orklah
|
f9fccb2b2d
|
implement DTO for plugins (#4881)
* implement DTO for plugins
* introduce EventHandler + reintroduce legacy API for plugins
|
2021-01-06 09:05:53 -05:00 |
|
Matthew Brown
|
d406d5b112
|
Fix typo
|
2020-12-07 01:32:18 -05:00 |
|
Matt Brown
|
e702e472fc
|
Support simple list assignment in foreach
Ref #4741
|
2020-12-06 19:14:52 -05:00 |
|
Matt Brown
|
cec8d7138f
|
Fix #4782 - don’t replace closure types with upper bounds when replacing class param types
|
2020-12-05 11:58:55 -05:00 |
|
Matt Brown
|
86b6d6a506
|
Fix #4733 - don’t replace template types when they’re defined on the same class
|
2020-11-29 19:12:22 -05:00 |
|
Matt Brown
|
601c1d8cd0
|
Expand out constants in param types earlier
|
2020-11-29 19:07:35 -05:00 |
|
Matt Brown
|
ea314cc1c0
|
Simplify calling of replacer methods
|
2020-11-29 16:27:00 -05:00 |
|
Matt Brown
|
4d22723525
|
Break out replacement of templated types with their inferred result
|
2020-11-29 16:16:16 -05:00 |
|
Matt Brown
|
6db8132b4c
|
Simplify call analysers a bit
Ref #4714
|
2020-11-27 16:31:10 -05:00 |
|
Matt Brown
|
5f065d3d74
|
Turn template bound tuples into object
Ref #4714
|
2020-11-27 11:43:30 -05:00 |
|
Matt Brown
|
9a03a9a5d0
|
Move param taint sink addition after arguuments have been analysed
|
2020-11-22 19:39:40 -05:00 |
|
orklah
|
ae0486529e
|
Unused psalm-suppress (#4646)
|
2020-11-21 17:39:40 -05:00 |
|
Matt Brown
|
8dd229f6c0
|
Only ignore literal flows when tainting
|
2020-11-18 18:43:41 -05:00 |
|
Matt Brown
|
236292ff05
|
Fix #4600 - set attributes in a bunch of places
|
2020-11-18 12:44:59 -05:00 |
|
Matt Brown
|
3f7f959726
|
Fix #4599 - propagate taints to parent callers where necessary
|
2020-11-18 09:59:54 -05:00 |
|
Matt Brown
|
28dee4146a
|
Fix tests
|
2020-11-17 17:53:46 -05:00 |
|
Matt Brown
|
adeaa33a64
|
Don’t propagate taints to child constructor args
|
2020-11-17 16:49:29 -05:00 |
|
Matt Brown
|
2f7bf2a144
|
Bind lower bounds to upper bounds as well when no upper bound can be inferred
Ref #4485
|
2020-11-11 17:46:09 -05:00 |
|
Matt Brown
|
b731b53d5e
|
Add debug stuff for code complexity
|
2020-11-10 12:49:42 -05:00 |
|
Matt Brown
|
e27cbfba57
|
Reduce size of data flow graph when analysing array assignments
|
2020-11-09 22:44:36 -05:00 |
|
Matt Brown
|
3e9c5d3600
|
Add support for @return never
|
2020-11-04 12:30:02 -05:00 |
|
Matt Brown
|
b5a3f45d52
|
Remove use of PHP 7.2 function
|
2020-11-04 11:02:34 -05:00 |
|
Matt Brown
|
09228131d8
|
Use falsy value
|
2020-11-01 22:57:30 -05:00 |
|
Matt Brown
|
966b139504
|
Fix dupe semicolons
|
2020-11-01 11:42:09 -05:00 |
|
Matt Brown
|
024d93b7fd
|
Fix #4467 - variables are only the same if they were set in the same location
|
2020-11-01 11:26:42 -05:00 |
|
Matt Brown
|
fe294a4dc0
|
Don’t overwrite true flag
|
2020-10-18 01:24:36 -04:00 |
|
Matt Brown
|
3c29ffd0b7
|
Ignore just-coerced vars
|
2020-10-17 23:35:24 -04:00 |
|
Matt Brown
|
4488d5fb1f
|
Use more accurate arguments count
|
2020-10-14 18:51:15 -04:00 |
|
Matt Brown
|
724b25b918
|
Change control_flow_graph to data_flow_graph
|
2020-10-13 17:28:12 -04:00 |
|
Matt Brown
|
516141a380
|
Rename ControlFlowGraph to more appropriate DataFlowGraph
|
2020-10-13 16:49:03 -04:00 |
|
Matt Brown
|
fcfa746ba8
|
Fix #4310 - prevent literal class check on union
|
2020-10-12 14:45:11 -04:00 |
|
Matt Brown
|
7195275993
|
Fix #4299 - only allow unpacking for the zeroeth-indexed element
|
2020-10-08 09:51:27 -04:00 |
|
Matt Brown
|
009b33b17d
|
Support @no-named-args when calling in PHP 8
|
2020-10-02 20:58:51 -04:00 |
|
Matt Brown
|
63a11bae15
|
4.x - Support named arguments
Ref #4089
|
2020-10-02 20:27:01 -04:00 |
|
Matt Brown
|
fc001cdf65
|
Treat func_get_args as using function params
|
2020-09-30 13:08:01 -04:00 |
|
Matt Brown
|
14efde286f
|
4.x - refactor unused variable detection
This turns unused variable detection into an explicit control-flow problem, where before we had a more simplistic mark-and-sweep algorithm
|
2020-09-30 12:28:13 -04:00 |
|
Brown
|
da65a4327f
|
Move taint graph functionality into its own object
|
2020-09-25 00:37:40 -04:00 |
|
orklah
|
83ca918824
|
preg_split can't take null in limit (#4236)
* preg_split can't take null in limit
* fix wrong type in preg_split
|
2020-09-22 13:46:37 -04:00 |
|
Brown
|
56cddd16bf
|
Rename TaintGraph to ControlFlowGraph because it’s about to do more
|
2020-09-20 23:59:52 -04:00 |
|
Brown
|
0f6a271858
|
Improve file-based suppression of taints
|
2020-09-20 19:37:25 -04:00 |
|
Brown
|
2968b3b065
|
Add to StatementsAnalyzer taint object instead of Context
|
2020-09-20 18:42:21 -04:00 |
|
Brown
|
abb9502921
|
Rename Taint object to TaintGraph
|
2020-09-20 18:27:02 -04:00 |
|
Brown
|
77e84b3817
|
Fix a few more things
|
2020-09-13 23:28:31 -04:00 |
|
Brown
|
249903e18a
|
Fix style issues
|
2020-09-13 21:45:07 -04:00 |
|
Brown
|
56bae3b587
|
Add check for strpos dictionaries
Ref #4070
|
2020-09-13 21:42:44 -04:00 |
|
orklah
|
da47588f91
|
replace return; by return null; in every non-void method, add return null; when mising, add return types, remove redundant phpdoc (#4176)
|
2020-09-13 16:39:06 -04:00 |
|
Brown
|
6ffe471525
|
Make new InvalidLiteralArgument issue for strpos refs
Ref #4070
|
2020-09-10 22:54:32 -04:00 |
|
Brown
|
aaede393d4
|
Fix #4070 - prevent literal strpos argument
|
2020-09-10 18:28:34 -04:00 |
|
Brown
|
fe4af8ff1a
|
Minor fixes
|
2020-09-07 17:22:43 -04:00 |
|
Matthew Brown
|
422271b2cf
|
Prevent variables named "haystack" from receiving literal strings
cc @staabm
|
2020-09-05 00:35:48 -04:00 |
|