Page MenuHomePhabricator

Make Pager::getNavigationBar safe for phan-taint-check-plugin
Closed, ResolvedPublic

Description

Many extensions reports errors on use of Pager::getNavigationBar, but that function looks safe for html.
How to find the cause here?

from FlaggedRevs:

<file name="./frontend/specialpages/reports/ReviewedPages_body.php">
  <error line="75" severity="warning" message="Calling Method \ReviewedPagesPager::getNavigationBar in \ReviewedPages::showPageList that is always unsafe  (Caused by: ../../includes/pager/AlphabeticPager.php +94; ../../includes/pager/AlphabeticPager.php +91; ../../includes/pager/AlphabeticPager.php +82; ../../includes/pager/AlphabeticPager.php +90)" source="SecurityCheck-XSS"/>
  <error line="75" severity="warning" message="Calling method \OutputPage::addHTML() in \ReviewedPages::showPageList that outputs using tainted argument $[arg #1]. (Caused by: ../../includes/pager/AlphabeticPager.php +94; ../../includes/pager/AlphabeticPager.php +91; ../../includes/pager/AlphabeticPager.php +82; ../../includes/pager/AlphabeticPager.php +90)" source="SecurityCheck-XSS"/>
  <error line="77" severity="warning" message="Calling Method \ReviewedPagesPager::getNavigationBar in \ReviewedPages::showPageList that is always unsafe  (Caused by: ../../includes/pager/AlphabeticPager.php +94; ../../includes/pager/AlphabeticPager.php +91; ../../includes/pager/AlphabeticPager.php +82; ../../includes/pager/AlphabeticPager.php +90)" source="SecurityCheck-XSS"/>
  <error line="77" severity="warning" message="Calling method \OutputPage::addHTML() in \ReviewedPages::showPageList that outputs using tainted argument $[arg #1]. (Caused by: ../../includes/pager/AlphabeticPager.php +94; ../../includes/pager/AlphabeticPager.php +91; ../../includes/pager/AlphabeticPager.php +82; ../../includes/pager/AlphabeticPager.php +90)" source="SecurityCheck-XSS"/>
</file>

Details

Related Gerrit Patches:

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 13 2018, 8:50 AM

It complains about this in core too. I think there is a bug in the plugin but i havent been able to track it down yet.

Change 458334 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/tools/phan/SecurityCheckPlugin@master] Fix some confusion over which group of taints to mask out in various places

https://gerrit.wikimedia.org/r/458334

Change 458334 merged by jenkins-bot:
[mediawiki/tools/phan/SecurityCheckPlugin@master] Fix some confusion over which group of taints to mask out in various places

https://gerrit.wikimedia.org/r/458334

Bawolff closed this task as Resolved.Sep 7 2018, 7:20 PM
Bawolff claimed this task.
sbassett triaged this task as Normal priority.Oct 15 2019, 7:24 PM