Bruce Weirdan
|
1cc4715740
|
Fix windows tests (#4040)
* Fix windows tests by not mangling the expectations
* Use platform-dependent directory separator in expected messages
* fix CS
|
2021-01-29 11:38:04 +01:00 |
|
Adrien LUCAS
|
d44130191b
|
Allow taint through strval sprintf (#3836)
* Add psalm-flow to strval
* Unexpected behavior with implode
|
2020-07-17 10:12:04 -04:00 |
|
Brown
|
67b2edc328
|
Allow more things to be suppressed with @psalm-suppress TaintedInput
|
2020-07-02 11:53:51 -04:00 |
|
Brown
|
ae7c5b095b
|
Fix #3712 - allow taints to be suppressed with @psalm-suppress
|
2020-07-01 23:23:45 -04:00 |
|
Tyson Andre
|
e3d59bf5d4
|
Support taint detection on Throwable::getTraceAsString() (#3731)
And `__toString()`, which uses getTraceAsString().
Fixes #3696
```php
function login($username, $password, $secret) {
throw new RuntimeException('login failure');
}
try {
login('user', $_GET['pass'], SECRET);
} catch (Exception $e) {
// This output includes unescaped 'pass' and SECRET
echo $e, "\n";
echo $e->getTraceAsString();
}
```
|
2020-07-01 21:27:40 -04:00 |
|
Tyson Andre
|
b0a3de47e8
|
Mark create_function() as a taint sink (#3729)
create_function() is a thin wrapper around eval().
Fixes #3723
|
2020-07-01 18:09:30 -04:00 |
|
Brown
|
cb0f65dd91
|
Skip taint tests in Windows
|
2020-07-01 09:49:52 -04:00 |
|
Brown
|
671009a70c
|
Specialize constructor taints cc @TysonAndre
|
2020-06-29 21:08:43 -04:00 |
|
Brown
|
e56483bb54
|
Fix #3711 - generalize call of specialized class without specializations
|
2020-06-29 17:42:01 -04:00 |
|
Brown
|
f6e2e0a84a
|
Perform string casting for taints in ArgumentAnalyzer
|
2020-06-29 13:21:33 -04:00 |
|
Brown
|
45c21853e5
|
Fix #3709 - don’t crash on inherited __toString tainting
|
2020-06-29 12:11:11 -04:00 |
|
Matthew Brown
|
18f9e7487b
|
Remove string cast
Cc @TysonAndre
|
2020-06-29 09:54:07 -04:00 |
|
Brown
|
38977d797e
|
Fix #3697 - cast types via implied __toString method
|
2020-06-29 09:13:19 -04:00 |
|
Brown
|
559b3d3471
|
Fix #3681 - taint exit like echo
|
2020-06-25 17:17:08 -04:00 |
|
Brown
|
07f7e5ccaf
|
Reconciling should preserve taints
Fixes #3680
|
2020-06-25 17:04:18 -04:00 |
|
Brown
|
9837a60853
|
Fix #3675 - add taints to filter_var return
Doesn’t yet take callback into account
|
2020-06-25 13:24:26 -04:00 |
|
Brown
|
95bf7f835b
|
Improve handling of array_map, faking out calls where nececssary
|
2020-06-25 13:05:34 -04:00 |
|
Brown
|
b8ebed0b85
|
Add a bit more accuracy
|
2020-06-25 01:00:11 -04:00 |
|
Brown
|
e26922010a
|
Improve accuracy of array nesting checks
|
2020-06-25 00:50:52 -04:00 |
|
Brown
|
b84cf74754
|
Fix #3668 - taint property types for magic properties without @property
|
2020-06-25 00:24:37 -04:00 |
|
Brown
|
dd25b81d3a
|
Fix #3670 - taint mixed foreach access
|
2020-06-24 19:16:30 -04:00 |
|
Brown
|
a6c7a48387
|
Add support for argument unpacking
Ref #3670
|
2020-06-24 18:43:15 -04:00 |
|
Brown
|
d03a53a5ad
|
Fix return type
|
2020-06-24 18:33:09 -04:00 |
|
Brown
|
828d9defb4
|
Use compact test format
|
2020-06-24 18:28:21 -04:00 |
|
Tyson Andre
|
1670848267
|
Mark print() statement as the same sink type as echo (#3669)
|
2020-06-24 17:23:16 -04:00 |
|
Brown
|
96d05ab06b
|
Fix #3654 - use correct function id for namespaced functions
|
2020-06-23 16:53:11 -04:00 |
|
Brown
|
6a746b65ea
|
Fix #3655 - taint encapsulated strings
|
2020-06-23 16:38:59 -04:00 |
|
Brown
|
13fc8a75fd
|
Allow taints to flow where no return type exists
Fixes #3652
|
2020-06-23 15:52:19 -04:00 |
|
Brown
|
f46236ad71
|
Taint flows through preg_replace_callback
|
2020-06-23 15:28:31 -04:00 |
|
Brown
|
fc8212e207
|
Fix static call specialisation via annotation
|
2020-06-22 18:40:43 -04:00 |
|
Brown
|
e8be2c500e
|
Support taint flows in more functions
|
2020-06-22 17:53:03 -04:00 |
|
Brown
|
dddc159694
|
Add explicit path object
|
2020-06-22 02:10:03 -04:00 |
|
Brown
|
36f1630e03
|
Add more steps for clearer output
|
2020-06-22 01:08:58 -04:00 |
|
Brown
|
fbe3433edd
|
Use escape terminology
|
2020-06-21 11:43:08 -04:00 |
|
Brown
|
dc83c2e2fc
|
Add annotation for taint sources
|
2020-06-21 00:58:56 -04:00 |
|
Brown
|
f21d3a8346
|
Remove html and sql taints for simple preg_replace patterns
|
2020-06-20 23:11:42 -04:00 |
|
Brown
|
a7a23b4c1c
|
Remove letter
|
2020-06-19 09:41:25 -04:00 |
|
Brown
|
b1c836e5f3
|
Improve specialisation after call
|
2020-06-19 01:59:45 -04:00 |
|
Brown
|
8f2e28c36b
|
Improve tainting of specializable classes
|
2020-06-19 01:22:51 -04:00 |
|
Brown
|
49f0592794
|
Improve tracking of array taints
|
2020-06-18 18:48:19 -04:00 |
|
Brown
|
562a7c1ca4
|
Track taints from all tainted arrays
|
2020-06-18 13:45:58 -04:00 |
|
Brown
|
03e9649d49
|
Fix tainting of function calls absent taintable params
|
2020-06-15 20:59:48 -04:00 |
|
Brown
|
56ef220e49
|
Fix bugs in taint specialisation
|
2020-06-15 18:34:56 -04:00 |
|
Brown
|
7e7456c863
|
Make taint checks more thorough
|
2020-05-25 17:10:53 -04:00 |
|
Brown
|
92a9a7efdf
|
Handle flows into arguments a little better
|
2020-05-23 23:54:16 -04:00 |
|
Brown
|
a198b09eb7
|
Add intermediary concat op node
|
2020-05-23 21:38:09 -04:00 |
|
Brown
|
16af6a5773
|
Improve concat taint propagation
|
2020-05-23 01:11:16 -04:00 |
|
Brown
|
10c106f7eb
|
Add eval sink
|
2020-05-23 00:03:29 -04:00 |
|
Brown
|
dc73e25157
|
Detect taints in include calls
|
2020-05-22 23:53:37 -04:00 |
|
Brown
|
8632cdb3cd
|
Improve taint tracking during scanning phase
|
2020-05-22 12:33:48 -04:00 |
|