Maniphest T202361

OAuth extension needs phan-taint-check update to version 1.3.0
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Umherirrender
	Aug 21 2018, 8:13 AM

Project Tags

Referenced Files

None

Subscribers

Description

OAuth update to taint-check 1.3.0 gives new issues, where it is not easy to find the problem.

<?xml version="1.0" encoding="ISO-8859-15"?>
<checkstyle version="6.5">
  <file name="./frontend/MWOAuthUI.hooks.php">
    <error line="84" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\MWOAuthUIHooks::onMessagesPreLoad that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
    <error line="89" severity="warning" message="Calling method \wfEscapeWikiText() in \MediaWiki\Extensions\OAuth\MWOAuthUIHooks::onMessagesPreLoad that outputs using tainted argument $[arg #1]. (Caused by: ../../includes/GlobalFunctions.php +1639)" source="SecurityCheck-DoubleEscaped"/>
  </file>
  <file name="./frontend/specialpages/SpecialMWOAuthConsumerRegistration.php">
    <error line="469" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthConsumerRegistration::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
    <error line="470" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthConsumerRegistration::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
    <error line="480" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthConsumerRegistration::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
    <error line="485" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthConsumerRegistration::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
    <error line="487" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthConsumerRegistration::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
  </file>
  <file name="./frontend/specialpages/SpecialMWOAuthListConsumers.php">
    <error line="244" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthListConsumers::formatRow that outputs using tainted argument $name." source="SecurityCheck-DoubleEscaped"/>
    <error line="248" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthListConsumers::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
    <error line="249" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthListConsumers::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
    <error line="252" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthListConsumers::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
    <error line="257" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthListConsumers::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
    <error line="260" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthListConsumers::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
  </file>
  <file name="./frontend/specialpages/SpecialMWOAuthManageConsumers.php">
    <error line="247" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthManageConsumers::handleConsumerForm that outputs using tainted argument $owner." source="SecurityCheck-DoubleEscaped"/>
    <error line="428" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthManageConsumers::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
    <error line="429" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthManageConsumers::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
    <error line="434" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthManageConsumers::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
    <error line="437" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthManageConsumers::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
    <error line="442" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthManageConsumers::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
    <error line="443" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthManageConsumers::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
  </file>
  <file name="./frontend/specialpages/SpecialMWOAuthManageMyGrants.php">
    <error line="288" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthManageMyGrants::formatRow that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/>
    <error line="302" severity="warning" message="Calling method \htmlspecialchars() in \MediaWiki\Extensions\OAuth\SpecialMWOAuthManageMyGrants::formatRow that outputs using tainted argument $val." source="SecurityCheck-DoubleEscaped"/>
  </file>
</checkstyle>

Please have a look and update the extension

Details

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	build: Updating mediawiki/phan-taint-check-plugin to 1.5.0	mediawiki/extensions/OAuth	master	+59 -26

Customize query in gerrit

Event Timeline

Umherirrender created this task.Aug 21 2018, 8:13 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 21 2018, 8:13 AM

Umherirrender renamed this task from OAuth extension needs update to version 1.3.0 to OAuth extension needs phan-taint-check update to version 1.3.0.Aug 21 2018, 8:14 AM

Umherirrender updated the task description. (Show Details)Aug 21 2018, 9:19 AM

Umherirrender moved this task from Backlog to Wikimedia deployed on the phan-taint-check-plugin board.Aug 21 2018, 9:26 AM

I tracked this down last night, there's a super convoluted code flow of returning a Message object without setting an output format (return $context->msg(...)) and then later on some code runs htmlspecialchars() over it so it uses the default output format of ->escaped() causing the double escaping issue.

Change 456905 had a related patch set uploaded (by Legoktm; owner: Legoktm):
[mediawiki/extensions/OAuth@master] build: Updating mediawiki/phan-taint-check-plugin to 1.5.0

https://gerrit.wikimedia.org/r/456905

gerritbot added a project: Patch-For-Review.Sep 8 2018, 2:49 AM

Change 456905 merged by jenkins-bot:
[mediawiki/extensions/OAuth@master] build: Updating mediawiki/phan-taint-check-plugin to 1.5.0

https://gerrit.wikimedia.org/r/456905

ReleaseTaggerBot added a project: MW-1.32-notes (WMF-deploy-2018-09-18 (1.32.0-wmf.22)).Sep 13 2018, 5:00 AM

Legoktm closed this task as Resolved.Sep 13 2018, 5:04 AM

sbassett moved this task from Wikimedia deployed to Done on the phan-taint-check-plugin board.Oct 15 2019, 6:54 PM

Maintenance_bot removed a project: Patch-For-Review.Oct 15 2019, 7:16 PM

sbassett triaged this task as Medium priority.Oct 15 2019, 7:32 PM

OAuth extension needs phan-taint-check update to version 1.3.0Closed, ResolvedPublicActions

Description

Details

Event Timeline

OAuth extension needs phan-taint-check update to version 1.3.0
Closed, ResolvedPublic
Actions