Matt Brown
|
9a03a9a5d0
|
Move param taint sink addition after arguuments have been analysed
|
2020-11-22 19:39:40 -05:00 |
|
Lukas Reschke
|
a36c1af846
|
Add more verbose description for TaintedHtml (#4668)
Ref https://github.com/vimeo/psalm/issues/4590
|
2020-11-22 19:14:48 -05:00 |
|
Matt Brown
|
853432a6aa
|
Fix tests
|
2020-11-22 16:24:33 -05:00 |
|
Matt Brown
|
6399707dd6
|
Prevent flows through TaintedInput-suppressed files
|
2020-11-22 16:04:57 -05:00 |
|
Matt Brown
|
b782dd4225
|
Make sure conditional escaping works for static methods too
|
2020-11-22 13:39:32 -05:00 |
|
Matt Brown
|
af008953a8
|
Fix #4661 - support conditional escaping for functions
|
2020-11-22 13:24:33 -05:00 |
|
Matt Brown
|
bd612c476c
|
Break apart large function
|
2020-11-22 13:24:33 -05:00 |
|
Lukas Reschke
|
7ac42551de
|
Add some more flows (#4659)
* Add some more flows
- Adds all relevant JSON flows https://www.php.net/manual/en/ref.json.php
- Adds all relevant misc flows https://www.php.net/manual/en/ref.misc.php
- Adds a small subset of URL flows https://www.php.net/manual/en/ref.url.php
* Update CoreGenericFunctions.phpstub
|
2020-11-22 12:09:55 -05:00 |
|
Matt Brown
|
2c77424e16
|
Fix #4656 - separate UnusedConstructor from UnusedMethod
|
2020-11-22 11:48:17 -05:00 |
|
orklah
|
97f0a78ac1
|
Only crash Psalm when the faulty file is in project (#4658)
|
2020-11-22 09:07:00 -05:00 |
|
orklah
|
a3217265ce
|
null operations should return mixed results (#4655)
|
2020-11-22 09:06:03 -05:00 |
|
Matt Brown
|
0d0ed8be15
|
Fix slash
|
2020-11-22 09:04:44 -05:00 |
|
Matt Brown
|
60b3086b9a
|
Fix #4609 - add more attribute rules
|
2020-11-22 01:15:52 -05:00 |
|
Matt Brown
|
66d574b82e
|
Fix #4475 - verify that used attributes actual use the Attribute attribute
|
2020-11-22 00:52:56 -05:00 |
|
Matt Brown
|
11825a2cc2
|
Fix #4611 - flag invalid attribute arguments correctly
|
2020-11-22 00:44:44 -05:00 |
|
Matt Brown
|
1fc1cae1d5
|
Fix #4615 - ensure promoted properties are not treated as uninitialized
|
2020-11-22 00:32:02 -05:00 |
|
Matt Brown
|
6b1112e6ea
|
Fix #4653 - prevent crash with recursive type in root namespace
|
2020-11-22 00:26:14 -05:00 |
|
Matt Brown
|
baca927aab
|
Fix #4643 - use PHP8 union types when possible
|
2020-11-21 22:50:56 -05:00 |
|
Matt Brown
|
efafe2edd5
|
Add instanceof check
|
2020-11-21 20:15:13 -05:00 |
|
Matt Brown
|
19bb4aba56
|
Remove unnecessary coercion
|
2020-11-21 18:26:55 -05:00 |
|
Matt Brown
|
df2ec48018
|
Don’t erase already-known literal ints
Fixes #4644
|
2020-11-21 18:26:13 -05:00 |
|
Matt Brown
|
3728837ef9
|
Only run unused code analysis where necessary
|
2020-11-21 18:25:18 -05:00 |
|
Matt Brown
|
f0ae0e5cb4
|
Break aparat type combiner
|
2020-11-21 18:11:29 -05:00 |
|
orklah
|
f21f6f40e5
|
return string in phpdoc for a literal class-string (#4652)
|
2020-11-21 17:42:53 -05:00 |
|
orklah
|
98370b65d7
|
avoid formating useless type (#4651)
|
2020-11-21 17:42:26 -05:00 |
|
Lukas Reschke
|
ffb0c4ae17
|
Implement variadic taint propagation (#4649)
* Implement variadic taint propagation
* Lint code
|
2020-11-21 17:41:40 -05:00 |
|
orklah
|
ae0486529e
|
Unused psalm-suppress (#4646)
|
2020-11-21 17:39:40 -05:00 |
|
orklah
|
509a937d1b
|
use int|string in phpdoc format for array-key (#4645)
|
2020-11-21 17:38:40 -05:00 |
|
dq5studios
|
7f4e0b176e
|
Fix whitespace in help output (#4642)
|
2020-11-21 17:37:50 -05:00 |
|
Lukas Reschke
|
3943b55f8a
|
Add psalm-flow for string functions from sscanf to wordwrap (#4591)
* Add string functions from sscanf to wordwrap
This should conclude all string functions from https://www.php.net/manual/en/book.strings.php
Continuation of https://github.com/vimeo/psalm/pull/4576
Ref https://github.com/vimeo/psalm/issues/3636
* Add StrTrReturnTypeProvider
* Fix psalm error
* phpcs
* Line length
* Ignore false return on vsprintf
Co-authored-by: Matthew Brown <github@muglug.com>
|
2020-11-21 17:35:07 -05:00 |
|
Matthew Brown
|
bf873b2e2a
|
Fix taint description
|
2020-11-20 19:51:59 -05:00 |
|
Matt Brown
|
62b0ddd74d
|
Fix test
|
2020-11-20 19:07:48 -05:00 |
|
Matt Brown
|
23ab0f1ddb
|
Allow Psalm to run in taint analysis mode without a config
|
2020-11-20 19:02:44 -05:00 |
|
Matt Brown
|
67478949c2
|
Allow mixed in PHP 8 for manipulation
|
2020-11-20 18:53:48 -05:00 |
|
orklah
|
6b72599ec5
|
allow static return type in PHP8 (#4641)
|
2020-11-20 18:46:35 -05:00 |
|
Matt Brown
|
187635c488
|
Fix Phar platform check
Fixes #4640
|
2020-11-20 11:08:40 -05:00 |
|
Matt Brown
|
ea9cb72143
|
First creation_function param isnÆt really a sink
|
2020-11-20 09:56:53 -05:00 |
|
Matt Brown
|
1cead18760
|
Fix #4637 - prevent regression when negating function call with === false
|
2020-11-20 09:56:53 -05:00 |
|
Dalibor Karlović
|
da632ca73a
|
feature: allow plugin manager to work without config file (#4639)
|
2020-11-20 09:54:14 -05:00 |
|
Matt Brown
|
ce8938263e
|
Fix #4636 - prevent crashes on aliased classes
|
2020-11-20 09:29:24 -05:00 |
|
Matthew Brown
|
ccf6e2805f
|
Grammar
|
2020-11-19 19:40:40 -05:00 |
|
Matthew Brown
|
7c62b0c494
|
Make Readme more punchy
|
2020-11-19 19:40:17 -05:00 |
|
Markus Staab
|
acb4bb42e1
|
documented type in InternalTaintSinkMap (#4627)
|
2020-11-19 19:27:40 -05:00 |
|
Matt Brown
|
c562e1dd52
|
Don’t taint foreach keys with array-fetch
We could use array-keyfetch or similar, but for now gives false-positives
|
2020-11-19 19:08:59 -05:00 |
|
orklah
|
e04f219948
|
return static instead of self when static context detected (#4632)
* return this instead of self when static context detected
* replace $this by static
|
2020-11-19 19:02:25 -05:00 |
|
Matt Brown
|
78d644d1a1
|
Change TaintedText to TaintedCallable
|
2020-11-19 19:01:19 -05:00 |
|
Matt Brown
|
4c315ec45c
|
Closure calls aren’t sinks
|
2020-11-19 18:44:36 -05:00 |
|
Lukas Reschke
|
24fe7e577d
|
Advertise SARIF export in the documentation (#4633)
|
2020-11-19 17:48:57 -05:00 |
|
Lukas Reschke
|
78f4a0691c
|
Add dedicated types for 'file', 'header' and 'cookie' (#4630)
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'
* Add documentation
* Add mapping for taint flows
* Add tests
* Fix test
|
2020-11-19 17:47:29 -05:00 |
|
Matt Brown
|
70c9fd97c7
|
Return empty instead of throwing
|
2020-11-19 16:25:53 -05:00 |
|