|
|
96f2dde791
|
Merge remote-tracking branch 'origin/5.x'
|
2023-10-21 13:39:39 +02:00 |
|
|
|
394e38599d
|
Strict types everywhere
|
2023-10-19 13:12:06 +02:00 |
|
cgocast
|
94a98ccddd
|
Allow tainted numerics except for 'html' and 'has_quotes'
|
2023-10-02 15:08:26 +02:00 |
|
cgocast
|
84e7423175
|
Detect DoS by sleep vimeo#10178
|
2023-09-06 15:58:08 +02:00 |
|
cgocast
|
5545873f44
|
Fix tests
|
2023-08-31 05:44:57 +02:00 |
|
cgocast
|
c16216bc42
|
Xpath injection #10162
|
2023-08-30 18:56:10 +02:00 |
|
cgocast
|
c8b47b17bf
|
Fix typo
|
2023-08-26 21:54:26 +02:00 |
|
cgocast
|
72c9bf8575
|
New sinks for TaintedCallable #10117
|
2023-08-26 19:29:00 +02:00 |
|
Mark McEver
|
b5781c34e8
|
Fixed a case where the conditional taint, specialize, & flow features were not playing nicely together
|
2023-02-01 15:41:52 -06:00 |
|
Mark McEver
|
53c3f1ebb3
|
Prevent other DB escaping functions from escaping non-sql taints
|
2022-12-28 14:19:01 -06:00 |
|
Mark McEver
|
69f31dcd4a
|
Prevent mysqli escaping functions from escaping non-sql taints
|
2022-12-28 13:39:01 -06:00 |
|
Jack Worman
|
1c19260cdd
|
Require trailing commas
|
2022-12-18 13:20:31 -06:00 |
|
Jack Worman
|
643542346b
|
Add codesniffer rules and expand php-cs-fixer to bin and test
|
2022-12-14 13:29:09 -06:00 |
|
Mark McEver
|
9764803c55
|
Allowed taints to pass through urlencode()
|
2022-12-05 17:25:36 -06:00 |
|
Matthew Brown
|
8d36bdc3ed
|
Make array shapes strict by default (#8701)
* Make array shapes strict by default
* Fix PSL tests
|
2022-11-11 20:14:21 -05:00 |
|
|
|
1986c8b4a8
|
Add support for strict arrays, fix type alias intersection, fix array_is_list assertion on non-lists (#8395)
* Immutable CodeLocation
* Remove excess clones
* Remove external clones
* Remove leftover clones
* Fix final clone issue
* Immutable storages
* Refactoring
* Fixes
* Fixes
* Fix
* Fix
* Fixes
* Simplify
* Fixes
* Fix
* Fixes
* Update
* Fix
* Cache global types
* Fix
* Update
* Update
* Fixes
* Fixes
* Refactor
* Fixes
* Fix
* Fix
* More caching
* Fix
* Fix
* Update
* Update
* Fix
* Fixes
* Update
* Refactor
* Update
* Fixes
* Break one more test
* Fix
* FIx
* Fix
* Fix
* Fix
* Fix
* Improve performance and readability
* Equivalent logic
* Fixes
* Revert
* Revert "Revert"
This reverts commit f9175100c8452c80559234200663fd4c4f4dd889.
* Fix
* Fix reference bug
* Make default TypeVisitor immutable
* Bugfix
* Remove clones
* Partial refactoring
* Refactoring
* Fixes
* Fix
* Fixes
* Fixes
* cs-fix
* Fix final bugs
* Add test
* Misc fixes
* Update
* Fixes
* Experiment with removing different property
* revert "Experiment with removing different property"
This reverts commit ac1156e077fc4ea633530d51096d27b6e88bfdf9.
* Uniform naming
* Uniform naming
* Hack hotfix
* Clean up $_FILES ref #8621
* Undo hack, try fixing properly
* Helper method
* Remove redundant call
* Partially fix bugs
* Cleanup
* Change defaults
* Fix bug
* Fix (?, hope this doesn't break anything else)
* cs-fix
* Review fixes
* Bugfix
* Bugfix
* Improve logic
* Add support for list{} and callable-list{} types, properly implement array_is_list assertions (fixes #8389)
* Default to sealed arrays
* Fix array_merge bug
* Fixes
* Fix
* Sealed type checks
* Properly infer properties-of and get_object_vars on final classes
* Fix array_map zipping
* Fix tests
* Fixes
* Fixes
* Fix more stuff
* Recursively resolve type aliases
* Fix typo
* Fixes
* Fix array_is_list assertion on keyed array
* Add BC docs
* Fixes
* fix
* Update
* Update
* Update
* Update
* Seal arrays with count assertions
* Fix #8528
* Fix
* Update
* Improve sealed array foreach logic
* get_object_vars on template properties
* Fix sealed array assertion reconciler logic
* Improved reconciler
* Add tests
* Single source of truth for test types
* Fix tests
* Fixup tests
* Fixup tests
* Fixup tests
* Update
* Fix tests
* Fix tests
* Final fixes
* Fixes
* Use list syntax only when needed
* Fix tests
* Cs-fix
* Update docs
* Update docs
* Update docs
* Update docs
* Update docs
* Document missing types
* Update docs
* Improve class-string-map docs
* Update
* Update
* I love working on psalm :)
* Keep arrays unsealed by default
* Fixup tests
* Fix syntax mistake
* cs-fix
* Fix typo
* Re-import missing types
* Keep strict types only in return types
* argc/argv fixes
* argc/argv fixes
* Fix test
* Comment-out valinor code, pinging @romm pls merge https://github.com/CuyZ/Valinor/pull/246 so we can add valinor to the psalm docs :)
|
2022-11-05 22:34:42 +01:00 |
|
|
|
15f5c593a7
|
Fix
|
2022-10-17 12:40:50 +02:00 |
|
|
|
748a74bb2c
|
Merge remote-tracking branch 'origin/4.x' into HEAD
|
2022-10-16 13:41:27 +02:00 |
|
kkmuffme
|
5c39e66b15
|
fix tests
|
2022-09-15 19:38:51 +02:00 |
|
Matt Brown
|
8c716f8be7
|
Support taints in new $_GET["a"] calls
|
2022-07-15 22:17:59 -04:00 |
|
Matt Brown
|
e6c444410c
|
Remove debug code
|
2022-06-23 18:03:33 -04:00 |
|
Matt Brown
|
15387d19cd
|
Track taints in static properties
|
2022-06-23 16:43:42 -04:00 |
|
Matt Brown
|
6fa0da9e37
|
Fix minor taint analysis bug with nested array assignment
|
2022-06-21 12:42:32 -04:00 |
|
Mark McEver
|
828b093964
|
Prevent unnecessary filter_var() warnings on primitive types
|
2022-02-15 14:13:44 -06:00 |
|
orklah
|
5aa06ae64e
|
fix merge issues
|
2022-02-14 00:12:31 +01:00 |
|
orklah
|
1142c818c2
|
Merge remote-tracking branch 'upstream/4.x' into upstream-master9
|
2022-02-14 00:10:28 +01:00 |
|
AndrolGenhald
|
7b1599d783
|
Fix false positive for unused variable in try (fixes #7613).
|
2022-02-13 15:14:59 -06:00 |
|
orklah
|
af1888b631
|
Merge remote-tracking branch 'upstream/4.x' into upstream-master4
|
2022-01-22 17:48:42 +01:00 |
|
orklah
|
52a7f0694e
|
drop compatibility aliases
|
2022-01-19 19:29:16 +01:00 |
|
Matthew Brown
|
f439d6550b
|
Ensure that all entries in test arrays have explicit keys (#7386)
* Transformation that updates assertions
* Simplify transformation
* Ensure that all tests have keys
* Fix a few remaining keys
|
2022-01-13 13:49:37 -05:00 |
|
Bruce Weirdan
|
8726065d21
|
Applied ClosureToArrowFunctionRector
|
2022-01-06 00:48:04 +02:00 |
|
rarila
|
97e6511fab
|
Set number of lines before and after namespace.
|
2021-12-15 04:58:32 +01:00 |
|
ralila
|
2a956498bf
|
Import instead of using fqn functions
|
2021-12-03 21:07:25 +01:00 |
|
ralila
|
711be643c6
|
Import instead of using fqn exceptions
|
2021-12-03 20:29:06 +01:00 |
|
orklah
|
3bc06a8eab
|
Taint can't transmit through numerics nor bool
|
2021-11-25 22:40:01 +01:00 |
|
orklah
|
39dc7608ef
|
ignore comments after taint-sink
|
2021-11-07 10:29:08 +01:00 |
|
orklah
|
3322801903
|
ignore comments after taint-sink
|
2021-11-07 10:17:25 +01:00 |
|
orklah
|
cd74f665dc
|
Merge pull request #6813 from orklah/intTaint
don't register taints for numeric variables
|
2021-11-04 15:30:52 +01:00 |
|
orklah
|
e6dccaa07c
|
Merge pull request #6809 from orklah/binaryOpTaint
don't taint the result of most binary operations
|
2021-11-04 13:18:07 +01:00 |
|
orklah
|
bf993452a8
|
Merge pull request #6810 from orklah/castArrayTaints
Array cast pass taints
|
2021-11-04 13:17:20 +01:00 |
|
orklah
|
9fb74a4f28
|
exclude Plus on arrays too
|
2021-11-04 00:30:09 +01:00 |
|
orklah
|
3b01713257
|
don't taint the result of most binary operations
|
2021-11-04 00:30:09 +01:00 |
|
orklah
|
24137bdbad
|
Array cast pass taints
|
2021-11-04 00:29:36 +01:00 |
|
orklah
|
eca530d792
|
don't register taints for numeric variables
|
2021-11-04 00:29:07 +01:00 |
|
orklah
|
fbe305e5bb
|
detect taint in backticks
|
2021-11-04 00:28:40 +01:00 |
|
orklah
|
9d9dba156c
|
Merge pull request #6538 from orklah/taint-windows
enable test on taint
|
2021-09-27 20:37:27 +02:00 |
|
orklah
|
caf4d57438
|
enable test on taint
|
2021-09-27 20:16:50 +02:00 |
|
Mark McEver
|
79340b4a6f
|
Prevent unnecessary filter_var() warnings
|
2021-09-27 18:46:01 +01:00 |
|
Mark McEver
|
76dade477d
|
Prevent unnecessary filter_var() warning
|
2021-09-27 18:34:58 +01:00 |
|
Matt Brown
|
667dcc2e49
|
No false-positives for tainting through array keys
|
2021-06-29 17:05:39 -04:00 |
|
