Matt Brown
|
187635c488
|
Fix Phar platform check
Fixes #4640
|
2020-11-20 11:08:40 -05:00 |
|
Matt Brown
|
ea9cb72143
|
First creation_function param isnÆt really a sink
|
2020-11-20 09:56:53 -05:00 |
|
Matt Brown
|
1cead18760
|
Fix #4637 - prevent regression when negating function call with === false
|
2020-11-20 09:56:53 -05:00 |
|
Dalibor Karlović
|
da632ca73a
|
feature: allow plugin manager to work without config file (#4639)
|
2020-11-20 09:54:14 -05:00 |
|
Matt Brown
|
ce8938263e
|
Fix #4636 - prevent crashes on aliased classes
|
2020-11-20 09:29:24 -05:00 |
|
Matthew Brown
|
ccf6e2805f
|
Grammar
|
2020-11-19 19:40:40 -05:00 |
|
Matthew Brown
|
7c62b0c494
|
Make Readme more punchy
|
2020-11-19 19:40:17 -05:00 |
|
Markus Staab
|
acb4bb42e1
|
documented type in InternalTaintSinkMap (#4627)
|
2020-11-19 19:27:40 -05:00 |
|
Matt Brown
|
c562e1dd52
|
Don’t taint foreach keys with array-fetch
We could use array-keyfetch or similar, but for now gives false-positives
|
2020-11-19 19:08:59 -05:00 |
|
orklah
|
e04f219948
|
return static instead of self when static context detected (#4632)
* return this instead of self when static context detected
* replace $this by static
|
2020-11-19 19:02:25 -05:00 |
|
Matt Brown
|
78d644d1a1
|
Change TaintedText to TaintedCallable
|
2020-11-19 19:01:19 -05:00 |
|
Matt Brown
|
4c315ec45c
|
Closure calls aren’t sinks
|
2020-11-19 18:44:36 -05:00 |
|
Lukas Reschke
|
24fe7e577d
|
Advertise SARIF export in the documentation (#4633)
|
2020-11-19 17:48:57 -05:00 |
|
Lukas Reschke
|
78f4a0691c
|
Add dedicated types for 'file', 'header' and 'cookie' (#4630)
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'
* Add documentation
* Add mapping for taint flows
* Add tests
* Fix test
|
2020-11-19 17:47:29 -05:00 |
|
Matt Brown
|
70c9fd97c7
|
Return empty instead of throwing
|
2020-11-19 16:25:53 -05:00 |
|
Matt Brown
|
ead63894a1
|
Fix formatting
|
2020-11-19 16:09:30 -05:00 |
|
Matt Brown
|
b5d4b59c33
|
Be more refined
|
2020-11-19 15:57:05 -05:00 |
|
Matt Brown
|
de49892525
|
Fix #4626 - array_key_exists should infer type for first arg where possible
|
2020-11-19 15:40:27 -05:00 |
|
Matt Brown
|
ff3fff56d4
|
Simplify assertion negations, centralising as much as possible
Now the flag passed to scrapeAssertions just determines the errors emitted
|
2020-11-19 14:32:49 -05:00 |
|
Matt Brown
|
7803cc228b
|
Revert "Fix #4624 - allow in_array to work with list arrays"
This reverts commit 08ae85a735 .
|
2020-11-19 12:49:26 -05:00 |
|
Matt Brown
|
08ae85a735
|
Fix #4624 - allow in_array to work with list arrays
|
2020-11-19 09:26:41 -05:00 |
|
Matt Brown
|
7c02fa76d1
|
Fix #4620 - reconciled literal strings cannot carry taints
|
2020-11-19 09:06:25 -05:00 |
|
Mikhail Snetkov
|
20c78ae29b
|
Fix missing bracket in docs (#4614)
|
2020-11-19 08:43:39 -05:00 |
|
Matt Brown
|
95de6cf177
|
Allow immutable classes to be specialised through calls
|
2020-11-19 01:38:20 -05:00 |
|
Matt Brown
|
d60abaf858
|
Unfix fixes
|
2020-11-18 19:19:07 -05:00 |
|
Matt Brown
|
8dd229f6c0
|
Only ignore literal flows when tainting
|
2020-11-18 18:43:41 -05:00 |
|
Matt Brown
|
be275ae972
|
Fix #4605 - taint parent-declared property
|
2020-11-18 13:34:47 -05:00 |
|
Matt Brown
|
39c508f9d1
|
Fix #4603 - fix arithmetic to prevent end column 0
|
2020-11-18 13:19:54 -05:00 |
|
Matt Brown
|
236292ff05
|
Fix #4600 - set attributes in a bunch of places
|
2020-11-18 12:44:59 -05:00 |
|
Lukas Reschke
|
ddbfbb28e6
|
Split LDAP into custom category (#4604)
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
|
2020-11-18 11:39:36 -05:00 |
|
Matt Brown
|
4bb84f7f0a
|
Add more attributes to fake PhpParser generated expressions
Ref #4600
|
2020-11-18 10:16:41 -05:00 |
|
Matt Brown
|
3f7f959726
|
Fix #4599 - propagate taints to parent callers where necessary
|
2020-11-18 09:59:54 -05:00 |
|
Lukas Reschke
|
5ba4681c17
|
Add SSRF sinks (#4592)
|
2020-11-18 00:52:48 -05:00 |
|
Matt Brown
|
ab3961d9b3
|
Sanity check to ensure closure uses aren’t removed
|
2020-11-18 00:38:28 -05:00 |
|
Matt Brown
|
f3cde30b77
|
Only create vendor dir in config if it exists
|
2020-11-18 00:06:58 -05:00 |
|
Matt Brown
|
6e39c24a17
|
Don’t exit with 1 when running security analysis in GitHub Actions and generating a file
|
2020-11-17 22:49:25 -05:00 |
|
Matt Brown
|
1708bae984
|
Taint analysis should always run fully
|
2020-11-17 17:59:05 -05:00 |
|
Matt Brown
|
28dee4146a
|
Fix tests
|
2020-11-17 17:53:46 -05:00 |
|
Matt Brown
|
f6591e6d0f
|
Use resolution that works in multithreaded mode
|
2020-11-17 17:24:46 -05:00 |
|
Matt Brown
|
2aa98bc5d0
|
Simplify tainted output a bit, removing duplicate paths
|
2020-11-17 17:17:18 -05:00 |
|
Matt Brown
|
adeaa33a64
|
Don’t propagate taints to child constructor args
|
2020-11-17 16:49:29 -05:00 |
|
Matt Brown
|
854a5b2ec5
|
Allow TaintedInput to suppress all emitted issues
|
2020-11-17 16:08:05 -05:00 |
|
Matt Brown
|
74749d20cc
|
Improve documentation for taints a little
Ref #4590
|
2020-11-17 16:03:50 -05:00 |
|
Matt Brown
|
4e5111f1a8
|
Fix #4472 - if something flows into a byref var it’s used
|
2020-11-17 15:30:53 -05:00 |
|
Michael Stilkerich
|
fec51eac8d
|
Stub for preg_filter (#4587)
|
2020-11-17 15:15:29 -05:00 |
|
Lukas Reschke
|
494ec40777
|
Add SARIF as report output (#4582)
https://docs.oasis-open.org/sarif/sarif/v2.0/sarif-v2.0.html
|
2020-11-17 13:23:20 -05:00 |
|
Matt Brown
|
43af3b1a57
|
Break out TaintedInput issues into a lot of separate ones
|
2020-11-17 12:44:31 -05:00 |
|
Matt Brown
|
fda2377812
|
Fix #4578 - replace number type in ext-ds stubs
|
2020-11-16 21:50:23 -05:00 |
|
Benjamin Morel
|
08716233e6
|
DateTimeInterface::getTimeZone() can return false (#4579)
Fixes #4515
|
2020-11-16 21:48:34 -05:00 |
|
Benjamin Morel
|
d313f57061
|
mysqli::$insert_id can be a string (#4577)
|
2020-11-16 21:48:04 -05:00 |
|