Page MenuHomePhabricator

Cite extension does not pass phan-taint-check 1.2.0
Closed, ResolvedPublic

Description

./includes/Cite.php:276 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group.
./includes/Cite.php:277 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group.
./includes/Cite.php:279 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group.
./includes/Cite.php:284 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group.
./includes/Cite.php:285 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group.
./includes/Cite.php:287 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group.
./includes/Cite.php:295 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key.
./includes/Cite.php:296 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key.
./includes/Cite.php:314 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key.
./includes/Cite.php:315 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key.
./includes/Cite.php:777 SecurityCheck-DoubleEscaped Calling method \Parser::recursiveTagParse() in \Cite::referencesFormat that outputs using tainted argument $parserInput. (Caused by: ./includes/Cite.php +772)
./includes/Cite.php:1050 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: ./includes/Cite.php +984; ./includes/Cite.php +1131; ./includes/Cite.php +987)
./includes/Cite.php:1050 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: ./includes/Cite.php +984; ./includes/Cite.php +1131; ./includes/Cite.php +987; ./includes/Cite.php +1131)
./includes/Cite.php:1058 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: ./includes/Cite.php +984; ./includes/Cite.php +1131; ./includes/Cite.php +987)
./includes/Cite.php:1058 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: ./includes/Cite.php +984; ./includes/Cite.php +1131; ./includes/Cite.php +987; ./includes/Cite.php +1131)
./includes/Cite.php:1234 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::checkRefsNoReferences that outputs using tainted argument $group. (Caused by: ./includes/Cite.php +1227; ./includes/Cite.php +743; ./includes/Cite.php +1232)
./includes/Cite.php:1235 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::checkRefsNoReferences that outputs using tainted argument $group. (Caused by: ./includes/Cite.php +1227; ./includes/Cite.php +743; ./includes/Cite.php +1232)
./includes/Cite.php:1237 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::checkRefsNoReferences that outputs using tainted argument $group. (Caused by: ./includes/Cite.php +1227; ./includes/Cite.php +743; ./includes/Cite.php +1232)
./includes/Cite.php:1369 SecurityCheck-DoubleEscaped Calling method \Parser::recursiveTagParse() in \Cite::error that outputs using tainted argument $ret. (Caused by: ./includes/Cite.php +1358)
./includes/Cite.php:1369 SecurityCheck-DoubleEscaped Calling method \Parser::recursiveTagParse() in \Cite::error that outputs using tainted argument $ret. (Caused by: ./includes/Cite.php +1358; ./includes/Cite.php +1369)
./includes/Cite.php:1412 SecurityCheck-DoubleEscaped Calling method \Parser::recursiveTagParse() in \Cite::warning that outputs using tainted argument $ret. (Caused by: ./includes/Cite.php +1400)
./includes/Cite.php:1412 SecurityCheck-DoubleEscaped Calling method \Parser::recursiveTagParse() in \Cite::warning that outputs using tainted argument $ret. (Caused by: ./includes/Cite.php +1400; ./includes/Cite.php +1412)

Event Timeline

Umherirrender created this task.
Vvjjkkii renamed this task from Cite extension does not pass phan-taint-check 1.2.0 to eqcaaaaaaa.Jul 1 2018, 1:09 AM
Vvjjkkii raised the priority of this task from Medium to High.
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed a subscriber: Aklapper.
CommunityTechBot renamed this task from eqcaaaaaaa to Cite extension does not pass phan-taint-check 1.2.0.Jul 2 2018, 4:53 AM
CommunityTechBot lowered the priority of this task from High to Medium.
CommunityTechBot updated the task description. (Show Details)
CommunityTechBot added a subscriber: Aklapper.

It is now failing also for 1.1.0 and blocks merges

<?xml version="1.0" encoding="ISO-8859-15"?>
<checkstyle version="6.5">
  <file name="./includes/Cite.php">
    <error line="276" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/>
    <error line="277" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/>
    <error line="279" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/>
    <error line="284" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/>
    <error line="285" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/>
    <error line="287" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/>
    <error line="295" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/>
    <error line="296" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/>
    <error line="314" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/>
    <error line="315" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/>
    <error line="1056" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +990; ./includes/Cite.php +1137; ./includes/Cite.php +993)" source="SecurityCheck-DoubleEscaped"/>
    <error line="1056" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +990; ./includes/Cite.php +1137; ./includes/Cite.php +993; ./includes/Cite.php +1137)" source="SecurityCheck-DoubleEscaped"/>
    <error line="1056" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +990; ./includes/Cite.php +1137; ./includes/Cite.php +993; ./includes/Cite.php +1137; ./includes/Cite.php +1137)" source="SecurityCheck-DoubleEscaped"/>
    <error line="1064" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +990; ./includes/Cite.php +1137; ./includes/Cite.php +993)" source="SecurityCheck-DoubleEscaped"/>
    <error line="1064" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +990; ./includes/Cite.php +1137; ./includes/Cite.php +993; ./includes/Cite.php +1137)" source="SecurityCheck-DoubleEscaped"/>
    <error line="1064" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +990; ./includes/Cite.php +1137; ./includes/Cite.php +993; ./includes/Cite.php +1137; ./includes/Cite.php +1137)" source="SecurityCheck-DoubleEscaped"/>
    <error line="1235" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::checkRefsNoReferences that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +1226)" source="SecurityCheck-DoubleEscaped"/>
    <error line="1236" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::checkRefsNoReferences that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +1226)" source="SecurityCheck-DoubleEscaped"/>
    <error line="1238" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::checkRefsNoReferences that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +1226)" source="SecurityCheck-DoubleEscaped"/>
  </file>
</checkstyle>

Change 460181 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/Cite@master] Make Cite pass phan-taint-check

https://gerrit.wikimedia.org/r/460181

Change 460181 merged by jenkins-bot:
[mediawiki/extensions/Cite@master] Make Cite pass phan-taint-check

https://gerrit.wikimedia.org/r/460181

Bawolff claimed this task.