Matt Brown
|
9c0e9a3d7e
|
Taint all when conditional return is used
Ref #4792
|
2020-12-06 11:24:48 -05:00 |
|
Matt Brown
|
cec8d7138f
|
Fix #4782 - don’t replace closure types with upper bounds when replacing class param types
|
2020-12-05 11:58:55 -05:00 |
|
Matt Brown
|
1bb8b73f99
|
Return earlier
|
2020-12-05 10:25:34 -05:00 |
|
Denis Smetannikov
|
11576951f6
|
Update ExistingAtomicStaticCallAnalyzer.php (#4761)
The invalid syntax for PHP 7.1+
|
2020-12-03 09:24:34 -05:00 |
|
Matt Brown
|
1feca322d5
|
Fix loading imported functions
|
2020-12-02 00:52:35 -05:00 |
|
Matt Brown
|
e7f9ce6da0
|
Break out RedundantCast issues
|
2020-12-01 17:25:45 -05:00 |
|
Matt Brown
|
f5494bc407
|
Fix typos caused by Macbook Pro’s bad keyboard
|
2020-12-01 14:14:09 -05:00 |
|
Matt Brown
|
3b1fa58413
|
Break apart method as much as possible
|
2020-11-30 14:07:18 -05:00 |
|
Matt Brown
|
2204728824
|
Break apart NewAnalyzer::analyze
Ref #4714
|
2020-11-30 13:24:24 -05:00 |
|
Matt Brown
|
4d81682fdd
|
Fix #4731 - expand out class-bound generic types when evaluating instance method
|
2020-11-29 21:36:50 -05:00 |
|
Matt Brown
|
86b6d6a506
|
Fix #4733 - don’t replace template types when they’re defined on the same class
|
2020-11-29 19:12:22 -05:00 |
|
Matt Brown
|
601c1d8cd0
|
Expand out constants in param types earlier
|
2020-11-29 19:07:35 -05:00 |
|
Matt Brown
|
46b202731c
|
Fix check
|
2020-11-29 18:28:32 -05:00 |
|
Matt Brown
|
58b306b6e3
|
Ensure class template types are mapped to static methods where necessary
Ref #4733
|
2020-11-29 17:40:52 -05:00 |
|
Matt Brown
|
ea314cc1c0
|
Simplify calling of replacer methods
|
2020-11-29 16:27:00 -05:00 |
|
Matt Brown
|
4d22723525
|
Break out replacement of templated types with their inferred result
|
2020-11-29 16:16:16 -05:00 |
|
Matt Brown
|
15a5bd5e29
|
Simplify storage and retrieval of extended template params
|
2020-11-29 15:05:32 -05:00 |
|
Matt Brown
|
0efd4ebd7d
|
Detect some erroneous issets
|
2020-11-29 09:26:39 -05:00 |
|
Matthew Brown
|
fd53192ad2
|
Fix redundant mappings
|
2020-11-28 21:05:31 -05:00 |
|
Matt Brown
|
8adc0918ae
|
Fix the bug
|
2020-11-28 09:55:40 -05:00 |
|
Matt Brown
|
de1fa03f77
|
Fix template type selection
|
2020-11-28 09:53:11 -05:00 |
|
Matt Brown
|
73cd07a01f
|
Simplify FunctionCallAnalyzer
Ref #4714
|
2020-11-27 16:34:27 -05:00 |
|
Matt Brown
|
6db8132b4c
|
Simplify call analysers a bit
Ref #4714
|
2020-11-27 16:31:10 -05:00 |
|
Matt Brown
|
5f065d3d74
|
Turn template bound tuples into object
Ref #4714
|
2020-11-27 11:43:30 -05:00 |
|
Matt Brown
|
6de97e3779
|
Skip missing function params in taint analysis
|
2020-11-26 11:58:14 -05:00 |
|
Matt Brown
|
d40d63f180
|
Fix #4699 - treat isset like !== null when variable is defined
|
2020-11-25 14:04:55 -05:00 |
|
Matt Brown
|
17ceba5c06
|
Fix bug
|
2020-11-22 23:32:14 -05:00 |
|
Matt Brown
|
f164a45843
|
Fix bugs
|
2020-11-22 19:45:54 -05:00 |
|
Matt Brown
|
9a03a9a5d0
|
Move param taint sink addition after arguuments have been analysed
|
2020-11-22 19:39:40 -05:00 |
|
Matt Brown
|
b782dd4225
|
Make sure conditional escaping works for static methods too
|
2020-11-22 13:39:32 -05:00 |
|
Matt Brown
|
af008953a8
|
Fix #4661 - support conditional escaping for functions
|
2020-11-22 13:24:33 -05:00 |
|
Matt Brown
|
f0ae0e5cb4
|
Break aparat type combiner
|
2020-11-21 18:11:29 -05:00 |
|
Lukas Reschke
|
ffb0c4ae17
|
Implement variadic taint propagation (#4649)
* Implement variadic taint propagation
* Lint code
|
2020-11-21 17:41:40 -05:00 |
|
orklah
|
ae0486529e
|
Unused psalm-suppress (#4646)
|
2020-11-21 17:39:40 -05:00 |
|
Matt Brown
|
ce8938263e
|
Fix #4636 - prevent crashes on aliased classes
|
2020-11-20 09:29:24 -05:00 |
|
Matt Brown
|
78d644d1a1
|
Change TaintedText to TaintedCallable
|
2020-11-19 19:01:19 -05:00 |
|
Matt Brown
|
4c315ec45c
|
Closure calls aren’t sinks
|
2020-11-19 18:44:36 -05:00 |
|
Matt Brown
|
ff3fff56d4
|
Simplify assertion negations, centralising as much as possible
Now the flag passed to scrapeAssertions just determines the errors emitted
|
2020-11-19 14:32:49 -05:00 |
|
Matt Brown
|
95de6cf177
|
Allow immutable classes to be specialised through calls
|
2020-11-19 01:38:20 -05:00 |
|
Matt Brown
|
d60abaf858
|
Unfix fixes
|
2020-11-18 19:19:07 -05:00 |
|
Matt Brown
|
8dd229f6c0
|
Only ignore literal flows when tainting
|
2020-11-18 18:43:41 -05:00 |
|
Matt Brown
|
236292ff05
|
Fix #4600 - set attributes in a bunch of places
|
2020-11-18 12:44:59 -05:00 |
|
Matt Brown
|
3f7f959726
|
Fix #4599 - propagate taints to parent callers where necessary
|
2020-11-18 09:59:54 -05:00 |
|
Matt Brown
|
28dee4146a
|
Fix tests
|
2020-11-17 17:53:46 -05:00 |
|
Matt Brown
|
adeaa33a64
|
Don’t propagate taints to child constructor args
|
2020-11-17 16:49:29 -05:00 |
|
Matt Brown
|
43af3b1a57
|
Break out TaintedInput issues into a lot of separate ones
|
2020-11-17 12:44:31 -05:00 |
|
Matt Brown
|
42802e11d1
|
Allow PHP major version to determine substr return type
|
2020-11-16 16:31:33 -05:00 |
|
Dusk
|
0fe3e1f83b
|
Allow named arguments to variadic functions (#4575)
Closes #4563
|
2020-11-16 15:49:27 -05:00 |
|
Matt Brown
|
5a62dc5c40
|
Fix #4540 - use correct method when simulating property setting
|
2020-11-12 23:56:29 -05:00 |
|
Matt Brown
|
556fb12966
|
Move mutation checks to more appropriate place
|
2020-11-12 23:54:50 -05:00 |
|