SecurePoll extension has many scripts in global scope and using echo at many places makes it complicated to add taint-check.
<?xml version="1.0" encoding="ISO-8859-15"?> <checkstyle version="6.5"> <file name="./auth-api.php"> <error line="25" severity="warning" message="Echoing expression that was not html escaped" source="SecurityCheck-XSS"/> <error line="31" severity="warning" message="Echoing expression that was not html escaped" source="SecurityCheck-XSS"/> <error line="36" severity="warning" message="Echoing expression that was not html escaped" source="SecurityCheck-XSS"/> <error line="42" severity="warning" message="Echoing expression that was not html escaped (Caused by: ./auth-api.php +41)" source="SecurityCheck-XSS"/> </file> <file name="./cli/delete.php"> <error line="40" severity="warning" message="Echoing expression that was not html escaped (Caused by: ./cli/delete.php +32)" source="SecurityCheck-XSS"/> </file> <file name="./cli/makeSimpleList.php"> <error line="121" severity="error" message="Calling method \Wikimedia\Rdbms\Database::selectRowCount() in [no method] that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::selectRowCount) (Caused by: ./cli/makeSimpleList.php +106)" source="SecurityCheck-SQLInjection"/> <error line="136" severity="error" message="Calling method \Wikimedia\Rdbms\Database::insert() in [no method] that outputs using tainted argument $insertBatch. (Caused by: ./cli/makeSimpleList.php +96; ./cli/makeSimpleList.php +94; ./cli/makeSimpleList.php +93; ./cli/makeSimpleList.php +132)" source="SecurityCheck-SQLInjection"/> </file> <file name="./cli/testDebian.php"> <error line="18" severity="warning" message="Calling method \spRunTest() in [no method] that outputs using tainted argument $debResult. (Caused by: ./cli/testDebian.php +104) (Caused by: ./cli/testDebian.php +17)" source="SecurityCheck-XSS"/> <error line="29" severity="warning" message="Calling method \spRunTest() in [no method] that outputs using tainted argument $debResult. (Caused by: ./cli/testDebian.php +104) (Caused by: ./cli/testDebian.php +17; ./cli/testDebian.php +28)" source="SecurityCheck-XSS"/> <error line="29" severity="warning" message="Calling method \spRunTest() in [no method] that outputs using tainted argument $debResult. (Caused by: ./cli/testDebian.php +104) (Caused by: ./cli/testDebian.php +17; ./cli/testDebian.php +28; ./cli/testDebian.php +18; ./cli/testDebian.php +29)" source="SecurityCheck-XSS"/> <error line="106" severity="warning" message="Echoing expression that was not html escaped (Caused by: ./includes/talliers/SchulzeTallier.php +152)" source="SecurityCheck-XSS"/> </file> <file name="./cli/wm-scripts/bv2013/buildSpamTranslations.php"> <error line="28" severity="warning" message="Echoing expression that was not html escaped" source="SecurityCheck-XSS"/> </file> <file name="./cli/wm-scripts/bv2013/doSpam.php"> <error line="183" severity="warning" message="Echoing expression that was not html escaped (Caused by: ./cli/wm-scripts/bv2013/doSpam.php +182)" source="SecurityCheck-XSS"/> </file> <file name="./cli/wm-scripts/bv2013/populateEditCount.php"> <error line="45" severity="error" message="Calling method \Wikimedia\Rdbms\Database::selectField() in [no method] that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::selectField) (Caused by: ./cli/makeSimpleList.php +106; ./cli/wm-scripts/bv2013/populateEditCount.php +36; ./cli/makeSimpleList.php +93; ./cli/wm-scripts/bv2013/populateEditCount.php +45)" source="SecurityCheck-SQLInjection"/> <error line="57" severity="error" message="Calling method \Wikimedia\Rdbms\Database::selectField() in [no method] that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::selectField) (Caused by: ./cli/makeSimpleList.php +106; ./cli/wm-scripts/bv2013/populateEditCount.php +36; ./cli/makeSimpleList.php +93; ./cli/wm-scripts/bv2013/populateEditCount.php +45; ./cli/wm-scripts/bv2013/populateEditCount.php +57)" source="SecurityCheck-SQLInjection"/> </file> <file name="./cli/wm-scripts/bv2013/voterList.php"> <error line="41" severity="error" message="Calling method \Wikimedia\Rdbms\Database::insert() in [no method] that outputs using tainted argument $insertBatch. (Caused by: ./cli/makeSimpleList.php +96; ./cli/makeSimpleList.php +94; ./cli/makeSimpleList.php +93; ./cli/makeSimpleList.php +132; ./cli/wm-scripts/bv2013/voterList.php +35; ./cli/wm-scripts/bv2013/voterList.php +34)" source="SecurityCheck-SQLInjection"/> </file> <file name="./cli/wm-scripts/bv2015/doSpam.php"> <error line="118" severity="warning" message="Echoing expression that was not html escaped (Caused by: ./cli/wm-scripts/bv2015/doSpam.php +112; ./cli/wm-scripts/bv2015/doSpam.php +117; ./cli/wm-scripts/bv2015/doSpam.php +112; ./cli/wm-scripts/bv2015/doSpam.php +117; ./cli/wm-scripts/bv2015/doSpam.php +112; ./cli/wm-scripts/bv2015/doSpam.php +117; ./cli/wm-scripts/bv2015/doSpam.php +112; ./cli/wm-scripts/bv2015/doSpam.php +117)" source="SecurityCheck-XSS"/> </file> <file name="./cli/wm-scripts/bv2015/populateEditCount-fixup.php"> <error line="31" severity="error" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./cli/makeSimpleList.php +106; ./cli/wm-scripts/bv2013/populateEditCount.php +36; ./cli/makeSimpleList.php +93; ./cli/wm-scripts/bv2013/populateEditCount.php +45; ./cli/wm-scripts/bv2013/populateEditCount.php +57; ./cli/wm-scripts/bv2017/populateEdi...)" source="SecurityCheck-SQLInjection"/> <error line="40" severity="error" message="Calling method \Wikimedia\Rdbms\Database::selectField() in [no method] that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::selectField) (Caused by: ./cli/makeSimpleList.php +106; ./cli/wm-scripts/bv2013/populateEditCount.php +36; ./cli/makeSimpleList.php +93; ./cli/wm-scripts/bv2013/populateEditCount.php +45; ./cli/wm-scripts/bv2013/populateEditCount.php +57; ./cli/wm-scripts/bv2017/populateEdi...)" source="SecurityCheck-SQLInjection"/> <error line="54" severity="warning" message="Echoing expression that was not html escaped (Caused by: ./cli/wm-scripts/bv2015/populateEditCount-fixup.php +40; ./cli/makeSimpleList.php +93; ./cli/wm-scripts/bv2013/voterList.php +30; ./cli/wm-scripts/dumpGlobalVoterList.php +36)" source="SecurityCheck-XSS"/> <error line="63" severity="warning" message="Echoing expression that was not html escaped (Caused by: ./cli/makeSimpleList.php +93; ./cli/wm-scripts/bv2013/voterList.php +30; ./cli/wm-scripts/dumpGlobalVoterList.php +36)" source="SecurityCheck-XSS"/> </file> <file name="./cli/wm-scripts/bv2015/populateEditCount.php"> <error line="36" severity="error" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./cli/makeSimpleList.php +106; ./cli/wm-scripts/bv2013/populateEditCount.php +36; ./cli/makeSimpleList.php +93; ./cli/wm-scripts/bv2013/populateEditCount.php +45; ./cli/wm-scripts/bv2013/populateEditCount.php +57; ./cli/wm-scripts/bv2017/populateEdi...)" source="SecurityCheck-SQLInjection"/> <error line="45" severity="error" message="Calling method \Wikimedia\Rdbms\Database::selectField() in [no method] that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::selectField) (Caused by: ./cli/makeSimpleList.php +106; ./cli/wm-scripts/bv2013/populateEditCount.php +36; ./cli/makeSimpleList.php +93; ./cli/wm-scripts/bv2013/populateEditCount.php +45; ./cli/wm-scripts/bv2013/populateEditCount.php +57; ./cli/wm-scripts/bv2017/populateEdi...)" source="SecurityCheck-SQLInjection"/> <error line="57" severity="error" message="Calling method \Wikimedia\Rdbms\Database::selectField() in [no method] that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::selectField) (Caused by: ./cli/makeSimpleList.php +106; ./cli/wm-scripts/bv2013/populateEditCount.php +36; ./cli/makeSimpleList.php +93; ./cli/wm-scripts/bv2013/populateEditCount.php +45; ./cli/wm-scripts/bv2013/populateEditCount.php +57; ./cli/wm-scripts/bv2017/populateEdi...)" source="SecurityCheck-SQLInjection"/> </file> <file name="./cli/wm-scripts/bv2017/doSpam.php"> <error line="118" severity="warning" message="Echoing expression that was not html escaped (Caused by: ./cli/wm-scripts/bv2017/doSpam.php +112; ./cli/wm-scripts/bv2017/doSpam.php +117; ./cli/wm-scripts/bv2017/doSpam.php +112; ./cli/wm-scripts/bv2017/doSpam.php +117; ./cli/wm-scripts/bv2017/doSpam.php +112; ./cli/wm-scripts/bv2017/doSpam.php +117; ./cli/wm-scripts/bv2017/doSpam.php +112; ./cli/wm-scripts/bv2017/doSpam.php +117)" source="SecurityCheck-XSS"/> </file> <file name="./cli/wm-scripts/bv2017/populateEditCount.php"> <error line="36" severity="error" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./cli/makeSimpleList.php +106; ./cli/wm-scripts/bv2013/populateEditCount.php +36; ./cli/makeSimpleList.php +93; ./cli/wm-scripts/bv2013/populateEditCount.php +45; ./cli/wm-scripts/bv2013/populateEditCount.php +57)" source="SecurityCheck-SQLInjection"/> <error line="45" severity="error" message="Calling method \Wikimedia\Rdbms\Database::selectField() in [no method] that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::selectField) (Caused by: ./cli/makeSimpleList.php +106; ./cli/wm-scripts/bv2013/populateEditCount.php +36; ./cli/makeSimpleList.php +93; ./cli/wm-scripts/bv2013/populateEditCount.php +45; ./cli/wm-scripts/bv2013/populateEditCount.php +57; ./cli/wm-scripts/bv2017/populateEdi...)" source="SecurityCheck-SQLInjection"/> <error line="57" severity="error" message="Calling method \Wikimedia\Rdbms\Database::selectField() in [no method] that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::selectField) (Caused by: ./cli/makeSimpleList.php +106; ./cli/wm-scripts/bv2013/populateEditCount.php +36; ./cli/makeSimpleList.php +93; ./cli/wm-scripts/bv2013/populateEditCount.php +45; ./cli/wm-scripts/bv2013/populateEditCount.php +57; ./cli/wm-scripts/bv2017/populateEdi...)" source="SecurityCheck-SQLInjection"/> </file> <file name="./cli/wm-scripts/dumpGlobalVoterList.php"> <error line="55" severity="warning" message="Echoing expression that was not html escaped (Caused by: ./cli/wm-scripts/dumpGlobalVoterList.php +54; ./cli/wm-scripts/dumpGlobalVoterList.php +54)" source="SecurityCheck-XSS"/> </file> <file name="./includes/crypt/Crypt.php"> <error line="315" severity="error" message="Calling method \SecurePoll_GpgCrypt::runGpg() in \SecurePoll_GpgCrypt::encrypt that outputs using tainted argument $args. (Caused by: ./includes/crypt/Crypt.php +277) (Caused by: ./includes/crypt/Crypt.php +306; ./includes/crypt/Crypt.php +311; ./includes/crypt/Crypt.php +214; ./includes/ballots/RadioRangeCommentBallot.php +43; ./includes/ballots/RadioRangeCommentBallot.php +40; ./includes/ballots/RadioRangeCommentBallot.php...)" source="SecurityCheck-ShellInjection"/> </file> <file name="./includes/pages/DumpPage.php"> <error line="61" severity="warning" message="Echoing expression that was not html escaped" source="SecurityCheck-XSS"/> </file> <file name="./includes/pages/MessageDumpPage.php"> <error line="52" severity="warning" message="Echoing expression that was not html escaped (Caused by: ./includes/pages/MessageDumpPage.php +41)" source="SecurityCheck-XSS"/> </file> <file name="./includes/pages/VoterEligibilityPage.php"> <error line="407" severity="warning" message="HTMLForm info field (non-raw) escapes default key already" source="SecurityCheck-DoubleEscaped"/> <error line="415" severity="warning" message="HTMLForm info field (non-raw) escapes default key already (Caused by: Builtin-\Html::rawElement; Builtin-\Html::rawElement; Builtin-\Html::rawElement)" source="SecurityCheck-DoubleEscaped"/> <error line="443" severity="warning" message="HTMLForm info field (non-raw) escapes default key already (Caused by: Builtin-\Html::rawElement; Builtin-\Html::rawElement; Builtin-\Html::rawElement)" source="SecurityCheck-DoubleEscaped"/> <error line="456" severity="warning" message="HTMLForm info field (non-raw) escapes default key already (Caused by: Builtin-\Html::rawElement; Builtin-\Html::rawElement; Builtin-\Html::rawElement)" source="SecurityCheck-DoubleEscaped"/> <error line="465" severity="warning" message="HTMLForm info field (non-raw) escapes default key already" source="SecurityCheck-DoubleEscaped"/> </file> </checkstyle>
Please have a look or decline
The issue in VoterEligibilityPage.php is T201902