danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-12-04 10:38:49 +01:00
Code Issues Projects Releases Wiki Activity
7,806 Commits 43 Branches 314 Tags 108 MiB
e7bfcf8f82
Commit Graph

25 Commits

Author SHA1 Message Date
LeSuisse
e32ed43253
Fix incorrect taint sink map for \rmdir (#4703) 
Closes #4690
 2020-11-25 16:45:53 -05:00
Benjamin Morel
e938933ff3
Fix PDOStatement::fetchObject() return type (#4682) 2020-11-23 15:52:14 -05:00
Matt Brown
ea9cb72143 First creation_function param isnÆt really a sink 2020-11-20 09:56:53 -05:00
Markus Staab
acb4bb42e1
documented type in InternalTaintSinkMap (#4627) 2020-11-19 19:27:40 -05:00
Lukas Reschke
78f4a0691c
Add dedicated types for 'file', 'header' and 'cookie' (#4630) 
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'

* Add documentation

* Add mapping for taint flows

* Add tests

* Fix test
 2020-11-19 17:47:29 -05:00
Lukas Reschke
ddbfbb28e6
Split LDAP into custom category (#4604) 
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
 2020-11-18 11:39:36 -05:00
Lukas Reschke
5ba4681c17
Add SSRF sinks (#4592) 2020-11-18 00:52:48 -05:00
Matt Brown
43af3b1a57 Break out TaintedInput issues into a lot of separate ones 2020-11-17 12:44:31 -05:00
Benjamin Morel
08716233e6
DateTimeInterface::getTimeZone() can return false (#4579) 
Fixes #4515
 2020-11-16 21:48:34 -05:00
Benjamin Morel
d313f57061
mysqli::$insert_id can be a string (#4577) 2020-11-16 21:48:04 -05:00
Tyson Andre
d71ed7b9e9
Fix curl_multi_getcontent signature (#4580) 2020-11-16 21:47:33 -05:00
Lukas Reschke
09abcfb650
Add sinks for popen and proc_open (#4572) 
User input in those two functions could lead to a RCE.

popen: https://www.php.net/manual/en/function.popen.php
proc_open: https://www.php.net/manual/en/function.proc-open.php
 2020-11-16 15:04:22 -05:00
orklah
317986c7a3
Add undocumented properties in SoapFault (#4510) 2020-11-08 13:15:49 -05:00
Matt Brown
b5a3f45d52 Remove use of PHP 7.2 function 2020-11-04 11:02:34 -05:00
Philip Hofstetter
5abde20fd0
improve mb_strtolower return type (#4469) 
this fixes #4455
 2020-11-02 08:18:42 -05:00
Matt Brown
dab1aac9d4 Protect more calls 2020-10-28 13:48:13 -04:00
Matt Brown
4aef96bbac Use lists everywhere for args 2020-10-28 12:45:26 -04:00
Matt Brown
f72e2d7de5 Fix #4374 - prevent paradox and allow Psalm to understand more assignments in conditionals 2020-10-20 14:43:05 -04:00
Matt Brown
b904b1d173 getShortName does not return a class-string 2020-10-19 22:35:09 -04:00
Matt Brown
eeacec315a 4.x - fix callmap regressions 2020-10-12 10:08:15 -04:00
Matt Brown
b85cbd01a7 4.x - add support for PHP 8 callmap 2020-10-12 09:41:25 -04:00
Matt Brown
903d7f3601 Add more fixes 2020-10-12 08:26:17 -04:00
Matt Brown
321b81e1f0 Fix order 2020-10-12 02:00:03 -04:00
Matt Brown
c9954b34f6 Add changes from PHPStan‘s functionmap 2020-10-12 01:56:04 -04:00
Matt Brown
f3b05f5ab5 Move static code out of src 2020-10-12 00:59:19 -04:00