Lukas Reschke
2ad5eee193
Add dedicated types for 'file', 'header' and 'cookie' ( #4630 )
...
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'
* Add documentation
* Add mapping for taint flows
* Add tests
* Fix test
2021-01-29 11:46:16 +01:00
Matt Brown
81486cfb12
Return empty instead of throwing
2021-01-29 11:46:16 +01:00
Matt Brown
685248225d
Fix formatting
2021-01-29 11:46:16 +01:00
Matt Brown
0acb02a595
Be more refined
2021-01-29 11:46:16 +01:00
Matt Brown
3b3239635b
Fix #4626 - array_key_exists should infer type for first arg where possible
2021-01-29 11:46:16 +01:00
Matt Brown
7b4f0745f5
Simplify assertion negations, centralising as much as possible
...
Now the flag passed to scrapeAssertions just determines the errors emitted
2021-01-29 11:46:16 +01:00
Matt Brown
6f9be03789
Revert "Fix #4624 - allow in_array to work with list arrays"
...
This reverts commit 08ae85a735
.
2021-01-29 11:46:16 +01:00
Matt Brown
191f305aec
Fix #4624 - allow in_array to work with list arrays
2021-01-29 11:46:15 +01:00
Matt Brown
43187a0e19
Fix #4620 - reconciled literal strings cannot carry taints
2021-01-29 11:46:15 +01:00
Mikhail Snetkov
f969b01db4
Fix missing bracket in docs ( #4614 )
2021-01-29 11:46:15 +01:00
Matt Brown
005f394d8e
Allow immutable classes to be specialised through calls
2021-01-29 11:46:15 +01:00
Matt Brown
106ab936f9
Unfix fixes
2021-01-29 11:46:15 +01:00
Matt Brown
cc17ebfa6a
Only ignore literal flows when tainting
2021-01-29 11:46:15 +01:00
Matt Brown
c3658e2590
Fix #4605 - taint parent-declared property
2021-01-29 11:46:15 +01:00
Matt Brown
e1c3959f5a
Fix #4603 - fix arithmetic to prevent end column 0
2021-01-29 11:46:15 +01:00
Matt Brown
a48f686695
Fix #4600 - set attributes in a bunch of places
2021-01-29 11:46:15 +01:00
Lukas Reschke
ce05165384
Split LDAP into custom category ( #4604 )
...
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
2021-01-29 11:46:14 +01:00
Matt Brown
3084c9f891
Add more attributes to fake PhpParser generated expressions
...
Ref #4600
2021-01-29 11:46:14 +01:00
Matt Brown
3b8a76d520
Fix #4599 - propagate taints to parent callers where necessary
2021-01-29 11:46:14 +01:00
Lukas Reschke
99d094b5e0
Add SSRF sinks ( #4592 )
2021-01-29 11:46:14 +01:00
Matt Brown
3484976686
Sanity check to ensure closure uses aren’t removed
2021-01-29 11:46:14 +01:00
Matt Brown
015aebf88a
Only create vendor dir in config if it exists
2021-01-29 11:46:14 +01:00
Matt Brown
8266150d47
Don’t exit with 1 when running security analysis in GitHub Actions and generating a file
2021-01-29 11:46:14 +01:00
Matt Brown
29ac570279
Taint analysis should always run fully
2021-01-29 11:46:14 +01:00
Matt Brown
5246841b12
Fix tests
2021-01-29 11:46:14 +01:00
Matt Brown
ff4959f308
Use resolution that works in multithreaded mode
2021-01-29 11:46:13 +01:00
Matt Brown
a4b56c9292
Simplify tainted output a bit, removing duplicate paths
2021-01-29 11:46:13 +01:00
Matt Brown
a7cc439db0
Don’t propagate taints to child constructor args
2021-01-29 11:46:13 +01:00
Matt Brown
5f6c6a1215
Allow TaintedInput to suppress all emitted issues
2021-01-29 11:46:13 +01:00
Matt Brown
db566c7c4d
Improve documentation for taints a little
...
Ref #4590
2021-01-29 11:46:13 +01:00
Matt Brown
0b14b6968e
Fix #4472 - if something flows into a byref var it’s used
2021-01-29 11:46:13 +01:00
Michael Stilkerich
aa4372db9a
Stub for preg_filter ( #4587 )
2021-01-29 11:46:13 +01:00
Lukas Reschke
c42927c6e4
Add SARIF as report output ( #4582 )
...
https://docs.oasis-open.org/sarif/sarif/v2.0/sarif-v2.0.html
2021-01-29 11:46:13 +01:00
Matt Brown
2c69618347
Break out TaintedInput issues into a lot of separate ones
2021-01-29 11:46:13 +01:00
Matt Brown
7a5ef10bfa
Fix #4578 - replace number type in ext-ds stubs
2021-01-29 11:46:12 +01:00
Benjamin Morel
4cd6a2b532
DateTimeInterface::getTimeZone() can return false ( #4579 )
...
Fixes #4515
2021-01-29 11:46:12 +01:00
Benjamin Morel
8d37f16616
mysqli::$insert_id can be a string ( #4577 )
2021-01-29 11:46:12 +01:00
Tyson Andre
e06350b1ad
Fix curl_multi_getcontent signature ( #4580 )
2021-01-29 11:46:12 +01:00
Matt Brown
e371685c3b
Allow PHP major version to determine substr return type
2021-01-29 11:46:12 +01:00
Lukas Reschke
a1fd92d9fd
Add more Psalm flows for string functions ( #4576 )
...
This adds string functions from
https://www.php.net/manual/en/ref.strings.php
This commit adds the flows for functions from "addcslashes" to "sprintf".
More are to follow in later commits.
Ref #3636
2021-01-29 11:46:12 +01:00
Dusk
4e7bd1e39b
Allow named arguments to variadic functions ( #4575 )
...
Closes #4563
2021-01-29 11:46:11 +01:00
Lukas Reschke
ff55dba130
Add sinks for popen and proc_open ( #4572 )
...
User input in those two functions could lead to a RCE.
popen: https://www.php.net/manual/en/function.popen.php
proc_open: https://www.php.net/manual/en/function.proc-open.php
2021-01-29 11:46:11 +01:00
Thomas Mauro Vargiu
f9adf26ae9
Fix #4549 Better intersection between parent types ( #4560 )
2021-01-29 11:46:11 +01:00
Lukas Reschke
6105732e8a
Fix typo ( #4555 )
2021-01-29 11:46:11 +01:00
Lukas Reschke
7079cff31c
$expr->name is not prefixed with $ ( #4554 )
...
The example as-is would currently not flag the following code:
```
public function foo() {
$foo = $bad_data;
\shell_exec($foo);
}
```
Switching it to `bad_data` made it work.
2021-01-29 11:46:11 +01:00
orklah
2f368244a4
Detect trying to access to a list with a negative offset ( #4552 )
2021-01-29 11:46:11 +01:00
Matt Brown
8b56e5eede
Fix #4558 - Don’t convert value-of to key-of template
2021-01-29 11:46:11 +01:00
Matt Brown
4fff920952
Fix #4529 - allow unsetting with complex array key
2021-01-29 11:46:10 +01:00
Matt Brown
eb2b8869b2
Fix style
2021-01-29 11:46:10 +01:00
Matt Brown
4a8c98257e
Add closure-use termination for byref flows
2021-01-29 11:46:10 +01:00