Page MenuHomePhabricator
Create Task
Maniphest T183174

UserGroupMembership::getLink() causes a significant portion of false positives for phan-taint-check-plugin
Closed, ResolvedPublic
Actions

Description

phan-taint-check-plugin does not take into account the actual values of variables or really do any flow analysis at all for that matter.

As a result, it cannot tell if the third argument to UserGroupMembership::getLink() is 'html' or 'wiki', even if its specified as a literal string in the method call. This results in a significant portion of the false positives from the tool.

So we could maybe try and special case phan-taint-check-plugin for this particular function (This would involve quite a bit of work to do properly. To do hackly would be less work). Or maybe we could split this function into UserGroupMembership::getLinkForWikitext() and UserGroupMembership::getLinkForHtml().

On one hand, tools should serve us not the other way around, we should not be forced to use coding constructs due to limitations of tools. On the other hand, the method is relatively new, and its a rather rare idiom in MediaWiki to control whether or not escaping happens via an argument (instead of different function name). I tend towards the splitting the function option, but I might be biased, and would like to hear futher opinions.

Details

SubjectRepoBranchLines +/-
Replace usages of deprecated UserGroupMembership::getLink()mediawiki/extensions/Lockdownmaster+2 -4
Replace usages of deprecated UserGroupMembership::getLink()mediawiki/extensions/OATHAuthmaster+1 -1
Replace usages of deprecated UserGroupMembership::getLink()mediawiki/extensions/MobileFrontendmaster+1 -2
Replace usages of deprecated UserGroupMembership::getLink()mediawiki/extensions/CentralAuthmaster+4 -7
Replace usages of deprecated UserGroupMembership::getLink()mediawiki/extensions/CheckUsermaster+1 -3
Replace usages of deprecated UserGroupMembership::getLink()mediawiki/coremaster+11 -17
user: Split and deprecate UserGroupMembership::getLink methodmediawiki/coremaster+117 -39
Refactor UserGroupMembershipmediawiki/coremaster+377 -83
Customize query in gerrit

Related Objects
Search...

Event Timeline

Bawolff created this task.Dec 18 2017, 7:44 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 18 2017, 7:44 PM
TTO added a comment.Dec 19 2017, 12:29 AM

If only PHP supported proper enums...

The function was previously split when it belonged to the User class (User::makeGroupLinkHTML and User::makeGroupLinkWiki) but I merged the two functions into one to eliminate duplication of logic. I don't really have an opinion on what should be done here.

Nice work on the taint tool btw, this is something we have needed for years.

Legoktm added a project: MediaWiki-User-management.Dec 19 2017, 12:31 AM
Legoktm subscribed.

+1 to splitting the methods again. We can use a private helper function to avoid duplicating logic.

Bawolff added a comment.Dec 19 2017, 3:28 AM

I definitely agree that we should use private methods to avoid code duplication as much as possible if we split the method.

TBolliger moved this task from Backlog to User rights on the MediaWiki-User-management board.Jan 12 2018, 10:57 PM
Bawolff moved this task from Backlog to Wikimedia deployed on the phan-taint-check-plugin board.Apr 29 2018, 3:26 PM
Legoktm moved this task from Wikimedia deployed to MediaWiki mode on the phan-taint-check-plugin board.Aug 2 2018, 9:40 AM
Legoktm mentioned this in T201112: Raw HTML messages in MobileFrontend.Aug 2 2018, 10:19 PM
Umherirrender mentioned this in T202373: Add phan-taint-check-plugin to Flow extension.Aug 21 2018, 10:34 AM
Umherirrender mentioned this in T202376: Add phan-taint-check-plugin to EducationProgram extension.Aug 21 2018, 11:17 AM
gerritbot subscribed.Sep 1 2018, 10:34 AM

Change 456879 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] Split UserGroupMembership::getLink into 2 functions

https://gerrit.wikimedia.org/r/456879

gerritbot added a project: Patch-For-Review.Sep 1 2018, 10:34 AM
sbassett mentioned this in T218091: Security Team quarterly check in for April - June 2019.Apr 19 2019, 7:02 PM
Daimona added a parent task: T231311: Enable seccheck for MW core.Aug 27 2019, 12:48 PM
gerritbot added a comment.Mar 23 2020, 3:11 AM

Change 456879 abandoned by Brian Wolff:
Refactor UserGroupMembership

Reason:
I don't really care about this anymore. Please feel free to take this over if anyone is interested.

https://gerrit.wikimedia.org/r/456879

Maintenance_bot removed a project: Patch-For-Review.Mar 23 2020, 4:10 AM
Daimona mentioned this in T248360: Phan warning in "includes/specials/SpecialMobileDiff.php" - working around by disabling.Mar 26 2020, 2:04 PM
Daimona mentioned this in T250630: MobileFrontend taint-check fails.Apr 20 2020, 11:31 AM
DannyS712 subscribed.Nov 29 2020, 8:29 PM
Daimona subscribed.Jan 12 2021, 2:13 PM

This is still causing many false positives. I agree with everything that was written above, including that taint-check cannot properly handle this case, that adding a hack would be trivial but it shouldn't become the standard way to fix issues in code, and that splitting this method seems a very good idea, regardless of taint-check. So I'm submitting a slim patch that does just the splitting now.

gerritbot added a comment.Jan 12 2021, 2:57 PM

Change 655688 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/core@master] Split UserGroupMembership::getLink

https://gerrit.wikimedia.org/r/655688

gerritbot added a project: Patch-For-Review.Jan 12 2021, 2:57 PM
Daimona mentioned this in T273932: Obscure phan taint-check failures for ActorStore patches.Feb 5 2021, 12:38 AM
Pppery edited projects, added Patch-Needs-Improvement; removed Patch-For-Review.Apr 1 2023, 4:07 PM
matmarex subscribed.May 20 2023, 5:04 PM
gerritbot added a comment.May 20 2023, 6:28 PM

Change 655688 merged by jenkins-bot:

[mediawiki/core@master] user: Split and deprecate UserGroupMembership::getLink method

https://gerrit.wikimedia.org/r/655688

Daimona added a comment.May 20 2023, 6:36 PM

The remaining thing to do is replacing all occurrences of the old method and fixing phan issues as needed. I'll try to do that.

gerritbot added a comment.May 20 2023, 6:52 PM

Change 921618 had a related patch set uploaded (by Daimona Eaytoy; author: Daimona Eaytoy):

[mediawiki/core@master] Replace usages of deprecated UserGroupMembership::getLink()

https://gerrit.wikimedia.org/r/921618

gerritbot added a project: Patch-For-Review.May 20 2023, 6:52 PM
Restricted Application removed a project: Patch-Needs-Improvement. · View Herald TranscriptMay 20 2023, 6:52 PM
ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.10; 2023-05-23).May 20 2023, 7:00 PM
gerritbot added a comment.May 21 2023, 10:06 AM

Change 921618 merged by jenkins-bot:

[mediawiki/core@master] Replace usages of deprecated UserGroupMembership::getLink()

https://gerrit.wikimedia.org/r/921618

gerritbot added a comment.May 21 2023, 10:12 AM

Change 921680 had a related patch set uploaded (by Daimona Eaytoy; author: Daimona Eaytoy):

[mediawiki/extensions/CentralAuth@master] Replace usages of deprecated UserGroupMembership::getLink()

https://gerrit.wikimedia.org/r/921680

gerritbot added a comment.May 21 2023, 10:16 AM

Change 921681 had a related patch set uploaded (by Daimona Eaytoy; author: Daimona Eaytoy):

[mediawiki/extensions/CheckUser@master] Replace usages of deprecated UserGroupMembership::getLink()

https://gerrit.wikimedia.org/r/921681

gerritbot added a comment.May 21 2023, 10:17 AM

Change 921684 had a related patch set uploaded (by Daimona Eaytoy; author: Daimona Eaytoy):

[mediawiki/extensions/MobileFrontend@master] Replace usages of deprecated UserGroupMembership::getLink()

https://gerrit.wikimedia.org/r/921684

gerritbot added a comment.May 21 2023, 1:09 PM

Change 921681 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Replace usages of deprecated UserGroupMembership::getLink()

https://gerrit.wikimedia.org/r/921681

gerritbot added a comment.May 21 2023, 1:27 PM

Change 921680 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] Replace usages of deprecated UserGroupMembership::getLink()

https://gerrit.wikimedia.org/r/921680

gerritbot added a comment.May 21 2023, 1:45 PM

Change 921684 merged by jenkins-bot:

[mediawiki/extensions/MobileFrontend@master] Replace usages of deprecated UserGroupMembership::getLink()

https://gerrit.wikimedia.org/r/921684

gerritbot added a comment.May 21 2023, 5:28 PM

Change 921554 had a related patch set uploaded (by Daimona Eaytoy; author: Daimona Eaytoy):

[mediawiki/extensions/Lockdown@master] Replace usages of deprecated UserGroupMembership::getLink()

https://gerrit.wikimedia.org/r/921554

gerritbot added a comment.May 21 2023, 5:31 PM

Change 921555 had a related patch set uploaded (by Daimona Eaytoy; author: Daimona Eaytoy):

[mediawiki/extensions/OATHAuth@master] Replace usages of deprecated UserGroupMembership::getLink()

https://gerrit.wikimedia.org/r/921555

Daimona claimed this task.May 21 2023, 5:34 PM

I've sent patches for all repos with phan enabled. Once those are meged, this task can be closed and UserGroupMembership::getLink() will follow the usual deprecation cycle.

gerritbot added a comment.May 22 2023, 2:29 PM

Change 921555 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] Replace usages of deprecated UserGroupMembership::getLink()

https://gerrit.wikimedia.org/r/921555

gerritbot added a comment.May 22 2023, 8:30 PM

Change 921554 merged by jenkins-bot:

[mediawiki/extensions/Lockdown@master] Replace usages of deprecated UserGroupMembership::getLink()

https://gerrit.wikimedia.org/r/921554

matmarex closed this task as Resolved.May 22 2023, 8:40 PM
matmarex mentioned this in T253879: Language::commaList (and friends) causing several taint-check false positives.
Daimona mentioned this in rELCK2c85ca9087ff: Replace usages of deprecated UserGroupMembership::getLink().May 22 2023, 9:12 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL