Matt Brown
|
91ee4aeca3
|
Fix #4797 - sanitise assertion output of template result
|
2020-12-07 19:11:56 -05:00 |
|
Matt Brown
|
f5dd6e76f8
|
Fix #4802 - don’t clone context when analysing coalesce
|
2020-12-07 14:30:57 -05:00 |
|
Matthew Brown
|
d406d5b112
|
Fix typo
|
2020-12-07 01:32:18 -05:00 |
|
Matt Brown
|
e702e472fc
|
Support simple list assignment in foreach
Ref #4741
|
2020-12-06 19:14:52 -05:00 |
|
Matt Brown
|
9c0e9a3d7e
|
Taint all when conditional return is used
Ref #4792
|
2020-12-06 11:24:48 -05:00 |
|
Matt Brown
|
4d1aae43f9
|
Fix #4778 - remove already-initialized properties when checking initialisation
|
2020-12-06 11:07:59 -05:00 |
|
Matt Brown
|
cec8d7138f
|
Fix #4782 - don’t replace closure types with upper bounds when replacing class param types
|
2020-12-05 11:58:55 -05:00 |
|
Matt Brown
|
1bb8b73f99
|
Return earlier
|
2020-12-05 10:25:34 -05:00 |
|
orklah
|
62d5ea83a1
|
Allow int casts if the type comes from calculation (#4768)
|
2020-12-03 23:15:07 -05:00 |
|
Matt Brown
|
0411049559
|
Mixed array access should mark vars as used just in case
|
2020-12-03 13:09:08 -05:00 |
|
Matt Brown
|
2feba22a00
|
Make more try vars potentially undefined
Fixes #4764
|
2020-12-03 11:44:10 -05:00 |
|
Matt Brown
|
51a92aa223
|
Fix interface property regression
|
2020-12-03 11:13:10 -05:00 |
|
Matt Brown
|
bef9ab37e6
|
Fix #4759 – don’t generate assertion when assigning to same-named variable
|
2020-12-03 09:42:26 -05:00 |
|
Denis Smetannikov
|
11576951f6
|
Update ExistingAtomicStaticCallAnalyzer.php (#4761)
The invalid syntax for PHP 7.1+
|
2020-12-03 09:24:34 -05:00 |
|
Matt Brown
|
1a5d5e4476
|
Simplify FunctionLikeDocblockScanner
|
2020-12-03 00:19:01 -05:00 |
|
Matt Brown
|
e2a2e8ee87
|
Break apart AtomicPropertyFetchAnalyzer::analyze
|
2020-12-02 23:37:29 -05:00 |
|
Matt Brown
|
2f00500c91
|
Improve message
|
2020-12-02 22:08:14 -05:00 |
|
Matt Brown
|
6f916553a8
|
Ref #4753 - allow int literals to inform key type
|
2020-12-02 17:13:45 -05:00 |
|
Matt Brown
|
e2bb02e93c
|
Don’t suggest a potential value that’s undefined
Fixes #4754
|
2020-12-02 14:49:30 -05:00 |
|
Matt Brown
|
f0876b86f4
|
Avoid false-positives while analysing memoised coalesce
|
2020-12-02 02:25:15 -05:00 |
|
Matt Brown
|
394eceb01c
|
Memoize coalesce expression in more scenarios
|
2020-12-02 02:15:17 -05:00 |
|
Matt Brown
|
928fdda00f
|
Don’t do new isset conversion on try-set vars
|
2020-12-02 01:47:49 -05:00 |
|
Matt Brown
|
1feca322d5
|
Fix loading imported functions
|
2020-12-02 00:52:35 -05:00 |
|
Matt Brown
|
5a200ca442
|
Fix assertions on unions
|
2020-12-01 21:12:03 -05:00 |
|
Matt Brown
|
61e374f33b
|
Fix null array access complaints
|
2020-12-01 20:10:48 -05:00 |
|
Matt Brown
|
1a629ccc82
|
Fix a few issues
|
2020-12-01 18:26:15 -05:00 |
|
Matt Brown
|
e7f9ce6da0
|
Break out RedundantCast issues
|
2020-12-01 17:25:45 -05:00 |
|
Matt Brown
|
2963efc9a5
|
Use fallback assignment type when the property doesn’t exist on the class
|
2020-12-01 16:59:44 -05:00 |
|
Matt Brown
|
f5494bc407
|
Fix typos caused by Macbook Pro’s bad keyboard
|
2020-12-01 14:14:09 -05:00 |
|
orklah
|
f0c0ac0616
|
handle return flag for a try/catch/finally (#4746)
* handle return flag for a try/catch/finally
* add tests for psalter
|
2020-12-01 12:55:27 -05:00 |
|
Matt Brown
|
c6d0561612
|
Fix nullref
|
2020-12-01 00:48:09 -05:00 |
|
Matt Brown
|
7295e28e20
|
Fix #4743 - simplify assertions generated from array_key_exists check
|
2020-11-30 22:10:17 -05:00 |
|
Matt Brown
|
6f86201f34
|
Break up AssignmentAnalyzer::analyze
|
2020-11-30 14:57:35 -05:00 |
|
Matt Brown
|
3b1fa58413
|
Break apart method as much as possible
|
2020-11-30 14:07:18 -05:00 |
|
Matt Brown
|
2427606563
|
Fix lint
|
2020-11-30 13:25:27 -05:00 |
|
Matt Brown
|
2204728824
|
Break apart NewAnalyzer::analyze
Ref #4714
|
2020-11-30 13:24:24 -05:00 |
|
Matt Brown
|
4baf143ff7
|
Break apart ArrayAssignmentAnalyzer::updateArrayType
Ref #4714
|
2020-11-30 13:08:42 -05:00 |
|
Matt Brown
|
5430effb2b
|
Break apart InstancePropertyAssignmentAnalyzer
Ref #4714
|
2020-11-30 12:09:09 -05:00 |
|
Matt Brown
|
31e2522adb
|
Actually not a bug
|
2020-11-30 01:32:38 -05:00 |
|
Matt Brown
|
817db55140
|
Fix typo
|
2020-11-30 01:29:40 -05:00 |
|
Matt Brown
|
cf6dedc11d
|
Break up AssertionFinder methods
Ref #4714
|
2020-11-30 01:20:28 -05:00 |
|
orklah
|
a760a2418a
|
support shift and bitwise operations in constants (#4740)
|
2020-11-29 21:43:49 -05:00 |
|
Matt Brown
|
4d81682fdd
|
Fix #4731 - expand out class-bound generic types when evaluating instance method
|
2020-11-29 21:36:50 -05:00 |
|
Matt Brown
|
86b6d6a506
|
Fix #4733 - don’t replace template types when they’re defined on the same class
|
2020-11-29 19:12:22 -05:00 |
|
Matt Brown
|
601c1d8cd0
|
Expand out constants in param types earlier
|
2020-11-29 19:07:35 -05:00 |
|
Matt Brown
|
46b202731c
|
Fix check
|
2020-11-29 18:28:32 -05:00 |
|
Matt Brown
|
58b306b6e3
|
Ensure class template types are mapped to static methods where necessary
Ref #4733
|
2020-11-29 17:40:52 -05:00 |
|
Matt Brown
|
8da676f5bf
|
Improve param name
|
2020-11-29 17:26:42 -05:00 |
|
Matt Brown
|
ea314cc1c0
|
Simplify calling of replacer methods
|
2020-11-29 16:27:00 -05:00 |
|
Matt Brown
|
4d22723525
|
Break out replacement of templated types with their inferred result
|
2020-11-29 16:16:16 -05:00 |
|
Matt Brown
|
15a5bd5e29
|
Simplify storage and retrieval of extended template params
|
2020-11-29 15:05:32 -05:00 |
|
Matthew Brown
|
60ac109c01
|
Add RedundantPropertyInitializationCheck (#4732)
* Add RedundantPropertyInitializationCheck
* add documentation for RedundantPropertyInitializationCheck (#4734)
Co-authored-by: orklah <orklah@users.noreply.github.com>
|
2020-11-29 11:57:20 -05:00 |
|
Matt Brown
|
0efd4ebd7d
|
Detect some erroneous issets
|
2020-11-29 09:26:39 -05:00 |
|
Matthew Brown
|
fd53192ad2
|
Fix redundant mappings
|
2020-11-28 21:05:31 -05:00 |
|
Matt Brown
|
8adc0918ae
|
Fix the bug
|
2020-11-28 09:55:40 -05:00 |
|
Matt Brown
|
de1fa03f77
|
Fix template type selection
|
2020-11-28 09:53:11 -05:00 |
|
Matt Brown
|
4af7e818b2
|
Simplify ArrayFetchAnalyzer::getArrayAccessTypeGivenOffset
Ref #4714
|
2020-11-27 23:36:47 -05:00 |
|
Matt Brown
|
73cd07a01f
|
Simplify FunctionCallAnalyzer
Ref #4714
|
2020-11-27 16:34:27 -05:00 |
|
Matt Brown
|
6db8132b4c
|
Simplify call analysers a bit
Ref #4714
|
2020-11-27 16:31:10 -05:00 |
|
Matt Brown
|
5dd4912a99
|
Simplify ArrayAnalyzer
Ref #4714
|
2020-11-27 14:19:55 -05:00 |
|
Matt Brown
|
1ce45516db
|
Don’t alter behaviour
|
2020-11-27 11:47:12 -05:00 |
|
Matt Brown
|
5f065d3d74
|
Turn template bound tuples into object
Ref #4714
|
2020-11-27 11:43:30 -05:00 |
|
Matt Brown
|
6de97e3779
|
Skip missing function params in taint analysis
|
2020-11-26 11:58:14 -05:00 |
|
orklah
|
4bbb72329e
|
Fix PHPMAXINT offset (#4707)
|
2020-11-26 09:24:32 -05:00 |
|
Matt Brown
|
01ceaf7006
|
Fix style issues
|
2020-11-25 21:36:37 -05:00 |
|
orklah
|
58736924dd
|
fix wrong cast to int when string offset is a number > MAX INT (#4702)
|
2020-11-25 15:48:53 -05:00 |
|
Matt Brown
|
f3e0201a99
|
Treat $a ?? $b identically to isset($a) ? $a : $b
|
2020-11-25 14:34:05 -05:00 |
|
Matt Brown
|
d40d63f180
|
Fix #4699 - treat isset like !== null when variable is defined
|
2020-11-25 14:04:55 -05:00 |
|
Matt Brown
|
6aa052475a
|
Pass correct flags when referencing from finally
|
2020-11-25 14:04:55 -05:00 |
|
orklah
|
b6a3282589
|
Detect redundant cast (#4695)
* detect redundant cast
* fix redundant cast issues
* fix redundant cast in tests
|
2020-11-25 12:04:48 -05:00 |
|
Matt Brown
|
f8ddc7e58a
|
Add slash
|
2020-11-24 15:07:15 -05:00 |
|
Matt Brown
|
e9c00b8395
|
Switch order to satisfy new refinement
|
2020-11-24 14:57:34 -05:00 |
|
Matt Brown
|
41af653bd4
|
Add support for some dependent types
|
2020-11-24 14:50:35 -05:00 |
|
orklah
|
b6cb9785ac
|
Prevent illegal array keys (#4660)
* Emit an issue when an array-key is not legal
* tests
|
2020-11-23 15:20:39 -05:00 |
|
erikjwaxx
|
25d8c6d21e
|
Narrow inference of $a <=> $b from "int" to "-1|0|1" (#4680)
* A <=> operator has a literal type of -1|0|1 and not simply int
* Test to verify inferred type of $a <=> $b is -1|0|1
|
2020-11-23 13:10:51 -05:00 |
|
Matt Brown
|
17ceba5c06
|
Fix bug
|
2020-11-22 23:32:14 -05:00 |
|
Matt Brown
|
f164a45843
|
Fix bugs
|
2020-11-22 19:45:54 -05:00 |
|
Matt Brown
|
9a03a9a5d0
|
Move param taint sink addition after arguuments have been analysed
|
2020-11-22 19:39:40 -05:00 |
|
Matt Brown
|
b782dd4225
|
Make sure conditional escaping works for static methods too
|
2020-11-22 13:39:32 -05:00 |
|
Matt Brown
|
af008953a8
|
Fix #4661 - support conditional escaping for functions
|
2020-11-22 13:24:33 -05:00 |
|
orklah
|
a3217265ce
|
null operations should return mixed results (#4655)
|
2020-11-22 09:06:03 -05:00 |
|
Matt Brown
|
f0ae0e5cb4
|
Break aparat type combiner
|
2020-11-21 18:11:29 -05:00 |
|
Lukas Reschke
|
ffb0c4ae17
|
Implement variadic taint propagation (#4649)
* Implement variadic taint propagation
* Lint code
|
2020-11-21 17:41:40 -05:00 |
|
orklah
|
ae0486529e
|
Unused psalm-suppress (#4646)
|
2020-11-21 17:39:40 -05:00 |
|
Matt Brown
|
1cead18760
|
Fix #4637 - prevent regression when negating function call with === false
|
2020-11-20 09:56:53 -05:00 |
|
Matt Brown
|
ce8938263e
|
Fix #4636 - prevent crashes on aliased classes
|
2020-11-20 09:29:24 -05:00 |
|
Matt Brown
|
c562e1dd52
|
Don’t taint foreach keys with array-fetch
We could use array-keyfetch or similar, but for now gives false-positives
|
2020-11-19 19:08:59 -05:00 |
|
Matt Brown
|
78d644d1a1
|
Change TaintedText to TaintedCallable
|
2020-11-19 19:01:19 -05:00 |
|
Matt Brown
|
4c315ec45c
|
Closure calls aren’t sinks
|
2020-11-19 18:44:36 -05:00 |
|
Matt Brown
|
70c9fd97c7
|
Return empty instead of throwing
|
2020-11-19 16:25:53 -05:00 |
|
Matt Brown
|
ead63894a1
|
Fix formatting
|
2020-11-19 16:09:30 -05:00 |
|
Matt Brown
|
b5d4b59c33
|
Be more refined
|
2020-11-19 15:57:05 -05:00 |
|
Matt Brown
|
de49892525
|
Fix #4626 - array_key_exists should infer type for first arg where possible
|
2020-11-19 15:40:27 -05:00 |
|
Matt Brown
|
ff3fff56d4
|
Simplify assertion negations, centralising as much as possible
Now the flag passed to scrapeAssertions just determines the errors emitted
|
2020-11-19 14:32:49 -05:00 |
|
Matt Brown
|
7803cc228b
|
Revert "Fix #4624 - allow in_array to work with list arrays"
This reverts commit 08ae85a735 .
|
2020-11-19 12:49:26 -05:00 |
|
Matt Brown
|
08ae85a735
|
Fix #4624 - allow in_array to work with list arrays
|
2020-11-19 09:26:41 -05:00 |
|
Matt Brown
|
95de6cf177
|
Allow immutable classes to be specialised through calls
|
2020-11-19 01:38:20 -05:00 |
|
Matt Brown
|
d60abaf858
|
Unfix fixes
|
2020-11-18 19:19:07 -05:00 |
|
Matt Brown
|
8dd229f6c0
|
Only ignore literal flows when tainting
|
2020-11-18 18:43:41 -05:00 |
|
Matt Brown
|
be275ae972
|
Fix #4605 - taint parent-declared property
|
2020-11-18 13:34:47 -05:00 |
|