danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-12-16 03:17:02 +01:00
Code Issues Projects Releases Wiki Activity
6,806 Commits 43 Branches 314 Tags 108 MiB
dc83c2e2fc
Commit Graph

404 Commits

Author SHA1 Message Date
Brown
dc83c2e2fc Add annotation for taint sources 2020-06-21 00:58:56 -04:00
Brown
f21d3a8346 Remove html and sql taints for simple preg_replace patterns 2020-06-20 23:11:42 -04:00
Brown
8edee96d8d Fix taint regression 2020-06-20 18:10:01 -04:00
Brown
80ed1daf33 Allow static method mixin to invoke instance method 2020-06-20 18:05:35 -04:00
Ilija Tovilo
2f646d29db
Fix #3607 - constant string class reference with leading backslash (#3612) 2020-06-19 18:02:39 -04:00
Andrei Petre
6024fe4761
use original case in error messages when reporting undefined methods (#3615) 2020-06-19 11:51:08 -04:00
Brown
b1c836e5f3 Improve specialisation after call 2020-06-19 01:59:45 -04:00
Brown
8f2e28c36b Improve tainting of specializable classes 2020-06-19 01:22:51 -04:00
Brown
eecdc43ce7 Remove stray commas 2020-06-18 20:15:38 -04:00
Brown
49f0592794 Improve tracking of array taints 2020-06-18 18:48:19 -04:00
Brown
f609a01497 Move static property fetch analyzer to own class 2020-06-18 11:53:24 -04:00
Olle Härstedt
e1cc27f7a2
Add new config: sealAllMethods (#3578) 
* Add new config: sealAllMethods

* Add some more tests

* Fix codesniffer issue with preg_quote

* Fix missing method in test

Co-authored-by: Olle <noemail>
 2020-06-15 22:36:42 -04:00
Brown
03e9649d49 Fix tainting of function calls absent taintable params 2020-06-15 20:59:48 -04:00
Brown
8c5a434dc8 Allow updating array by reference 2020-06-15 14:45:08 -04:00
Matthew Brown
081a284759 Fix #3567 - remember which variables a callable sets byref in use 2020-06-14 11:58:50 -04:00
Matthew Brown
a49a0e5650 Fix #3551 - count method can be impure 2020-06-14 11:06:53 -04:00
Brown
9bfe50b20a Always analyse cast expressions 
Fixes #3577
 2020-06-12 17:25:46 -04:00
Brown
5617e9d7c9 Fix array_values call 2020-06-09 19:06:08 -04:00
Brown
286a8f911a Add support for static mixin calls 
Fixes #3552
 2020-06-09 18:39:52 -04:00
Matthew Brown
91e76f7173 Fix #3536 - Make method return type provider aware of original called method 2020-06-06 23:35:08 -04:00
Matthew Brown
0ac739fd48 Fix #3534 - allow magic method call on mixin 2020-06-06 23:28:32 -04:00
Matthew Brown
74a34f066c Don’t check classes if literal strings are allowed 
Fixes #3538
 2020-06-06 19:31:42 -04:00
Brown
cf92361338 Fix #3522 - only use property pass-through when it’s visible 2020-06-04 16:15:07 -04:00
Brown
a4aa44494f Fix #3519 - prevent empty callable string 2020-06-04 15:40:53 -04:00
El Azimov
bed5a74065
Add wildcard support for class constants in template. (#3489) 
Co-authored-by: El Azimov <el.azimov@rocks>
 2020-05-30 16:55:18 -04:00
feek
5330dcbd7a
fix: pass along final (#3471) 2020-05-28 01:59:24 -04:00
Brown
3c60609c21 Support better mixin handling 2020-05-27 11:12:09 -04:00
Brown
769ac5c052 Fix #3458 - scope templated mixin accurately 2020-05-26 23:32:07 -04:00
Brown
d04e21ee5a Define mixin declaring classname 2020-05-26 23:32:07 -04:00
Brown
3da3d61270 Fix #3434 by removing extraneous call to simplifyType 2020-05-26 17:55:54 -04:00
Brown
ecb179c784 Migrate min/max function calls back to CallMap 2020-05-26 12:28:56 -04:00
Brown
953be61cf2 Allow limiting connected taint paths 2020-05-25 23:28:11 -04:00
Brown
7e7456c863 Make taint checks more thorough 2020-05-25 17:10:53 -04:00
Brown
2e6fc24867 Template callmap methods too 
Fixes #3453
 2020-05-25 14:21:06 -04:00
Brown
118b700436 Simplify sink mapping for internal calls 2020-05-25 13:10:06 -04:00
Brown
be847472a2 Fix #3453 - allow conditional return types on instance methods 2020-05-25 09:39:30 -04:00
Brown
92a9a7efdf Handle flows into arguments a little better 2020-05-23 23:54:16 -04:00
Brown
fb3cb2c4d1 Only use plain return type if we’re not memoizing 2020-05-22 17:05:39 -04:00
Brown
4b1c3db760 Don’t memoize method call where we have a getter standin 
Fixes #3427
 2020-05-22 15:54:32 -04:00
Brown
8632cdb3cd Improve taint tracking during scanning phase 2020-05-22 12:33:48 -04:00
Brown
63c3678ae5 Improve property location resolution 2020-05-22 12:33:38 -04:00
Matthew Brown
187b944680 Add faster taint analysis 2020-05-22 12:33:29 -04:00
Brown
a3214012a6 Only convert userland functions 2020-05-19 16:15:41 -04:00
Brown
4415e0f69c Fix special case calling callable param with string non-global function 
Fixes #3411
 2020-05-19 15:48:31 -04:00
Brown
0b2da18f1e Break up StatementsAnalyzer 2020-05-19 12:56:30 -04:00
Brown
8e5b330c5a Break apart CallAnalyzer 2020-05-18 22:57:00 -04:00
Brown
5b06c206e0 Move classes into deeper namespace 2020-05-18 22:52:33 -04:00
Brown
5ee1487a01 Make ExpressionAnalyzer more beautiful 2020-05-18 15:13:27 -04:00
Brown
111303d913 Add non-empty-lowercase-string type 2020-05-15 10:18:05 -04:00
Brown
2af0a17d03 Fix #3236 - allow use-checking of more methods starting with __ 2020-05-12 22:39:26 -04:00