danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2025-01-22 05:41:20 +01:00
Code Issues Projects Releases Wiki Activity
7,552 Commits 43 Branches 314 Tags
Commit Graph

173 Commits

Author SHA1 Message Date
orklah
ceaaa39ec3
improve phpdoc (#4352) 2020-10-17 12:36:44 -04:00
Matt Brown
f3b05f5ab5 Move static code out of src 2020-10-12 00:59:19 -04:00
Marco Perone
a12fbb7f90
add some more stubs for array functions (#4271) 
* add some more stubs for array functions

* add function brackets to stubs

* add parameter names

* remove redundant brackets

* remove stubs already defined in return type providers
 2020-10-06 09:13:19 -04:00
Matt Brown
fb604bfacb 4.x - move class constants into their own storage object 2020-10-05 09:50:32 -04:00
Daniil Gentili
1eca537209
Add SplStack, SplHeap, SplMinHeap, SplMaxHeap, SplPriorityQueue stubs (#4255) 
* Add SplStack, SplHeap, SplMinHeap, SplMaxHeap, SplPriorityQueue stubs

* Add SplFixedArray
 2020-09-29 11:27:12 -04:00
orklah
a9a364e363
Misc improvements (#4216) 
* misc changes

* fix CI
 2020-09-20 08:55:28 -04:00
Brown
363887a445 Add explicit offset 
Fixes #4202
 2020-09-17 21:35:30 -04:00
Daniel Badura
7d5dbd3f38
add random_int as stub, returns positive-int if min is positive-int (#4199) 2020-09-17 08:31:31 -04:00
orklah
ead107fa9e
More return types (#4173) 
* add native return types

* redundant phpdoc
 2020-09-12 11:24:05 -04:00
Brown
fe4af8ff1a Minor fixes 2020-09-07 17:22:43 -04:00
Brown
681eff6dd4 Fix type 2020-09-04 18:35:19 -04:00
Brown
2895402269 Add asterisks 2020-09-04 18:32:51 -04:00
Brown
d3d8c4ed87 Hard code possible bit-shift values 2020-09-04 18:31:50 -04:00
Brown
4d82d3ddad Fix #4128 - improve understanding of preg_match_all 2020-09-04 18:10:14 -04:00
Brown
8d790256e0 Revert trim changes 2020-09-01 17:42:11 -04:00
Brown
0804141d56 Fix type coercion 2020-09-01 17:23:43 -04:00
lhchavez
817779274e
Add null as a possible type parameter to strval (#4100) 
https://www.php.net/manual/en/language.types.string.php#language.types.string.casting mentions

> `NULL` is always converted to an empty string.

Which seems to indicate that it is a valid argument for it.

As opposed to stringifying other types (like arrays), `strval(null)` does not cause a warning in PHP.
 2020-09-01 09:21:32 -04:00
Markus Staab
0280757b4a
Added more fine grained strpos stub (#4101) 
* Added strpos stub

* Update CoreGenericFunctions.phpstub

* Update CoreGenericFunctions.phpstub
 2020-09-01 09:17:57 -04:00
Joe Hoyle
674392737d
Include variadic and pass-by-ref params in generated stubs (#4091) 
When generating stubs, params that are passed by ref or variadic don't get added to the generated code stub output.
 2020-08-31 10:05:22 -04:00
Brown
7ef3d4711f Fix some more tests 2020-07-21 23:16:56 -04:00
Brown
76bd5b6278 Refactor type comparison 2020-07-21 19:40:35 -04:00
ygottschalk
de2109234d
fixes wrong return type of key() #3838 (#3839) 
* fixes wrong return type of key() #3838
fixed/added tests for key

* fixed test again
 2020-07-20 04:49:36 -04:00
Adrien LUCAS
d44130191b
Allow taint through strval sprintf (#3836) 
* Add psalm-flow to strval

* Unexpected behavior with implode
 2020-07-17 10:12:04 -04:00
Brown
06ee1b71c7 Improve check for empty array 2020-07-15 09:49:30 -04:00
ygottschalk
94e2552d1c
Fix #3810 removing ignore-nullable-return (#3817) 
* Fix #3810 removing ignore-nullable-return form stubs of key, array_key_first, array_key_last

* fixed test failing due to changes to key()

* Improve key return type

* Remove unnecessary check

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-07-14 17:43:26 -04:00
Brown
cb94764d22 Prevent false-positive for Exception::__toString overriding 2020-07-02 14:09:56 -04:00
Tyson Andre
e3d59bf5d4
Support taint detection on Throwable::getTraceAsString() (#3731) 
And `__toString()`, which uses getTraceAsString().

Fixes #3696

```php
function login($username, $password, $secret) {
    throw new RuntimeException('login failure');
}
try {
    login('user', $_GET['pass'], SECRET);
} catch (Exception $e) {
    // This output includes unescaped 'pass' and SECRET
    echo $e, "\n";
    echo $e->getTraceAsString();
}
```
 2020-07-01 21:27:40 -04:00
Tyson Andre
3a9c7432e1
Add psalm-taint-specialize for preg_replace_callback (#3683) 
Fixes https://psalm.dev/r/517c4a169e
 2020-06-26 08:58:57 -04:00
Brown
9aa0aca949 Fix handling of coerced callmap args 2020-06-24 11:51:31 -04:00
Brown
f46236ad71 Taint flows through preg_replace_callback 2020-06-23 15:28:31 -04:00
Brown
e8be2c500e Support taint flows in more functions 2020-06-22 17:53:03 -04:00
Brown
fbe3433edd Use escape terminology 2020-06-21 11:43:08 -04:00
Jáchym Toušek
c6611cfcd1
Update ext-ds stubs (#3559) 2020-06-10 17:27:39 -04:00
Šimon Podlipský
596213c2c3
Make ext-ds to array return list<V> (#3520) 2020-06-04 09:56:00 -04:00
Brown
5c80dc3299 Fix #3515 - add merge method to Vector 2020-06-03 16:50:01 -04:00
orklah
428beb21fb
Improve stubs for str_replace and preg_replace (#3495) 
* expand accepted values for str_replace and preg_replace. Make return conditional based on type of $subject

* Remove int|float from str_replace/preg_replace

Co-authored-by: Matthew Brown <github@muglug.com>
 2020-05-30 16:59:18 -04:00
orklah
51bf7f38de
Fix #3438 (#3494) 2020-05-30 16:55:55 -04:00
Brown
30907f0269 Clean up comment parsing 2020-05-28 22:14:41 -04:00
Brown
a2b6326a84 Change specialize-call to taint-specialize 2020-05-26 14:18:43 -04:00
Brown
ecb179c784 Migrate min/max function calls back to CallMap 2020-05-26 12:28:56 -04:00
Brown
16af6a5773 Improve concat taint propagation 2020-05-23 01:11:16 -04:00
Brown
dc73e25157 Detect taints in include calls 2020-05-22 23:53:37 -04:00
Brown
4010129e96 Fix #3420 - add ds\vector::toArray method 2020-05-22 15:26:19 -04:00
Brown
8632cdb3cd Improve taint tracking during scanning phase 2020-05-22 12:33:48 -04:00
Matthew Brown
187b944680 Add faster taint analysis 2020-05-22 12:33:29 -04:00
Jáchym Toušek
8855b6c1d9
Fix Ds\Map methods (#3412) 2020-05-20 07:27:25 -04:00
orklah
478bb267d8
stubs for array_sum (#3395) 2020-05-18 17:23:21 -04:00
Brown
111303d913 Add non-empty-lowercase-string type 2020-05-15 10:18:05 -04:00
Brown
291018034b Remove unnecessary PHP code 2020-05-11 11:36:50 -04:00
Brown
eefd2e743b Use generic function definition for sscanf 
cc @villfa
 2020-05-10 23:58:51 -04:00