psalm

mirror of https://github.com/danog/psalm.git synced 2024-11-30 04:39:00 +01:00

Author	SHA1	Message	Date
Matt Brown	14040ed1fa	Add failing testcase for #4705	2021-01-29 11:47:10 +01:00
Matt Brown	024bbef5cd	Fix #4743 - simplify assertions generated from array_key_exists check	2021-01-29 11:47:09 +01:00
orklah	5f9aff5734	support shift and bitwise operations in constants (#4740 )	2021-01-29 11:47:07 +01:00
orklah	08d9246b9a	improve Atomic Types documentation (#4735 ) * improve Atomic Types documentation * add doc * add doc	2021-01-29 11:47:07 +01:00
orklah	4ded1080e3	Check from_docblock property to emit the right issue (#4736 )	2021-01-29 11:47:06 +01:00
Matt Brown	9789b53617	Fix #4731 - expand out class-bound generic types when evaluating instance method	2021-01-29 11:47:06 +01:00
Matt Brown	8c33bedfca	Fix #4733 - don’t replace template types when they’re defined on the same class	2021-01-29 11:47:06 +01:00
Matt Brown	fb474c2e07	Expand out constants in param types earlier	2021-01-29 11:47:06 +01:00
Matt Brown	ad5ec9501d	Ensure class template types are mapped to static methods where necessary Ref #4733	2021-01-29 11:47:06 +01:00
Matt Brown	e9ec1b28a2	Simplify storage and retrieval of extended template params	2021-01-29 11:47:05 +01:00
Matthew Brown	cbd8150fde	Add RedundantPropertyInitializationCheck (#4732 ) * Add RedundantPropertyInitializationCheck * add documentation for RedundantPropertyInitializationCheck (#4734) Co-authored-by: orklah <orklah@users.noreply.github.com>	2021-01-29 11:47:05 +01:00
Matt Brown	a3cf052314	Remove unset thing	2021-01-29 11:47:05 +01:00
Matt Brown	27c303ee39	Detect some erroneous issets	2021-01-29 11:47:05 +01:00
Matt Brown	9fdc56ff75	Fix template type selection	2021-01-29 11:47:04 +01:00
Bruce Weirdan	d13f0b6a7c	Added test to enforce that all supported annotations are documented (#4723 ) * Added test to enforce that all supported annotations are documented Well, at least mentioned. Refs vimeo/psalm#3816 * Type things * Make things pretty * Only check @psalm- annotations, group * Add documentation for `@psalm-require-extends` and `@psalm-require-implements` * Dropped logicalOr that has become redundant * Add explicit tag * Document @psalm-template * Add @psalm-template-covariant * Document `@psalm-method` * Add list of undocumented docblock annotations Co-authored-by: Matthew Brown <github@muglug.com>	2021-01-29 11:47:04 +01:00
Matt Brown	5cf5aecb2f	Fix #3017 - use correct keys when converting list to array	2021-01-29 11:47:04 +01:00
orklah	0df867cdff	fix array_column with possibly_undefined keys (#4719 )	2021-01-29 11:47:03 +01:00
orklah	b084e2c4bd	add annotation @psalm-param-out (#4717 ) * add annotation @psalm-param-out * add tag in documentation	2021-01-29 11:47:02 +01:00
Matt Brown	3be31563d6	Add complex issue error	2021-01-29 11:46:28 +01:00
Matt Brown	9089f77176	Turn template bound tuples into object Ref #4714	2021-01-29 11:46:27 +01:00
orklah	45d058c2dd	better fix for reconciling iterable and object (#4712 )	2021-01-29 11:46:27 +01:00
Matt Brown	9539c0f27f	Fix generic ArrayAccess creation cc @orklah	2021-01-29 11:46:27 +01:00
orklah	1966766a79	Allow reconciling between object and iterable (#4706 ) * Allow reconciling between object and iterable * add tests	2021-01-29 11:46:27 +01:00
orklah	1511989521	Fix PHPMAXINT offset (#4707 )	2021-01-29 11:46:27 +01:00
Matt Brown	ecbb5c77b2	Fix test failures	2021-01-29 11:46:26 +01:00
Matt Brown	033a209950	Treat $a ?? $b identically to isset($a) ? $a : $b	2021-01-29 11:46:26 +01:00
Matt Brown	5228ff6369	Fix #4699 - treat isset like !== null when variable is defined	2021-01-29 11:46:26 +01:00
orklah	005373bbc2	Detect redundant cast (#4695 ) * detect redundant cast * fix redundant cast issues * fix redundant cast in tests	2021-01-29 11:46:25 +01:00
Matt Brown	e5f25c7780	Add support for some dependent types	2021-01-29 11:46:25 +01:00
Benjamin Morel	e9c608e7cb	Fix PdoStatementReturnTypeProvider (#4683 ) * Fix PdoStatementReturnTypeProvider Methods returning scalars may return null as well. * Fix tests	2021-01-29 11:46:24 +01:00
Matt Brown	8155a5c7aa	Fix tests	2021-01-29 11:46:24 +01:00
orklah	597b7aa064	Prevent illegal array keys (#4660 ) * Emit an issue when an array-key is not legal * tests	2021-01-29 11:46:23 +01:00
Matt Brown	401573c696	Fix test	2021-01-29 11:46:23 +01:00
erikjwaxx	62ca9f42bc	Narrow inference of $a <=> $b from "int" to "-1\|0\|1" (#4680 ) * A <=> operator has a literal type of -1\|0\|1 and not simply int * Test to verify inferred type of $a <=> $b is -1\|0\|1	2021-01-29 11:46:23 +01:00
Matt Brown	a0fee98962	Move param taint sink addition after arguuments have been analysed	2021-01-29 11:46:22 +01:00
Matt Brown	aa4be209fc	Make sure conditional escaping works for static methods too	2021-01-29 11:46:22 +01:00
Matt Brown	30ee5334a1	Fix #4661 - support conditional escaping for functions	2021-01-29 11:46:22 +01:00
Matt Brown	676a0ed2d1	Fix #4609 - add more attribute rules	2021-01-29 11:46:21 +01:00
Matt Brown	14807326fe	Fix #4475 - verify that used attributes actual use the Attribute attribute	2021-01-29 11:46:21 +01:00
Matt Brown	763eff2e8b	Fix #4611 - flag invalid attribute arguments correctly	2021-01-29 11:46:21 +01:00
Matt Brown	2fff4eb5c1	Fix #4653 - prevent crash with recursive type in root namespace	2021-01-29 11:46:20 +01:00
Matt Brown	56918001a8	Fix #4643 - use PHP8 union types when possible	2021-01-29 11:46:20 +01:00
Matt Brown	48a58c56e3	Don’t erase already-known literal ints Fixes #4644	2021-01-29 11:46:20 +01:00
Matt Brown	48fba8a6b9	Only run unused code analysis where necessary	2021-01-29 11:46:20 +01:00
Matt Brown	d43bb3923b	Break aparat type combiner	2021-01-29 11:46:20 +01:00
Lukas Reschke	b2143f1da5	Implement variadic taint propagation (#4649 ) * Implement variadic taint propagation * Lint code	2021-01-29 11:46:19 +01:00
orklah	58ddeaafdf	use int\|string in phpdoc format for array-key (#4645 )	2021-01-29 11:46:19 +01:00
Lukas Reschke	4de2bf8f7f	Add psalm-flow for string functions from sscanf to wordwrap (#4591 ) * Add string functions from sscanf to wordwrap This should conclude all string functions from https://www.php.net/manual/en/book.strings.php Continuation of https://github.com/vimeo/psalm/pull/4576 Ref https://github.com/vimeo/psalm/issues/3636 * Add StrTrReturnTypeProvider * Fix psalm error * phpcs * Line length * Ignore false return on vsprintf Co-authored-by: Matthew Brown <github@muglug.com>	2021-01-29 11:46:19 +01:00
Matt Brown	38d1dded4e	Fix test	2021-01-29 11:46:19 +01:00
Matt Brown	b539fdf70e	Allow Psalm to run in taint analysis mode without a config	2021-01-29 11:46:18 +01:00
orklah	289a3b220b	allow static return type in PHP8 (#4641 )	2021-01-29 11:46:18 +01:00
Matt Brown	068907327d	Fix #4637 - prevent regression when negating function call with === false	2021-01-29 11:46:18 +01:00
Dalibor Karlović	ea089d9696	feature: allow plugin manager to work without config file (#4639 )	2021-01-29 11:46:17 +01:00
orklah	5afbf5f831	return static instead of self when static context detected (#4632 ) * return this instead of self when static context detected * replace $this by static	2021-01-29 11:46:17 +01:00
Matt Brown	02b1cc2288	Change TaintedText to TaintedCallable	2021-01-29 11:46:17 +01:00
Lukas Reschke	2ad5eee193	Add dedicated types for 'file', 'header' and 'cookie' (#4630 ) * [WIP] Add dedicated sinks for 'file', 'header' and 'cookie' * Add documentation * Add mapping for taint flows * Add tests * Fix test	2021-01-29 11:46:16 +01:00
Matt Brown	3b3239635b	Fix #4626 - array_key_exists should infer type for first arg where possible	2021-01-29 11:46:16 +01:00
Matt Brown	7b4f0745f5	Simplify assertion negations, centralising as much as possible Now the flag passed to scrapeAssertions just determines the errors emitted	2021-01-29 11:46:16 +01:00
Matt Brown	6f9be03789	Revert "Fix #4624 - allow in_array to work with list arrays" This reverts commit `08ae85a735`.	2021-01-29 11:46:16 +01:00
Matt Brown	191f305aec	Fix #4624 - allow in_array to work with list arrays	2021-01-29 11:46:15 +01:00
Matt Brown	43187a0e19	Fix #4620 - reconciled literal strings cannot carry taints	2021-01-29 11:46:15 +01:00
Matt Brown	005f394d8e	Allow immutable classes to be specialised through calls	2021-01-29 11:46:15 +01:00
Matt Brown	c3658e2590	Fix #4605 - taint parent-declared property	2021-01-29 11:46:15 +01:00
Lukas Reschke	ce05165384	Split LDAP into custom category (#4604 ) - Adds ldap_escape as sanitizer - Defines the right parameters to ldap_search as sink - Wrote documentation - Added tests	2021-01-29 11:46:14 +01:00
Matt Brown	3b8a76d520	Fix #4599 - propagate taints to parent callers where necessary	2021-01-29 11:46:14 +01:00
Lukas Reschke	99d094b5e0	Add SSRF sinks (#4592 )	2021-01-29 11:46:14 +01:00
Matt Brown	3484976686	Sanity check to ensure closure uses aren’t removed	2021-01-29 11:46:14 +01:00
Matt Brown	5246841b12	Fix tests	2021-01-29 11:46:14 +01:00
Matt Brown	a4b56c9292	Simplify tainted output a bit, removing duplicate paths	2021-01-29 11:46:13 +01:00
Matt Brown	a7cc439db0	Don’t propagate taints to child constructor args	2021-01-29 11:46:13 +01:00
Matt Brown	0b14b6968e	Fix #4472 - if something flows into a byref var it’s used	2021-01-29 11:46:13 +01:00
Lukas Reschke	c42927c6e4	Add SARIF as report output (#4582 ) https://docs.oasis-open.org/sarif/sarif/v2.0/sarif-v2.0.html	2021-01-29 11:46:13 +01:00
Matt Brown	2c69618347	Break out TaintedInput issues into a lot of separate ones	2021-01-29 11:46:13 +01:00
Dusk	4e7bd1e39b	Allow named arguments to variadic functions (#4575 ) Closes #4563	2021-01-29 11:46:11 +01:00
Lukas Reschke	ff55dba130	Add sinks for popen and proc_open (#4572 ) User input in those two functions could lead to a RCE. popen: https://www.php.net/manual/en/function.popen.php proc_open: https://www.php.net/manual/en/function.proc-open.php	2021-01-29 11:46:11 +01:00
orklah	2f368244a4	Detect trying to access to a list with a negative offset (#4552 )	2021-01-29 11:46:11 +01:00
Matt Brown	4fff920952	Fix #4529 - allow unsetting with complex array key	2021-01-29 11:46:10 +01:00
Matt Brown	4a8c98257e	Add closure-use termination for byref flows	2021-01-29 11:46:10 +01:00
Matt Brown	ad840e4b7a	Fix #4547 - mark unused uses	2021-01-29 11:46:10 +01:00
Matt Brown	c1d57ba6a5	Uses by ref should be assigned that way	2021-01-29 11:46:10 +01:00
Matt Brown	5f01ea788a	Fix #4544 - improve handling of get_class in match	2021-01-29 11:46:10 +01:00
Matt Brown	5219932408	Fix #4545 - allow intersections in more places	2021-01-29 11:46:10 +01:00
Matt Brown	63bf00513b	Split out trait template tests	2021-01-29 11:46:09 +01:00
Matt Brown	8392fb429c	Fix #4540 - use correct method when simulating property setting	2021-01-29 11:46:09 +01:00
Matt Brown	e8c755c7c0	Fix #4537 - use more rigorous inerhitance for return and param types	2021-01-29 11:46:09 +01:00
Matt Brown	bd20313a14	Use better way to determine which signture to use Fixes #4524	2021-01-29 11:46:09 +01:00
Matt Brown	fb5ee1e46d	Bind lower bounds to upper bounds as well when no upper bound can be inferred Ref #4485	2021-01-29 11:46:08 +01:00
Matt Brown	e624f972dd	Fix #4524 - do better template param inheritance	2021-01-29 11:46:08 +01:00
Matt Brown	f3b6846c70	Fix #4527 - improve interpolated string types	2021-01-29 11:46:08 +01:00
Adrien LUCAS	9ab0ab9472	Add a `proxy` capability to the flow annotation (#4495 ) * Add a `passthru` capability to the flow annotation * Fix passthru-calls type * Fix types and rename to proxy * Allow to proxy a method Co-authored-by: Matthew Brown <github@muglug.com>	2021-01-29 11:46:07 +01:00
Matt Brown	d07a8bb4a5	Add descendant variables for closure uses Fixes #4522	2021-01-29 11:46:07 +01:00
Matt Brown	1ad65fb899	Fix #4517 - track type contradiction issues in match expressions	2021-01-29 11:46:07 +01:00
Matt Brown	9fd4a24c55	Fix #4516 - treat exit() as the empty type	2021-01-29 11:46:07 +01:00
Matt Brown	ec9d8e6700	Fix #4519 - prevent crash with empty match	2021-01-29 11:46:07 +01:00
Matt Brown	e2eee4cb46	Break apart complex method	2021-01-29 11:46:07 +01:00
Matt Brown	fbafb9e97f	Fix #4509 - treat expression-derived constants as mixed	2021-01-29 11:46:06 +01:00
Matt Brown	36af6d70d2	Fix tests	2021-01-29 11:46:05 +01:00
Matt Brown	b68995582e	Preserve reconciled taints for all but non-string scalar types	2021-01-29 11:46:05 +01:00
Matt Brown	fb5e30850a	Fix #4503 - don’t ignore assertions on possibly-null mixed	2021-01-29 11:46:05 +01:00
Matt Brown	64ade75d13	Get rid of version test, which is dumb	2021-01-29 11:46:04 +01:00
Axel H	2f10ad0c24	Fix type inference when unpacking typed iterables (#4487 ) * Add test for unpacking typed iterables * Fix type inference when unpacking typed iterables into arrays * Fix possibly undefined array offset	2021-01-29 11:46:04 +01:00
Matt Brown	578e65820a	Ensure we flush out re-assigned vars also referenced Fixes #4488	2021-01-29 11:46:04 +01:00
Matt Brown	57cd29ee9d	Put assignment-in-conditional tests in their own file	2021-01-29 11:46:04 +01:00
Matt Brown	1389dc6adf	Allow opt-in to strict return type checking	2021-01-29 11:46:03 +01:00
Matt Brown	3483c59d9b	Fix #4479 - use correct keys in message	2021-01-29 11:46:03 +01:00
Matt Brown	d688d5fd74	Add support for @return never	2021-01-29 11:45:02 +01:00
Matt Brown	8b44459c7c	Fix overeager inference	2021-01-29 11:45:02 +01:00
Matt Brown	d4846b14e6	Reorganise things a little	2021-01-29 11:45:02 +01:00
Matt Brown	e3a352d287	Fix int-mask-of expansion	2021-01-29 11:45:02 +01:00
Matt Brown	2a7feef5f6	Fix #4466 use better differentiation for class_exists second param	2021-01-29 11:45:01 +01:00
Matt Brown	c07378a713	Fix #4467 - variables are only the same if they were set in the same location	2021-01-29 11:45:01 +01:00
Matt Brown	badf0855ce	Invalidate child methods when signature changes	2021-01-29 11:45:01 +01:00
Matt Brown	9d35e3c251	Fix #4464 - bust cache when Psalm’s version changes, not just composer’s	2021-01-29 11:45:01 +01:00
Matt Brown	b217916f37	Use better inference for getAttributes return type Fixes #4367	2021-01-29 11:45:00 +01:00
Matt Brown	0ea0604cf3	Fix #4453 - sanitise @extends types before attempting to parse	2021-01-29 11:44:36 +01:00
Matt Brown	881068d5c0	Detect when targets are incorrectly targeted	2021-01-29 11:44:36 +01:00
Matt Brown	98b755fb6c	Add support for int-mask<...> and int-mask-of<...>	2021-01-29 11:44:35 +01:00
Matt Brown	fb81fa13f4	Ensure Stringable is always available to tests that need it	2021-01-29 11:44:35 +01:00
Matt Brown	9f87b99fac	Fix #4435 - ensure casts are always flow-sensitive	2021-01-29 11:44:35 +01:00
Matt Brown	ab90097baf	Remove subpar test	2021-01-29 11:44:35 +01:00
Matt Brown	3ebdb3b952	Use more accurate comparison for non-empty-lists	2021-01-29 11:44:34 +01:00
Matt Brown	951c3715f7	Fix tests	2021-01-29 11:44:33 +01:00
Matt Brown	35fd64bf74	Fix test type	2021-01-29 11:44:33 +01:00
Matt Brown	106747487b	Fix #4429 - any class with a __toString method in PHP8 assumed to implement Stringable	2021-01-29 11:44:33 +01:00
Matt Brown	7f975045f4	Fix #4422 - be aware of nested template params	2021-01-29 11:44:33 +01:00
Matt Brown	e440baf671	Improve algebra handling a little better	2021-01-29 11:44:33 +01:00
Matt Brown	870d07ba51	Fix #4418 - improve try analysis for mixed, too	2021-01-29 11:44:32 +01:00
Matt Brown	c16d779bca	Fix #4397 - allow offsetGet on inside isset	2021-01-29 11:44:32 +01:00
Matt Brown	e8b3f55013	Track final-ness of class when evaluating trait returns	2021-01-29 11:44:31 +01:00
Matt Brown	5aee8e77d5	Fix #4414 - allow multiple @psalm-assert-if-true on same var	2021-01-29 11:44:31 +01:00
Matt Brown	eef4ea018b	Empty checks variables are really falsy checks	2021-01-29 11:44:31 +01:00
Matt Brown	a57d62b71b	Add logic to weed out unnecessary clauses	2021-01-29 11:44:30 +01:00
Matt Brown	3ff2116c17	Add basic support for PHP attributes Ref #4367 - supports creation and argument checks	2021-01-29 11:44:30 +01:00
Matt Brown	e90b595b92	Break apart ReflectorVisitor	2021-01-29 11:44:29 +01:00
Matt Brown	67859ed19b	Invalidate signature types when use changes	2021-01-29 11:41:13 +01:00
Matt Brown	3731255f6f	Fix #4386 - fix issues with property promotion	2021-01-29 11:41:13 +01:00
feek	d1b7cf6860	feature: ensure universal object crate class exists (#4375 )	2021-01-29 11:41:13 +01:00
Matt Brown	7df404bfb5	Fix #4374 - prevent paradox and allow Psalm to understand more assignments in conditionals	2021-01-29 11:41:13 +01:00
Matt Brown	26352d0e39	Fix #3625 - getIterator call is used inside loop	2021-01-29 11:41:12 +01:00
Matt Brown	d7a0b718ec	Fix #4372 - count implicitly-used short-closure vars as used	2021-01-29 11:41:12 +01:00
Matt Brown	b3e423fd03	Fix #4368 - improve handling of try with finally	2021-01-29 11:41:12 +01:00
Niclas van Eyk	5f019cef53	Initial proposal for psalm-require-{extends, implements} (#4361 ) * initial implementation of psalm-require-extends * Added @psalm-require-implements * Added shortcode for ExtensionRequirementViolation * Docs & cofig entries for @pasalm-require-{implements,extends} * Added requirement violations to issues.md	2021-01-29 11:41:10 +01:00
Matt Brown	dab7da02bd	Fix #4366 - possibly-undefined vars in finally block should not error	2021-01-29 11:39:59 +01:00
Matt Brown	481cf84b94	Don’t overwrite true flag	2021-01-29 11:39:58 +01:00
Matt Brown	74d6f166c1	Be more explicit about negation	2021-01-29 11:39:58 +01:00
Matt Brown	8043683f26	Ignore just-coerced vars	2021-01-29 11:39:58 +01:00
Matt Brown	596811cdc1	Suppress errors from fake statements	2021-01-29 11:39:58 +01:00
Matt Brown	c5c177a80a	Improve binary op \|\| analysis for chain	2021-01-29 11:39:57 +01:00
orklah	62861e79d8	improve phpdoc (#4352 )	2021-01-29 11:39:57 +01:00
Matt Brown	596e71d6aa	Unskip now-working tests	2021-01-29 11:39:57 +01:00

1 2 3 4 5 ...

3843 Commits