danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-12-16 19:36:59 +01:00
Code Issues Projects Releases Wiki Activity
8,865 Commits 43 Branches 314 Tags 108 MiB
cf28859faf
Commit Graph

708 Commits

Author SHA1 Message Date
Matt Brown
a96645d2e3 Fix many uses of offsets 2021-03-23 01:30:51 -04:00
Matt Brown
bf578d1024 Fix potential crash when calling magic setter 2021-03-22 23:08:38 -04:00
AndrolGenhald
de5a031088
Improve @no-named-arguments support and variadics. (#5455) 
* Improve @no-named-arguments support and variadics.

Handling of argument unpacking and variadics still needs a pretty big makeover, but this is a good start.

Fixes #5420
Improves #5453 (iterable works, array still causes issues)

* Remove unneeded imports.
 2021-03-22 19:58:22 -04:00
Sergey Yakimov
fb94db9b1f
Add proper handling of unpacked arguments with string keys (#5446) 
* Add proper handling of unpacked arguments with string keys

* Fix undefined array key error

* Fix missed named arguments handling

* Fix false-positive on variadic parameter

* Add tests
 2021-03-22 09:08:05 -04:00
Matt Brown
b73223f9c1 Add use statements 2021-03-20 22:17:22 -04:00
Matt Brown
44c6d3035b Add more mixed origin information 2021-03-20 21:45:38 -04:00
Samuel Mortenson
4aabb411a8
Added event to prevent tainting. (#5398) 
* Added event to prevent tainting.

* Remove optional codebase parameter.

* Removed falsy check for codebase.

* Use two separate hooks for adding and removing taints

* Add slashes

* Update add/remove taint test name.

* Cleaned up SafeArrayKeyChecker example plugin.

* Added more AddRemoveTaintsEvent calls to codebase.

* Fix type check error with $added_taints param.

* Added AddRemoveTaintsEvent to remaining classes.

* Fix post-merge error.

* Add comma

* Remove $int_offset that never existed

Co-authored-by: Matt Brown <github@muglug.com>
 2021-03-19 22:41:41 -04:00
Matt Brown
42d3bceb4e Use more accurate return type 2021-03-18 15:19:29 -04:00
Matt Brown
b7a68edd0b Simplify complex methods 2021-03-18 15:09:03 -04:00
Matt Brown
d19088bb10 Add better origins for calls 2021-03-17 19:37:21 -04:00
Matt Brown
b549989ba7 Prevent overwriting storage type during analysis 2021-03-13 14:12:55 -05:00
Bruce Weirdan
71a0457284
Emit ImplicitToStringCast in more places (#5344) 
* Emit ImplicitToStringCast in more places

Fixes vimeo/psalm#5320

`to_string_cast` is set on successful comparison, thus it needs to
always bubble up (it will be ignored in UnionTypeComparator if some part
does not match).

* Fix implicit casts

* Fix handling of string method references in self-out context
 2021-03-11 00:07:39 -05:00
Matt Brown
96e0743892 Fix #5325 – remove all memoised methods when calling a method with property mutations 2021-03-05 00:39:25 -05:00
Matt Brown
bca09d74ad Fix style issues 2021-02-25 21:24:18 -05:00
Matt Brown
474ebf912e Fix #5229 - new SomeTemplatedClass should expand out params even if none passed 2021-02-25 21:20:05 -05:00
Matt Brown
d4841993b2 Fix #5279 - don’t convert get_class($templated) into dependent type 2021-02-25 18:43:04 -05:00
Matt Brown
b2c35834ff Remove mistakenly-duplicated code for get_* functions 2021-02-25 18:40:05 -05:00
Matt Brown
7958ef6889 Decomplicate method 2021-02-24 00:03:55 -05:00
Matt Brown
cafbdb6831 Fix #5264 - use accurate static type when calling parent method in trait 2021-02-23 20:48:22 -05:00
Matt Brown
78577fd624 Fix #5257 - allow object::foo() call 2021-02-23 17:31:14 -05:00
elnoro
e1d6f2f491
Fixed 4788 (#5263) 2021-02-22 09:21:28 -05:00
Matt Brown
6ba899e34e Only replace static type once 2021-02-22 00:25:13 -05:00
Matt Brown
3106635953 Fix inference of conditional types when wildcard constant given 2021-02-20 12:21:52 -05:00
orklah
5191dac3fa
Introduce Virtual Nodes in order to differentiate real nodes in plugins (#5222) 2021-02-15 16:18:41 -05:00
Matt Brown
bd6efd7cf2 Improve completion for namespaced classes 
cc @joehoyle - this mainly allows us to get a correct list when the user starts typing Foo (without the new before it) inside a namespace
 2021-02-14 23:25:13 -05:00
Matt Brown
6fb7423c68 Fix #5211 - prevent infinite loop in template inference 2021-02-13 16:16:58 -05:00
Matt Brown
044602a244 Fix #5196 - fix type before assigning default property values 2021-02-11 09:38:04 -05:00
Matt Brown
ccdb29abfa Improve handling of property-mutating calls 2021-02-10 12:09:21 -05:00
Matt Brown
2b9d307cab Fix #5184 - remove this vars from parent context where possible 2021-02-09 10:23:22 -05:00
Matt Brown
8b5e0fc754 Fix #5172 - prevent calling function with implicitly-broader type 2021-02-07 11:07:22 -05:00
orklah
343d020408
improve psalter capacities for anonymous class extending real classes (#5146) 2021-02-04 09:59:38 -05:00
Matt Brown
7dbdc8c59e Fix #5144 - prevent exception during taint analysis 2021-02-02 14:16:15 -05:00
Matt Brown
0f2a07a9a3 Fix #5137 – support @psalm-flow in methods 2021-01-31 22:40:48 -05:00
Matt Brown
359a0166e3 Fix #4631 - prevent reusing named params 2021-01-27 22:53:55 -05:00
Matt Brown
4807d38507 Fix using std library functions 2021-01-27 22:28:33 -05:00
Matt Brown
76269658ca Fix #5107 - treat function-bound templated parameters the same 
Previously they were treated differently depending on whether or not they were inside a method
 2021-01-26 22:43:42 -05:00
Matt Brown
6f30399189 Fix #5070 – fix static return type inference in static methods 2021-01-22 09:58:09 -05:00
Matthew Brown
28d2795e59 Fix #5078 - when unpacking with missing array item, Use the param’s default type if param has one 2021-01-22 00:20:51 -05:00
Marco Pivetta
a53cc23809
#4997 added more precise type inference for count() returning 0 or positive-int on known arrays (#4999) 
* #4997 added more precise stub for `count()` returning `0` or `positive-int` on known types

* #4997 updated `count()` to support `\SimpleXmlElement` and `\ResourceBundle` counting, as well as handling hardcoded 2-element-arrays cases

This patch:

 * adds support for `count(\SimpleXmlElement)` (https://www.php.net/manual/en/simplexmlelement.count.php)
 * adds support for `count(\ResourceBundle)` (https://www.php.net/manual/en/resourcebundle.count.php)
 * removes usage of global constants from stub (not supported - see https://www.php.net/manual/en/function.count.php)
 * adds support for identifying fixed-element-count arrays, for example `count(callable&array)`, which is always `2`

* #4997 adapted `FunctionCallReturnTypeFetcher` to infer `TPositiveInt` for `count(TNonEmptyArray)` and `count(TNonEmptyList)`

* The `FunctionCallReturnTypeFetcher` is responsible for defining the precise type of a `\count(T)`
expression when given a `T`, so we baked the whole type resolution for `positive-int`, `0` and
`positive-int|0` directly in there.

While this complicates things, it is also true that it is not possible right now (for the stubs)
to provide the level of detail around `count()` that is required by the type inference system
for such a complex function with so many different semantics.
 2021-01-13 09:48:38 -05:00
Adrien LUCAS
493c57eedf
Trigger dispatch even when only legacy hooks (#4962) 2021-01-08 19:51:26 -05:00
Adrien LUCAS
d1398f2b12
Avoid false positives for taint specialized calls even when not using a variable (#4948) 2021-01-07 16:39:51 -05:00
orklah
0e17a3354f
add stubs for standard iterators (#4725) 
* add stubs for standard iterators

* Apply suggestions from code review cc @weirdan

Co-authored-by: Bruce Weirdan <weirdan@gmail.com>

* complete stub + delete code made redundant by stubs + fix some syntax in stubs

* fix parse error

Co-authored-by: Bruce Weirdan <weirdan@gmail.com>
 2021-01-07 10:07:07 -05:00
Adrien LUCAS
0f5886746f
Taint specialized calls even when not using a variable (#4940) 2021-01-06 14:14:52 -05:00
orklah
f9fccb2b2d
implement DTO for plugins (#4881) 
* implement DTO for plugins

* introduce EventHandler + reintroduce legacy API for plugins
 2021-01-06 09:05:53 -05:00
Matthew Brown
3fd47f9e10 Add comments to AtomicMethodCallAnalyzer and suppress ComplexMethod 2021-01-05 19:03:50 -05:00
Matthew Brown
e4b1a4fa55 Uncomment erroneously-commented return 2021-01-05 17:49:17 -05:00
Matthew Brown
ddd99970a9 Fix #4901 - simplify mapping of template types within class 2020-12-29 12:24:33 +00:00
2e3s
d8d6811ed4
Memoize private inferred mutation-free methods (#4832) 2020-12-12 10:26:14 -05:00
Matt Brown
524084a64c Tighten up rules arouund when mutation-free methods get memoised 2020-12-08 16:39:06 -05:00
2e3s
e46c68b1e5
Overwrite memoized return type after sum-type candidate is calculated (#4805) 
* Overwrite memoized return type after sum-type candidate is calculated

* Fix mismatched types

* Fix code style
 2020-12-08 09:35:11 -05:00
Matthew Brown
d406d5b112
Fix typo 2020-12-07 01:32:18 -05:00
Matt Brown
e702e472fc Support simple list assignment in foreach 
Ref #4741
 2020-12-06 19:14:52 -05:00
Matt Brown
9c0e9a3d7e Taint all when conditional return is used 
Ref #4792
 2020-12-06 11:24:48 -05:00
Matt Brown
cec8d7138f Fix #4782 - don’t replace closure types with upper bounds when replacing class param types 2020-12-05 11:58:55 -05:00
Matt Brown
1bb8b73f99 Return earlier 2020-12-05 10:25:34 -05:00
Denis Smetannikov
11576951f6
Update ExistingAtomicStaticCallAnalyzer.php (#4761) 
The invalid syntax for PHP 7.1+
 2020-12-03 09:24:34 -05:00
Matt Brown
1feca322d5 Fix loading imported functions 2020-12-02 00:52:35 -05:00
Matt Brown
e7f9ce6da0 Break out RedundantCast issues 2020-12-01 17:25:45 -05:00
Matt Brown
f5494bc407 Fix typos caused by Macbook Pro’s bad keyboard 2020-12-01 14:14:09 -05:00
Matt Brown
3b1fa58413 Break apart method as much as possible 2020-11-30 14:07:18 -05:00
Matt Brown
2204728824 Break apart NewAnalyzer::analyze 
Ref #4714
 2020-11-30 13:24:24 -05:00
Matt Brown
4d81682fdd Fix #4731 - expand out class-bound generic types when evaluating instance method 2020-11-29 21:36:50 -05:00
Matt Brown
86b6d6a506 Fix #4733 - don’t replace template types when they’re defined on the same class 2020-11-29 19:12:22 -05:00
Matt Brown
601c1d8cd0 Expand out constants in param types earlier 2020-11-29 19:07:35 -05:00
Matt Brown
46b202731c Fix check 2020-11-29 18:28:32 -05:00
Matt Brown
58b306b6e3 Ensure class template types are mapped to static methods where necessary 
Ref #4733
 2020-11-29 17:40:52 -05:00
Matt Brown
ea314cc1c0 Simplify calling of replacer methods 2020-11-29 16:27:00 -05:00
Matt Brown
4d22723525 Break out replacement of templated types with their inferred result 2020-11-29 16:16:16 -05:00
Matt Brown
15a5bd5e29 Simplify storage and retrieval of extended template params 2020-11-29 15:05:32 -05:00
Matt Brown
0efd4ebd7d Detect some erroneous issets 2020-11-29 09:26:39 -05:00
Matthew Brown
fd53192ad2
Fix redundant mappings 2020-11-28 21:05:31 -05:00
Matt Brown
8adc0918ae Fix the bug 2020-11-28 09:55:40 -05:00
Matt Brown
de1fa03f77 Fix template type selection 2020-11-28 09:53:11 -05:00
Matt Brown
73cd07a01f Simplify FunctionCallAnalyzer 
Ref #4714
 2020-11-27 16:34:27 -05:00
Matt Brown
6db8132b4c Simplify call analysers a bit 
Ref #4714
 2020-11-27 16:31:10 -05:00
Matt Brown
5f065d3d74 Turn template bound tuples into object 
Ref #4714
 2020-11-27 11:43:30 -05:00
Matt Brown
6de97e3779 Skip missing function params in taint analysis 2020-11-26 11:58:14 -05:00
Matt Brown
d40d63f180 Fix #4699 - treat isset like !== null when variable is defined 2020-11-25 14:04:55 -05:00
Matt Brown
17ceba5c06 Fix bug 2020-11-22 23:32:14 -05:00
Matt Brown
f164a45843 Fix bugs 2020-11-22 19:45:54 -05:00
Matt Brown
9a03a9a5d0 Move param taint sink addition after arguuments have been analysed 2020-11-22 19:39:40 -05:00
Matt Brown
b782dd4225 Make sure conditional escaping works for static methods too 2020-11-22 13:39:32 -05:00
Matt Brown
af008953a8 Fix #4661 - support conditional escaping for functions 2020-11-22 13:24:33 -05:00
Matt Brown
f0ae0e5cb4 Break aparat type combiner 2020-11-21 18:11:29 -05:00
Lukas Reschke
ffb0c4ae17
Implement variadic taint propagation (#4649) 
* Implement variadic taint propagation

* Lint code
 2020-11-21 17:41:40 -05:00
orklah
ae0486529e
Unused psalm-suppress (#4646) 2020-11-21 17:39:40 -05:00
Matt Brown
ce8938263e Fix #4636 - prevent crashes on aliased classes 2020-11-20 09:29:24 -05:00
Matt Brown
78d644d1a1 Change TaintedText to TaintedCallable 2020-11-19 19:01:19 -05:00
Matt Brown
4c315ec45c Closure calls aren’t sinks 2020-11-19 18:44:36 -05:00
Matt Brown
ff3fff56d4 Simplify assertion negations, centralising as much as possible 
Now the flag passed to scrapeAssertions just determines the errors emitted
 2020-11-19 14:32:49 -05:00
Matt Brown
95de6cf177 Allow immutable classes to be specialised through calls 2020-11-19 01:38:20 -05:00
Matt Brown
d60abaf858 Unfix fixes 2020-11-18 19:19:07 -05:00
Matt Brown
8dd229f6c0 Only ignore literal flows when tainting 2020-11-18 18:43:41 -05:00
Matt Brown
236292ff05 Fix #4600 - set attributes in a bunch of places 2020-11-18 12:44:59 -05:00
Matt Brown
3f7f959726 Fix #4599 - propagate taints to parent callers where necessary 2020-11-18 09:59:54 -05:00
Matt Brown
28dee4146a Fix tests 2020-11-17 17:53:46 -05:00
Matt Brown
adeaa33a64 Don’t propagate taints to child constructor args 2020-11-17 16:49:29 -05:00
Matt Brown
43af3b1a57 Break out TaintedInput issues into a lot of separate ones 2020-11-17 12:44:31 -05:00
Matt Brown
42802e11d1 Allow PHP major version to determine substr return type 2020-11-16 16:31:33 -05:00
Dusk
0fe3e1f83b
Allow named arguments to variadic functions (#4575) 
Closes #4563
 2020-11-16 15:49:27 -05:00