected with itself is static 2020-06-06 20:10:50 -04:00
Matthew Brown
ce445636e7 Fix #3535 - match template param class constants properly 2020-06-06 20:02:14 -04:00
Matthew Brown
74a34f066c Don’t check classes if literal strings are allowed 
Fixes #3538
 2020-06-06 19:31:42 -04:00
Brown
4f87cca55b Fix #3537 - improve parsing for @mixin annotations 2020-06-06 18:15:24 -04:00
Matthew Brown
243c09de37
Make property protected 2020-06-06 12:24:16 -04:00
Brown
fcf0a681d9 Fix #3531 - ignore mixed returns from template 2020-06-06 10:33:49 -04:00
Brown
438eb17e58 Fix #3367 - ensure --diff works after second run, not third 2020-06-05 12:09:38 -04:00
Brown
cf92361338 Fix #3522 - only use property pass-through when it’s visible 2020-06-04 16:15:07 -04:00
Brown
a4aa44494f Fix #3519 - prevent empty callable string 2020-06-04 15:40:53 -04:00
Šimon Podlipský
596213c2c3
Make ext-ds to array return list<V> (#3520) 2020-06-04 09:56:00 -04:00
Matthew Brown
c9ee691595
Fix suppression 2020-06-04 09:55:32 -04:00
Brown
5c80dc3299 Fix #3515 - add merge method to Vector 2020-06-03 16:50:01 -04:00
Brown
fd74d3284d Add support for PHPParser 4.5.0 2020-06-03 14:58:08 -04:00
LeSuisse
1f8dc26d1d
Fix signatures of stream_filter_append and stream_filter_prepend (#3514) 
filterparams is not restricted to an array, it is perfectly to pass a
class or any other value.

See https://github.com/php/php-src/blob/php-7.4.6/ext/standard/streamsfuncs.c#L1171
 2020-06-03 12:50:40 -04:00
Brown
7caaa64825 Fix #3418 - don’t override with send type when @psalm-yield is given 2020-06-02 13:27:17 -04:00
Brown
4d149de764 Fix #3506 - prevent black classes in throws check 2020-06-01 14:56:27 -04:00
Markus Staab
efcc28be02
Fixed mysql::$insert_id type (#3496) 
* Fixed mysql::$insert_id type

* Update PropertyMap.php

* Update src/Psalm/Internal/PropertyMap.php
 2020-05-31 18:53:30 -04:00
Brown
be8fd3ea19 Fix #3481 - treat an iterable like a Traversable when comparing to object 2020-05-31 01:22:43 -04:00
Brown
86b894eca5 Treat iterables as traversable when comparing to named object 2020-05-31 00:55:45 -04:00
Brown
c1d8912a9b Bust cache more 2020-05-30 19:11:57 -04:00
Brown
4e21e54ee1 Fix #3491 - provide correct types for substitution 2020-05-30 19:11:41 -04:00
Markus Staab
0e298a6f13
Removed unexisting property mysqli::stat (#3501) 2020-05-30 17:03:04 -04:00
orklah
76f5def268
Use scandir and glob flags to reduce their performance impact (#3499) 
* Use scandir and glob flags to reduce their performance impact

* Order seem to impact Tests here
 2020-05-30 17:02:35 -04:00
Markus Staab
f24d7abcd9
Made mysqli_warning::$sqlstate a string (#3497) 2020-05-30 17:01:20 -04:00
orklah
428beb21fb
Improve stubs for str_replace and preg_replace (#3495) 
* expand accepted values for str_replace and preg_replace. Make return conditional based on type of $subject

* Remove int|float from str_replace/preg_replace

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-05-30 16:59:18 -04:00
orklah
51bf7f38de
Fix #3438 (#3494) 2020-05-30 16:55:55 -04:00
El Azimov
bed5a74065
Add wildcard support for class constants in template. (#3489) 
Co-authored-by: El Azimov <el.azimov@rocks>
 2020-05-30 16:55:18 -04:00
orklah
1621a9f3ea
Add checks for duplicated params and returns (#3487) 2020-05-30 16:54:16 -04:00
orklah
062db0ffcf
Fix #3437 (#3493) 2020-05-30 14:38:12 -04:00
Brown
db67be5965 Fix #3483 - analyse variable static property access properly 2020-05-29 09:28:34 -04:00
Brown
235704ad49 Fix #3484 - use better method to determine constant existence in wildcard checks 2020-05-29 09:09:59 -04:00
Matthew Brown
73797f7498 Add more default sinks 2020-05-29 00:24:07 -04:00
Brown
30907f0269 Clean up comment parsing 2020-05-28 22:14:41 -04:00
Brown
b932163d5d Make parser a little cleaner 2020-05-28 14:31:17 -04:00
feek
5330dcbd7a
fix: pass along final (#3471) 2020-05-28 01:59:24 -04:00
still-dreaming-1
1bb884bd84
__TRAIT__ can be string or non-empty-string (#3469) 
depending on whether or not it is used from inside a __TRAIT__
 2020-05-27 19:23:46 -04:00
still-dreaming-1
9189335715
Fixes #3464 by typing __DIR__, __TRAIT__, and __FILE__ as non-empty-s… (#3468) 
* Fixes #3464 by typing __DIR__, __TRAIT__, and __FILE__ as non-empty-string

* __TRAIT__ should stay string in case used outside a trait

Co-authored-by:  <jesse@LAPTOP-73CA4O5T.localdomain>
 2020-05-27 18:21:26 -04:00
Brown
3c60609c21 Support better mixin handling 2020-05-27 11:12:09 -04:00
Brown
9b413cfccc Improved understanding of array_key_exists 
Fixes #3463
 2020-05-27 09:03:36 -04:00
Brown
b9ea115487 Support string class_alias calls with leading backslash 
Fixes #3465
 2020-05-27 08:14:47 -04:00
Brown
ef53ee3a3b Fix crash on aliased exception 
Ref #3465
 2020-05-27 08:09:58 -04:00
Brown
769ac5c052 Fix #3458 - scope templated mixin accurately 2020-05-26 23:32:07 -04:00
Brown
d04e21ee5a Define mixin declaring classname 2020-05-26 23:32:07 -04:00
Brown
b4855b3ecd Catch errors during yield annotation tokenisation 
Fixes #3430
 2020-05-26 17:57:55 -04:00
Brown
3da3d61270 Fix #3434 by removing extraneous call to simplifyType 2020-05-26 17:55:54 -04:00
Brown
0ef00f5756 Fix #3460 - allow isset checks on static properties 2020-05-26 17:40:27 -04:00
Brown
f0a5bd74b6 Detect never-return statement same as a throw 2020-05-26 15:02:23 -04:00
Brown
a2b6326a84 Change specialize-call to taint-specialize 2020-05-26 14:18:43 -04:00
Brown
ecb179c784 Migrate min/max function calls back to CallMap 2020-05-26 12:28:56 -04:00
Brown
a266d4748b Fix build 2020-05-26 07:50:11 -04:00
Brown
953be61cf2 Allow limiting connected taint paths 2020-05-25 23:28:11 -04:00
Brown
7e7456c863 Make taint checks more thorough 2020-05-25 17:10:53 -04:00
Brown
2e6fc24867 Template callmap methods too 
Fixes #3453
 2020-05-25 14:21:06 -04:00
Brown
118b700436 Simplify sink mapping for internal calls 2020-05-25 13:10:06 -04:00
Brown
109920be88 Expand template param before comparison 2020-05-25 11:51:10 -04:00
Brown
be847472a2 Fix #3453 - allow conditional return types on instance methods 2020-05-25 09:39:30 -04:00
Brown
3416e33348 Fix indentation 2020-05-25 01:23:28 -04:00
Brown
240b2f898c Add some negative test cases for @mixin 
Also fix #3452
 2020-05-25 00:19:52 -04:00
Matthew Brown
806db80d63 Fix #3440 - literal string doesn’t contain numeric-string 2020-05-24 22:42:08 -04:00
Brown
ff5c17c044 Switch subtype messagearg order 2020-05-24 09:43:54 -04:00
orklah
72435757ea
Add false to possible parse_url return types (#3359) (#3445) 
* Add false to possible parse_url return types (#3359)

* fix test
 2020-05-24 09:19:58 -04:00
Brown
92a9a7efdf Handle flows into arguments a little better 2020-05-23 23:54:16 -04:00
Matthew Brown
1d17c02fba Fix #3442 - support broader type after initial array assignment 2020-05-23 23:23:50 -04:00
Matthew Brown
15e753e279 Fix #3443 - add InvalidDocblock issue for @psalm-assert Foo|!Bar 2020-05-23 22:52:21 -04:00
Brown
a198b09eb7 Add intermediary concat op node 2020-05-23 21:38:09 -04:00
Brown
f5a0622ad2 Fix style 2020-05-23 08:06:31 -04:00
Matthew Brown
0dee85d0b7
Remove redundancy 2020-05-23 01:48:56 -04:00
Brown
16af6a5773 Improve concat taint propagation 2020-05-23 01:11:16 -04:00
Brown
ee493909d7 Fix bugs 2020-05-23 00:08:16 -04:00
Brown
10c106f7eb Add eval sink 2020-05-23 00:03:29 -04:00
Brown
dc73e25157 Detect taints in include calls 2020-05-22 23:53:37 -04:00
Brown
e72288c85f Don’t error on badly-formatted taint annotation 2020-05-22 22:38:03 -04:00
Brown
e82c317d53 Adjust tolerances 2020-05-22 21:37:18 -04:00
Brown
fb3cb2c4d1 Only use plain return type if we’re not memoizing 2020-05-22 17:05:39 -04:00
Brown
bbc30a1747 Only recreate taints if non-null 2020-05-22 16:55:36 -04:00
Brown
4b1c3db760 Don’t memoize method call where we have a getter standin 
Fixes #3427
 2020-05-22 15:54:32 -04:00
Brown
4010129e96 Fix #3420 - add ds\vector::toArray method 2020-05-22 15:26:19 -04:00
Brown
0cb211784d Fix #3415 - flesh out Closure return type 2020-05-22 14:26:37 -04:00
Brown
27a009fd69 Fix #3417 - Treat $this as static-y 2020-05-22 13:32:26 -04:00
Brown
bebfac0ab6 Fix #3426 - allow falsy reconciliation for templated params 2020-05-22 13:16:48 -04:00
Brown
1b84fc2c12 Fix #3419 - don’t add null to return type when template/conditional return is used 2020-05-22 12:44:19 -04:00
Brown
8632cdb3cd Improve taint tracking during scanning phase 2020-05-22 12:33:48 -04:00
Brown
63c3678ae5 Improve property location resolution 2020-05-22 12:33:38 -04:00
Matthew Brown
187b944680 Add faster taint analysis 2020-05-22 12:33:29 -04:00
Matthew Brown
6784a90b2f Fix #3423 - allow conditional with func_num_args() in namespace 2020-05-21 11:29:54 -04:00
Joe Hoyle
6f28d741bc
Display variable assignment type in LSP hovers (#3401) 
* Add node references for variable assignments

* Break up line

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-05-20 17:40:22 -04:00
Matthew Brown
3effdc5b69 Improve yield type substitution 2020-05-20 09:12:24 -04:00
Matthew Brown
2d02064962 Fix #3407 - allow multiple matching generic classes in union 2020-05-20 09:11:17 -04:00
Jáchym Toušek
8855b6c1d9
Fix Ds\Map methods (#3412) 2020-05-20 07:27:25 -04:00
Brown
2ec76f01c2 Fix redundant condition 2020-05-19 20:11:25 -04:00
Brown
27cb660377 Respect possibly-undefined array keys while merging 
Fixes #3393
 2020-05-19 20:10:01 -04:00
Brown
a4141a7581 Fix #3327 - convert void to null when comparing conditional type with nullable 2020-05-19 19:48:11 -04:00
Brown
f335560b69 Allow setting property on templated type 2020-05-19 17:31:05 -04:00
Brown
6ec5763847 Filter out traversable possibly-mixed too 2020-05-19 16:26:00 -04:00
Brown
a3214012a6 Only convert userland functions 2020-05-19 16:15:41 -04:00
Brown
baeb86ca8f Fix #3403 - remove possibly-mixed key 2020-05-19 16:12:37 -04:00
Brown
4415e0f69c Fix special case calling callable param with string non-global function 
Fixes #3411
 2020-05-19 15:48:31 -04:00
Matthew Brown
777b6e8d91 Simplify conditional 2020-05-19 15:07:30 -04:00
Brown
b5ae0167a2 Fix typo 2020-05-19 14:58:53 -04:00
Brown
b38d945b12 Cast null and false to empty string 
Ref #3408
 2020-05-19 14:53:06 -04:00
Brown
8becefda04 Forbid :: in object-like key name 
Ref #3399
 2020-05-19 14:38:46 -04:00
Šimon Podlipský
dc82243edc
Add RdKafka:flush() to CallMap (#3410) 2020-05-19 12:56:58 -04:00
Brown
0b2da18f1e Break up StatementsAnalyzer 2020-05-19 12:56:30 -04:00
Šimon Podlipský
47cf69ded1
Fix RdKafka maps (#3404) 
Resolves #3388
 2020-05-19 10:13:25 -04:00
Brown
666cc3b4c9 Fix BinaryOp analysis 2020-05-18 23:00:53 -04:00
Brown
8e5b330c5a Break apart CallAnalyzer 2020-05-18 22:57:00 -04:00
Brown
5b06c206e0 Move classes into deeper namespace 2020-05-18 22:52:33 -04:00
Brown
ace049a068 Beautify BinaryOpAnalyzer 2020-05-18 18:57:09 -04:00
orklah
478bb267d8
stubs for array_sum (#3395) 2020-05-18 17:23:21 -04:00
Brown
8c86d47eb7 Downgrade some PossiblyInvalidClone issues 2020-05-18 17:18:13 -04:00
Brown
4ca83ca30d Add slash 2020-05-18 17:05:47 -04:00
Brown
3a582dde8d Allow merging of numeric-string and literal string 2020-05-18 16:57:16 -04:00
Brown
2312523318 Support merging of numeric-string with literal 2020-05-18 16:56:09 -04:00
Brown
b62f646388 Fix #3391 - move_uploaded_file mutates 2020-05-18 16:26:08 -04:00
Evgeniy
04a576708c
Correct analyze clone expression (#3382) 
* Correct analyze clone, add PossibleInvalidClone issue type

* Infer mixed type when possible incorrect clone

* Remove unused variable
 2020-05-18 16:22:50 -04:00
Brown
ea0a99d3a8 Fix bad merge 2020-05-18 16:02:10 -04:00
Brown
5ee1487a01 Make ExpressionAnalyzer more beautiful 2020-05-18 15:13:27 -04:00
SignpostMarv
911ac2d363
Infer numeric-string from (string)$numeric (#3390) 
* adding test for vimeo/psalm#3370

* check if typecast will result in numeric-string

* int & float as per examples in vimeo/psalm#3370
* numeric & numeric-string because they shouldn't lose numericness.

* satisfy phpcs

* adjusting assertions to reflect typecasting change
 2020-05-18 13:42:47 -04:00
Brown
21798efed2 Fix #3388 - eliminate null after < 0 check 2020-05-18 08:52:44 -04:00
Mark Sch
9aa46221f6
Use pretty print for JSON reporting. (#3364) 
* Use pretty print for JSON reporting.

* Use pretty print for JSON reporting.

* Use pretty-print option on CLI for BC.

* Change static:: const to self::

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-05-18 08:40:20 -04:00
orklah
3e7f5df7e1
Solve more cases when docblock rendering is not needed (#3387) 2020-05-18 07:16:18 -04:00
Matthew Brown
b0ffaf0077 Fix type coercion 2020-05-17 22:51:48 -04:00
RJ Garcia
fd15bfc65d
Infer Return Types for Arrow Functions #3376 (#3385) 
* Infer Return Types for Arrow Functions #3376

- Made a small patch to check for closure or arrow
  function when attempting to infer the functions
  params
- Added new isExprClosureLike to start to consolidate
  all checks on closure/arrow fns

Signed-off-by: RJ Garcia <ragboyjr@icloud.com>

* Use better check

* Remove unused method

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-05-17 22:17:35 -04:00
orklah
dd4927a14c
Avoid regenerating docblock when no modification is made (#3374) 
* Avoid regenerating docblock when no modification is made

* Generate empty docblock before, in case there was no docblock at all
 2020-05-16 16:44:47 -04:00
Jefersson Nathan
f824cc380a
Add more test case scenario for @psalm-import-type (#3375) 
* Add test case scenario for @psalm-import-type

Signed-off-by: Jefersson Nathan <malukenho.dev@gmail.com>

* Add fix for @psalm-import-type test

Signed-off-by: Jefersson Nathan <malukenho.dev@gmail.com>

* Add test for import ocross namespaces

Signed-off-by: Jefersson Nathan <malukenho.dev@gmail.com>

* Add tests for failing cases

Signed-off-by: Jefersson Nathan <malukenho.dev@gmail.com>
 2020-05-16 16:43:35 -04:00
Matthew Brown
4dd0a2b775 Fix #3380 - allow comparisons between template param and empty array 2020-05-16 16:41:07 -04:00
Matthew Brown
f6342a40d9 Remove unnecesary conditional check for do 
Fixes #3378
 2020-05-16 16:32:36 -04:00
Nobu Funaki
abef8008bc
Fix InvalidCast after is_callable([$val, '__toString']) check (#3372) 
Support is_callable() with an array argument similar to method_exists()
 2020-05-16 08:50:43 -04:00
Brown
c62e08a88e Support intersection of type aliases 2020-05-15 16:18:52 -04:00
Brown
111303d913 Add non-empty-lowercase-string type 2020-05-15 10:18:05 -04:00
Brown
013467dc0e Add reference to ensure proper hydration 2020-05-15 00:31:55 -04:00
Brown
0086eb25a2 Remove duplicate types with @psalm-import-type 2020-05-15 00:16:20 -04:00
Brown
2d92943625 Add support for expansion of type aliases 2020-05-15 00:15:48 -04:00
Brown
9f3f7bb946 Consolidate ThreadData types 2020-05-14 23:44:22 -04:00
Brown
c212c03e40 Don’t stop analysing when encountering an UndefinedGlobalVariable 
Fixes #3366
 2020-05-14 22:51:51 -04:00
Brown
ae48c1895f Fix #3365 - add support for negated empty string checks 2020-05-14 22:09:37 -04:00
Brown
48504aa88c Pass through typa aliases where appropriate 2020-05-14 00:48:58 -04:00
Brown
006c6e09f1 Add more details to type alias creation 2020-05-14 00:41:50 -04:00
Brown
2327a0db6b Add TTypeAlias object with a creation path 2020-05-13 19:49:03 -04:00
Brown
190c9ce27e Use TypeAlias object to allow future extension 2020-05-13 19:29:59 -04:00
Brown
0fc3398631 Move parsing methods into internal namespace 2020-05-13 19:12:45 -04:00
Brown
2af0a17d03 Fix #3236 - allow use-checking of more methods starting with __ 2020-05-12 22:39:26 -04:00
Matthew Brown
8c236f411a Fix #3353 - allow extending nested when nested as type is mixed 2020-05-12 15:07:16 -04:00
Brown
3e58163180 Prevent empty function id 
Ref #3354
 2020-05-12 12:54:06 -04:00
Brown
d8cd30b34a Fix #3340 - catch more errors in @method type parsing 2020-05-11 18:39:07 -04:00
Brown
0d5d7c8938 Add null check 2020-05-11 11:56:07 -04:00
Brown
291018034b Remove unnecessary PHP code 2020-05-11 11:36:50 -04:00
Brown
3554aa4435 Fix crash newly introduced 2020-05-11 09:34:07 -04:00
Brown
eefd2e743b Use generic function definition for sscanf 
cc @villfa
 2020-05-10 23:58:51 -04:00
Brown
8f2f2617d4 Improve refactor 2020-05-10 22:45:01 -04:00
Brown
5f4d162dd5 Break out type expander into separate class 2020-05-10 22:39:18 -04:00
sj-i
fa601f97d7
update proc_open() types for PHP 7.4 (#3333) 
as of PHP 7.4, proc_open() accepts an array for its first argument.
https://www.php.net/manual/en/function.proc-open.php#refsect1-function.proc-open-parameters
 2020-05-10 21:11:27 -04:00
Brown
48da7a4be8 Fix issues found with Vimeo’s code 2020-05-10 21:09:48 -04:00
Matthew Brown
733da0e539 Fix #3311 - don’t erroneously mark a class as undefined 
As they can sometimes only be obvious once an autoloader has been registered
 2020-05-10 15:55:44 -04:00
Matthew Brown
4b388a2951 Fix ref 2020-05-10 11:35:35 -04:00
Brown
55222573ea Mark as possibly-undefined any variable that wasn’t present when the loop began 
Fixes #3332
 2020-05-10 11:17:50 -04:00
Brown
28349c6423 Remove mixin_fqcln hack 2020-05-10 09:04:30 -04:00
Brown
58c63bd1b2 Migrate generic param comparison method 2020-05-08 22:49:08 -04:00
Brown
75761647c2 Fix #3321 - allow interface methods to be mapped 2020-05-08 14:52:53 -04:00
Brown
640ffdb324 Fix #3323 - make short object-like arrays sealed tuples 2020-05-08 14:36:06 -04:00
Brown
2d5c2a9dd1 Fix #3324 - prevent crash asserting on possibly-undefined variable 2020-05-08 14:21:10 -04:00
Brown
65b4263315 Fix #3320 - add final flag to pseudo methods where appropriate 2020-05-08 07:28:12 -04:00
Brown
4295f9525f Fix #3313 - add check for very specific pattern 2020-05-07 12:30:15 -04:00
Brad Kent
18ee440e3f
update mysqli_stmt::__construct signature (#3315) 2020-05-07 12:08:22 -04:00
Brown
20bcfb096a Fix #3305 - use the same issue type for short closures as closures 2020-05-06 09:57:02 -04:00
Brown
a089d8bd58 Fix #3296 - propagate final flag to static calls in return types 2020-05-03 20:42:06 -04:00
Matthew Brown
dc64d4b1ca Support evaluation of boolean conditionals in scanning stage 
Fixes #3290
 2020-05-03 10:44:00 -04:00
Matthew Brown
23b0a18632 Fix property type 2020-05-03 10:22:52 -04:00
Matthew Brown
b69c37acdf Simplify logic around evaluating expressions a little 2020-05-03 10:19:15 -04:00