1
0
mirror of https://github.com/danog/psalm.git synced 2024-11-27 12:55:26 +01:00
Commit Graph

7793 Commits

Author SHA1 Message Date
Matt Brown
9a03a9a5d0 Move param taint sink addition after arguuments have been analysed 2020-11-22 19:39:40 -05:00
Lukas Reschke
a36c1af846
Add more verbose description for TaintedHtml (#4668)
Ref https://github.com/vimeo/psalm/issues/4590
2020-11-22 19:14:48 -05:00
Matt Brown
853432a6aa Fix tests 2020-11-22 16:24:33 -05:00
Matt Brown
6399707dd6 Prevent flows through TaintedInput-suppressed files 2020-11-22 16:04:57 -05:00
Matt Brown
b782dd4225 Make sure conditional escaping works for static methods too 2020-11-22 13:39:32 -05:00
Matt Brown
af008953a8 Fix #4661 - support conditional escaping for functions 2020-11-22 13:24:33 -05:00
Matt Brown
bd612c476c Break apart large function 2020-11-22 13:24:33 -05:00
Lukas Reschke
7ac42551de
Add some more flows (#4659)
* Add some more flows

- Adds all relevant JSON flows https://www.php.net/manual/en/ref.json.php
- Adds all relevant misc flows https://www.php.net/manual/en/ref.misc.php
- Adds a small subset of URL flows https://www.php.net/manual/en/ref.url.php

* Update CoreGenericFunctions.phpstub
2020-11-22 12:09:55 -05:00
Matt Brown
2c77424e16 Fix #4656 - separate UnusedConstructor from UnusedMethod 2020-11-22 11:48:17 -05:00
orklah
97f0a78ac1
Only crash Psalm when the faulty file is in project (#4658) 2020-11-22 09:07:00 -05:00
orklah
a3217265ce
null operations should return mixed results (#4655) 2020-11-22 09:06:03 -05:00
Matt Brown
0d0ed8be15 Fix slash 2020-11-22 09:04:44 -05:00
Matt Brown
60b3086b9a Fix #4609 - add more attribute rules 2020-11-22 01:15:52 -05:00
Matt Brown
66d574b82e Fix #4475 - verify that used attributes actual use the Attribute attribute 2020-11-22 00:52:56 -05:00
Matt Brown
11825a2cc2 Fix #4611 - flag invalid attribute arguments correctly 2020-11-22 00:44:44 -05:00
Matt Brown
1fc1cae1d5 Fix #4615 - ensure promoted properties are not treated as uninitialized 2020-11-22 00:32:02 -05:00
Matt Brown
6b1112e6ea Fix #4653 - prevent crash with recursive type in root namespace 2020-11-22 00:26:14 -05:00
Matt Brown
baca927aab Fix #4643 - use PHP8 union types when possible 2020-11-21 22:50:56 -05:00
Matt Brown
efafe2edd5 Add instanceof check 2020-11-21 20:15:13 -05:00
Matt Brown
19bb4aba56 Remove unnecessary coercion 2020-11-21 18:26:55 -05:00
Matt Brown
df2ec48018 Don’t erase already-known literal ints
Fixes #4644
2020-11-21 18:26:13 -05:00
Matt Brown
3728837ef9 Only run unused code analysis where necessary 2020-11-21 18:25:18 -05:00
Matt Brown
f0ae0e5cb4 Break aparat type combiner 2020-11-21 18:11:29 -05:00
orklah
f21f6f40e5
return string in phpdoc for a literal class-string (#4652) 2020-11-21 17:42:53 -05:00
orklah
98370b65d7
avoid formating useless type (#4651) 2020-11-21 17:42:26 -05:00
Lukas Reschke
ffb0c4ae17
Implement variadic taint propagation (#4649)
* Implement variadic taint propagation

* Lint code
2020-11-21 17:41:40 -05:00
orklah
ae0486529e
Unused psalm-suppress (#4646) 2020-11-21 17:39:40 -05:00
orklah
509a937d1b
use int|string in phpdoc format for array-key (#4645) 2020-11-21 17:38:40 -05:00
dq5studios
7f4e0b176e
Fix whitespace in help output (#4642) 2020-11-21 17:37:50 -05:00
Lukas Reschke
3943b55f8a
Add psalm-flow for string functions from sscanf to wordwrap (#4591)
* Add string functions from sscanf to wordwrap

This should conclude all string functions from https://www.php.net/manual/en/book.strings.php

Continuation of https://github.com/vimeo/psalm/pull/4576

Ref https://github.com/vimeo/psalm/issues/3636

* Add StrTrReturnTypeProvider

* Fix psalm error

* phpcs

* Line length

* Ignore false return on vsprintf

Co-authored-by: Matthew Brown <github@muglug.com>
2020-11-21 17:35:07 -05:00
Matthew Brown
bf873b2e2a
Fix taint description 2020-11-20 19:51:59 -05:00
Matt Brown
62b0ddd74d Fix test 2020-11-20 19:07:48 -05:00
Matt Brown
23ab0f1ddb Allow Psalm to run in taint analysis mode without a config 2020-11-20 19:02:44 -05:00
Matt Brown
67478949c2 Allow mixed in PHP 8 for manipulation 2020-11-20 18:53:48 -05:00
orklah
6b72599ec5
allow static return type in PHP8 (#4641) 2020-11-20 18:46:35 -05:00
Matt Brown
187635c488 Fix Phar platform check
Fixes #4640
2020-11-20 11:08:40 -05:00
Matt Brown
ea9cb72143 First creation_function param isnÆt really a sink 2020-11-20 09:56:53 -05:00
Matt Brown
1cead18760 Fix #4637 - prevent regression when negating function call with === false 2020-11-20 09:56:53 -05:00
Dalibor Karlović
da632ca73a
feature: allow plugin manager to work without config file (#4639) 2020-11-20 09:54:14 -05:00
Matt Brown
ce8938263e Fix #4636 - prevent crashes on aliased classes 2020-11-20 09:29:24 -05:00
Matthew Brown
ccf6e2805f
Grammar 2020-11-19 19:40:40 -05:00
Matthew Brown
7c62b0c494
Make Readme more punchy 2020-11-19 19:40:17 -05:00
Markus Staab
acb4bb42e1
documented type in InternalTaintSinkMap (#4627) 2020-11-19 19:27:40 -05:00
Matt Brown
c562e1dd52 Don’t taint foreach keys with array-fetch
We could use array-keyfetch or similar, but for now gives false-positives
2020-11-19 19:08:59 -05:00
orklah
e04f219948
return static instead of self when static context detected (#4632)
* return this instead of self when static context detected

* replace $this by static
2020-11-19 19:02:25 -05:00
Matt Brown
78d644d1a1 Change TaintedText to TaintedCallable 2020-11-19 19:01:19 -05:00
Matt Brown
4c315ec45c Closure calls aren’t sinks 2020-11-19 18:44:36 -05:00
Lukas Reschke
24fe7e577d
Advertise SARIF export in the documentation (#4633) 2020-11-19 17:48:57 -05:00
Lukas Reschke
78f4a0691c
Add dedicated types for 'file', 'header' and 'cookie' (#4630)
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'

* Add documentation

* Add mapping for taint flows

* Add tests

* Fix test
2020-11-19 17:47:29 -05:00
Matt Brown
70c9fd97c7 Return empty instead of throwing 2020-11-19 16:25:53 -05:00