1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-16 19:36:59 +01:00
Commit Graph

469 Commits

Author SHA1 Message Date
Brown
f6e2e0a84a Perform string casting for taints in ArgumentAnalyzer 2020-06-29 13:21:33 -04:00
Brown
b54b832838 Break out method call tainting 2020-06-29 00:14:49 -04:00
Brown
95bf7f835b Improve handling of array_map, faking out calls where nececssary 2020-06-25 13:05:34 -04:00
Brown
a6c7a48387 Add support for argument unpacking
Ref #3670
2020-06-24 18:43:15 -04:00
Brown
7a7cd91c24 Fix #3631 - better treatment for assignments in complex conditionals 2020-06-24 13:16:52 -04:00
Brown
9aa0aca949 Fix handling of coerced callmap args 2020-06-24 11:51:31 -04:00
Brown
c29b3744ec Change storage of out types 2020-06-24 11:51:31 -04:00
Brown
13fc8a75fd Allow taints to flow where no return type exists
Fixes #3652
2020-06-23 15:52:19 -04:00
Brown
1f86afece7 Revert "Fix #3631 - apply assertions to RHS of equality in conditional"
This reverts commit 9c17795545.
2020-06-22 20:01:27 -04:00
Brown
fc8212e207 Fix static call specialisation via annotation 2020-06-22 18:40:43 -04:00
Brown
e8be2c500e Support taint flows in more functions 2020-06-22 17:53:03 -04:00
Brown
9c17795545 Fix #3631 - apply assertions to RHS of equality in conditional 2020-06-22 15:16:16 -04:00
Brown
36f1630e03 Add more steps for clearer output 2020-06-22 01:08:58 -04:00
Brown
02e8313c39 Allow taintedness to propagate to some stubbed methods 2020-06-21 18:07:39 -04:00
Brown
07adecc6eb Use correct method id when creating taints 2020-06-21 02:06:08 -04:00
Brown
dc83c2e2fc Add annotation for taint sources 2020-06-21 00:58:56 -04:00
Brown
f21d3a8346 Remove html and sql taints for simple preg_replace patterns 2020-06-20 23:11:42 -04:00
Brown
8edee96d8d Fix taint regression 2020-06-20 18:10:01 -04:00
Brown
80ed1daf33 Allow static method mixin to invoke instance method 2020-06-20 18:05:35 -04:00
Ilija Tovilo
2f646d29db
Fix #3607 - constant string class reference with leading backslash (#3612) 2020-06-19 18:02:39 -04:00
Andrei Petre
6024fe4761
use original case in error messages when reporting undefined methods (#3615) 2020-06-19 11:51:08 -04:00
Brown
b1c836e5f3 Improve specialisation after call 2020-06-19 01:59:45 -04:00
Brown
8f2e28c36b Improve tainting of specializable classes 2020-06-19 01:22:51 -04:00
Brown
eecdc43ce7 Remove stray commas 2020-06-18 20:15:38 -04:00
Brown
49f0592794 Improve tracking of array taints 2020-06-18 18:48:19 -04:00
Brown
f609a01497 Move static property fetch analyzer to own class 2020-06-18 11:53:24 -04:00
Olle Härstedt
e1cc27f7a2
Add new config: sealAllMethods (#3578)
* Add new config: sealAllMethods

* Add some more tests

* Fix codesniffer issue with preg_quote

* Fix missing method in test

Co-authored-by: Olle <noemail>
2020-06-15 22:36:42 -04:00
Brown
03e9649d49 Fix tainting of function calls absent taintable params 2020-06-15 20:59:48 -04:00
Brown
8c5a434dc8 Allow updating array by reference 2020-06-15 14:45:08 -04:00
Matthew Brown
081a284759 Fix #3567 - remember which variables a callable sets byref in use 2020-06-14 11:58:50 -04:00
Matthew Brown
a49a0e5650 Fix #3551 - count method can be impure 2020-06-14 11:06:53 -04:00
Brown
9bfe50b20a Always analyse cast expressions
Fixes #3577
2020-06-12 17:25:46 -04:00
Brown
5617e9d7c9 Fix array_values call 2020-06-09 19:06:08 -04:00
Brown
286a8f911a Add support for static mixin calls
Fixes #3552
2020-06-09 18:39:52 -04:00
Matthew Brown
91e76f7173 Fix #3536 - Make method return type provider aware of original called method 2020-06-06 23:35:08 -04:00
Matthew Brown
0ac739fd48 Fix #3534 - allow magic method call on mixin 2020-06-06 23:28:32 -04:00
Matthew Brown
74a34f066c Don’t check classes if literal strings are allowed
Fixes #3538
2020-06-06 19:31:42 -04:00
Brown
cf92361338 Fix #3522 - only use property pass-through when it’s visible 2020-06-04 16:15:07 -04:00
Brown
a4aa44494f Fix #3519 - prevent empty callable string 2020-06-04 15:40:53 -04:00
El Azimov
bed5a74065
Add wildcard support for class constants in template. (#3489)
Co-authored-by: El Azimov <el.azimov@rocks>
2020-05-30 16:55:18 -04:00
feek
5330dcbd7a
fix: pass along final (#3471) 2020-05-28 01:59:24 -04:00
Brown
3c60609c21 Support better mixin handling 2020-05-27 11:12:09 -04:00
Brown
769ac5c052 Fix #3458 - scope templated mixin accurately 2020-05-26 23:32:07 -04:00
Brown
d04e21ee5a Define mixin declaring classname 2020-05-26 23:32:07 -04:00
Brown
3da3d61270 Fix #3434 by removing extraneous call to simplifyType 2020-05-26 17:55:54 -04:00
Brown
ecb179c784 Migrate min/max function calls back to CallMap 2020-05-26 12:28:56 -04:00
Brown
953be61cf2 Allow limiting connected taint paths 2020-05-25 23:28:11 -04:00
Brown
7e7456c863 Make taint checks more thorough 2020-05-25 17:10:53 -04:00
Brown
2e6fc24867 Template callmap methods too
Fixes #3453
2020-05-25 14:21:06 -04:00
Brown
118b700436 Simplify sink mapping for internal calls 2020-05-25 13:10:06 -04:00
Brown
be847472a2 Fix #3453 - allow conditional return types on instance methods 2020-05-25 09:39:30 -04:00
Brown
92a9a7efdf Handle flows into arguments a little better 2020-05-23 23:54:16 -04:00
Brown
fb3cb2c4d1 Only use plain return type if we’re not memoizing 2020-05-22 17:05:39 -04:00
Brown
4b1c3db760 Don’t memoize method call where we have a getter standin
Fixes #3427
2020-05-22 15:54:32 -04:00
Brown
8632cdb3cd Improve taint tracking during scanning phase 2020-05-22 12:33:48 -04:00
Brown
63c3678ae5 Improve property location resolution 2020-05-22 12:33:38 -04:00
Matthew Brown
187b944680 Add faster taint analysis 2020-05-22 12:33:29 -04:00
Brown
a3214012a6 Only convert userland functions 2020-05-19 16:15:41 -04:00
Brown
4415e0f69c Fix special case calling callable param with string non-global function
Fixes #3411
2020-05-19 15:48:31 -04:00
Brown
0b2da18f1e Break up StatementsAnalyzer 2020-05-19 12:56:30 -04:00
Brown
8e5b330c5a Break apart CallAnalyzer 2020-05-18 22:57:00 -04:00
Brown
5b06c206e0 Move classes into deeper namespace 2020-05-18 22:52:33 -04:00
Brown
5ee1487a01 Make ExpressionAnalyzer more beautiful 2020-05-18 15:13:27 -04:00
Brown
111303d913 Add non-empty-lowercase-string type 2020-05-15 10:18:05 -04:00
Brown
2af0a17d03 Fix #3236 - allow use-checking of more methods starting with __ 2020-05-12 22:39:26 -04:00
Brown
0d5d7c8938 Add null check 2020-05-11 11:56:07 -04:00
Brown
291018034b Remove unnecessary PHP code 2020-05-11 11:36:50 -04:00
Brown
8f2f2617d4 Improve refactor 2020-05-10 22:45:01 -04:00
Brown
5f4d162dd5 Break out type expander into separate class 2020-05-10 22:39:18 -04:00
Brown
2d5c2a9dd1 Fix #3324 - prevent crash asserting on possibly-undefined variable 2020-05-08 14:21:10 -04:00
Brown
a089d8bd58 Fix #3296 - propagate final flag to static calls in return types 2020-05-03 20:42:06 -04:00
Brown
618a54ff41 Fix #3240 - check arguments when class cannot be found 2020-05-02 22:13:59 -04:00
Brown
29741cd76d Remove earlier now-unnecessary fix 2020-05-02 19:24:48 -04:00
Matthew Brown
da5e8a4324 Increase type coverage for projects that use assert after mixed 2020-05-02 14:55:30 -04:00
Brown
07e5250292 Fix #3273 - add support for func_num_args() in conditional type 2020-05-01 16:02:53 -04:00
Brown
5e76467378 Fix #3279 - make sure self/parent references in mixin use existing class 2020-05-01 11:23:02 -04:00
Brown
a402d4598b Define with single argument should not trigger a notice
Fixes #3254
2020-04-28 14:43:12 -04:00
Brown
95dbb93732 Fix #3237 - allow mixin to reference generic params 2020-04-27 09:10:24 -04:00
Brown
f91e94b64e Make sure to remember correct positions of @var references 2020-04-27 00:05:20 -04:00
Brown
d88c31f461 Support templated @mixin 2020-04-26 16:49:52 -04:00
Brown
52c0346b65 Fix #3213 - make sure static is bound from a static call with set class 2020-04-22 11:34:46 -04:00
Brown
edb07952fc Static call inside throw does not violate purity 2020-04-18 12:43:51 -04:00
Brown
5988149272 Prevent checking assertions on $this-> types, always accessible 2020-04-12 14:13:42 -04:00
Brown
c733d6d373 Only perform assertions where the property type is known
cc @m0003r
2020-04-12 12:56:33 -04:00
m0003r
77270dc9b7
Getters automagic (#3122)
* When method is a plain getter: (1) correct method return type if property type is known (2) auto assert-if-true that corresponding property is not falsy

* do not use getter automagic if getter is overridden somewhere
2020-04-12 08:40:24 -04:00
m0003r
4d1be3f0c4
Allow plain assertions (@psalm-assert) about $this (fixes #3105) (#3108)
* Allow plain assertions (@psalm-assert) about $this (fixes #3105)

* Fix multiple assertion combining

* Fix multiple assertion combining for $this again

* Add test for multiple assertion combining for $this again
2020-04-09 08:15:07 -04:00
Brown
067104e170 Fix #3084 - keep track of upper and lower bounds of inferred template types 2020-04-07 00:13:56 -04:00
Matthew Brown
194f02507d Allow conditional types to reference class constants 2020-03-29 13:37:37 -04:00
Matthew Brown
5ad55ae693 Fix type inference on simple conditional function calls 2020-03-29 10:42:57 -04:00
Matthew Brown
e85d22f004 Fix #3033 - allow __invoke on unions with non-objects 2020-03-28 23:41:05 -04:00
Matthew Brown
47c1470e3b Refactor reference checks to use more appropriate properties 2020-03-28 16:30:56 -04:00
Brown
cc548a45fa Improve detection of unused classes 2020-03-28 14:45:58 -04:00
Brown
5cb1538448 Don’t add unnecessary taints 2020-03-27 19:09:15 -04:00
Brown
971ae50bea Do prep work for #3024 - improve handling of absent class references 2020-03-26 12:35:27 -04:00
Matthew Brown
f94ab22a5f Be better about strict inference 2020-03-25 09:18:49 -04:00
Brown
a9b6c51748 Improve new $class to make it more static-y 2020-03-24 18:30:08 -04:00
Brown
ec34a16291 Warn about invalid static returns 2020-03-24 18:00:20 -04:00
Brown
a7245b4459 Fix bugs 2020-03-23 13:29:00 -04:00
Matthew Brown
27a0651b6c Fix #3009 - make sure return type is set when returning early 2020-03-23 13:25:55 -04:00
Matthew Brown
ce9eef9ed7 Improve returning 2020-03-23 13:25:55 -04:00