danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-11-26 20:34:47 +01:00
Code Issues Projects Releases Wiki Activity
7,750 Commits 43 Branches 314 Tags 108 MiB
f9edf5d7e1
Commit Graph

7750 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dq5studios
f9edf5d7e1
Fix whitespace in help output (#4642) 2021-01-29 11:46:19 +01:00
Lukas Reschke
4de2bf8f7f
Add psalm-flow for string functions from sscanf to wordwrap (#4591) 
* Add string functions from sscanf to wordwrap

This should conclude all string functions from https://www.php.net/manual/en/book.strings.php

Continuation of https://github.com/vimeo/psalm/pull/4576

Ref https://github.com/vimeo/psalm/issues/3636

* Add StrTrReturnTypeProvider

* Fix psalm error

* phpcs

* Line length

* Ignore false return on vsprintf

Co-authored-by: Matthew Brown <github@muglug.com>
 2021-01-29 11:46:19 +01:00
Matthew Brown
7edb8ef3f8
Fix taint description 2021-01-29 11:46:19 +01:00
Matt Brown
38d1dded4e
Fix test 2021-01-29 11:46:19 +01:00
Matt Brown
b539fdf70e
Allow Psalm to run in taint analysis mode without a config 2021-01-29 11:46:18 +01:00
Matt Brown
1bd087bd0d
Allow mixed in PHP 8 for manipulation 2021-01-29 11:46:18 +01:00
orklah
289a3b220b
allow static return type in PHP8 (#4641) 2021-01-29 11:46:18 +01:00
Matt Brown
fb1fce8723
Fix Phar platform check 
Fixes #4640
 2021-01-29 11:46:18 +01:00
Matt Brown
7f0ac653a1
First creation_function param isnÆt really a sink 2021-01-29 11:46:18 +01:00
Matt Brown
068907327d
Fix #4637 - prevent regression when negating function call with === false 2021-01-29 11:46:18 +01:00
Dalibor Karlović
ea089d9696
feature: allow plugin manager to work without config file (#4639) 2021-01-29 11:46:17 +01:00
Matt Brown
12e9a3d2ab
Fix #4636 - prevent crashes on aliased classes 2021-01-29 11:46:17 +01:00
Matthew Brown
2c14699ae4
Grammar 2021-01-29 11:46:17 +01:00
Matthew Brown
534b1d135a
Make Readme more punchy 2021-01-29 11:46:17 +01:00
Markus Staab
2c998aea7e
documented type in InternalTaintSinkMap (#4627) 2021-01-29 11:46:17 +01:00
Matt Brown
84348ec38d
Don’t taint foreach keys with array-fetch 
We could use array-keyfetch or similar, but for now gives false-positives
 2021-01-29 11:46:17 +01:00
orklah
5afbf5f831
return static instead of self when static context detected (#4632) 
* return this instead of self when static context detected

* replace $this by static
 2021-01-29 11:46:17 +01:00
Matt Brown
02b1cc2288
Change TaintedText to TaintedCallable 2021-01-29 11:46:17 +01:00
Matt Brown
5e3cfd3996
Closure calls aren’t sinks 2021-01-29 11:46:16 +01:00
Lukas Reschke
3fb73564f6
Advertise SARIF export in the documentation (#4633) 2021-01-29 11:46:16 +01:00
Lukas Reschke
2ad5eee193
Add dedicated types for 'file', 'header' and 'cookie' (#4630) 
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'

* Add documentation

* Add mapping for taint flows

* Add tests

* Fix test
 2021-01-29 11:46:16 +01:00
Matt Brown
81486cfb12
Return empty instead of throwing 2021-01-29 11:46:16 +01:00
Matt Brown
685248225d
Fix formatting 2021-01-29 11:46:16 +01:00
Matt Brown
0acb02a595
Be more refined 2021-01-29 11:46:16 +01:00
Matt Brown
3b3239635b
Fix #4626 - array_key_exists should infer type for first arg where possible 2021-01-29 11:46:16 +01:00
Matt Brown
7b4f0745f5
Simplify assertion negations, centralising as much as possible 
Now the flag passed to scrapeAssertions just determines the errors emitted
 2021-01-29 11:46:16 +01:00
Matt Brown
6f9be03789
Revert "Fix #4624 - allow in_array to work with list arrays" 
This reverts commit 08ae85a735.
 2021-01-29 11:46:16 +01:00
Matt Brown
191f305aec
Fix #4624 - allow in_array to work with list arrays 2021-01-29 11:46:15 +01:00
Matt Brown
43187a0e19
Fix #4620 - reconciled literal strings cannot carry taints 2021-01-29 11:46:15 +01:00
Mikhail Snetkov
f969b01db4
Fix missing bracket in docs (#4614) 2021-01-29 11:46:15 +01:00
Matt Brown
005f394d8e
Allow immutable classes to be specialised through calls 2021-01-29 11:46:15 +01:00
Matt Brown
106ab936f9
Unfix fixes 2021-01-29 11:46:15 +01:00
Matt Brown
cc17ebfa6a
Only ignore literal flows when tainting 2021-01-29 11:46:15 +01:00
Matt Brown
c3658e2590
Fix #4605 - taint parent-declared property 2021-01-29 11:46:15 +01:00
Matt Brown
e1c3959f5a
Fix #4603 - fix arithmetic to prevent end column 0 2021-01-29 11:46:15 +01:00
Matt Brown
a48f686695
Fix #4600 - set attributes in a bunch of places 2021-01-29 11:46:15 +01:00
Lukas Reschke
ce05165384
Split LDAP into custom category (#4604) 
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
 2021-01-29 11:46:14 +01:00
Matt Brown
3084c9f891
Add more attributes to fake PhpParser generated expressions 
Ref #4600
 2021-01-29 11:46:14 +01:00
Matt Brown
3b8a76d520
Fix #4599 - propagate taints to parent callers where necessary 2021-01-29 11:46:14 +01:00
Lukas Reschke
99d094b5e0
Add SSRF sinks (#4592) 2021-01-29 11:46:14 +01:00
Matt Brown
3484976686
Sanity check to ensure closure uses aren’t removed 2021-01-29 11:46:14 +01:00
Matt Brown
015aebf88a
Only create vendor dir in config if it exists 2021-01-29 11:46:14 +01:00
Matt Brown
8266150d47
Don’t exit with 1 when running security analysis in GitHub Actions and generating a file 2021-01-29 11:46:14 +01:00
Matt Brown
29ac570279
Taint analysis should always run fully 2021-01-29 11:46:14 +01:00
Matt Brown
5246841b12
Fix tests 2021-01-29 11:46:14 +01:00
Matt Brown
ff4959f308
Use resolution that works in multithreaded mode 2021-01-29 11:46:13 +01:00
Matt Brown
a4b56c9292
Simplify tainted output a bit, removing duplicate paths 2021-01-29 11:46:13 +01:00
Matt Brown
a7cc439db0
Don’t propagate taints to child constructor args 2021-01-29 11:46:13 +01:00
Matt Brown
5f6c6a1215
Allow TaintedInput to suppress all emitted issues 2021-01-29 11:46:13 +01:00
Matt Brown
db566c7c4d
Improve documentation for taints a little 
Ref #4590
 2021-01-29 11:46:13 +01:00