Page MenuHomePhabricator
Create Task
Maniphest T202372

Add phan-taint-check-plugin to CentralNotice extension
Closed, ResolvedPublic
Actions

Description

Would be nice to add phan-taint-check-plugin to CentralNotice extensions

<?xml version="1.0" encoding="ISO-8859-15"?>
<checkstyle version="6.5">
  <file name="./includes/Banner.php">
    <error line="1461" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::insert() in \Banner::logBannerChange that outputs using tainted argument $log. (Caused by: ./includes/Banner.php +1443; ./includes/Banner.php +1458; ./includes/Banner.php +1453)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="./maintenance/CleanCNTranslateMetadata.php">
    <error line="63" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::delete() in \CleanCNTranslateMetadata::cleanDuplicates that outputs using tainted argument $[arg #2]." source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="./special/SpecialBannerLoader.php">
    <error line="49" severity="warning" message="Echoing expression that was not html escaped (Caused by: ./special/SpecialBannerLoader.php +32)" source="SecurityCheck-XSS"/>
  </file>
  <file name="./special/SpecialCentralNoticeBanners.php">
    <error line="682" severity="warning" message="HTMLForm info field (non-raw) escapes default key already (Caused by: Builtin-\Html::rawElement; Builtin-\Html::rawElement; Builtin-\Html::rawElement)" source="SecurityCheck-DoubleEscaped"/>
    <error line="697" severity="warning" message="HTMLForm info field (non-raw) escapes default key already" source="SecurityCheck-DoubleEscaped"/>
    <error line="699" severity="warning" message="Calling method \wfEscapeWikiText() in \SpecialCentralNoticeBanners::generateBannerEditForm that outputs using tainted argument $[arg #1]. (Caused by: ../../includes/GlobalFunctions.php +1639)" source="SecurityCheck-DoubleEscaped"/>
    <error line="701" severity="warning" message="Calling method \wfEscapeWikiText() in \SpecialCentralNoticeBanners::generateBannerEditForm that outputs using tainted argument $[arg #1]. (Caused by: ../../includes/GlobalFunctions.php +1639)" source="SecurityCheck-DoubleEscaped"/>
    <error line="712" severity="warning" message="HTMLForm info field (non-raw) escapes default key already (Caused by: Builtin-\Html::rawElement; Builtin-\Html::rawElement; Builtin-\Html::rawElement)" source="SecurityCheck-DoubleEscaped"/>
  </file>
</checkstyle>

The issues in SpecialCentralNoticeBanners.php are T201902

The insert looks safe on first look
The delete may needs an (int) for $row->maxrev

SpecialBannerLoader.php is using OutputPage::disable. I have no idea if the echo after that is safe or not

Details

SubjectRepoBranchLines +/-
Build: Make phan-taint-check 1.5.0 pass on this extensionmediawiki/extensions/CentralNoticemaster+23 -3
Customize query in gerrit

Related Objects
Search...

Event Timeline

Umherirrender created this task.Aug 21 2018, 10:25 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 21 2018, 10:25 AM
Umherirrender moved this task from Backlog to Other codebases on the phan-taint-check-plugin board.Aug 21 2018, 10:26 AM
Umherirrender moved this task from Other codebases to Wikimedia deployed on the phan-taint-check-plugin board.
Umherirrender updated the task description. (Show Details)Aug 21 2018, 11:08 AM
Umherirrender added a parent task: T201219: Enable phan-taint-check-plugin on all Wikimedia-deployed repositories after getting it to pass.Aug 21 2018, 12:40 PM
AndyRussG added a project: Fundraising-Backlog.Aug 21 2018, 8:25 PM
DStrine moved this task from Triage to Sprint +1 on the Fundraising-Backlog board.Aug 21 2018, 8:39 PM
gerritbot subscribed.Sep 13 2018, 4:59 AM

Change 460195 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/CentralNotice@master] Make phan-taint-check pass on this extension

https://gerrit.wikimedia.org/r/460195

gerritbot added a project: Patch-For-Review.Sep 13 2018, 4:59 AM
gerritbot added a comment.Sep 14 2018, 6:16 AM

Change 460195 merged by jenkins-bot:
[mediawiki/extensions/CentralNotice@master] Build: Make phan-taint-check 1.5.0 pass on this extension

https://gerrit.wikimedia.org/r/460195

Legoktm closed this task as Resolved.Sep 14 2018, 6:25 AM
Legoktm assigned this task to Bawolff.
sbassett moved this task from Wikimedia deployed to Done on the phan-taint-check-plugin board.Oct 15 2019, 6:54 PM
Maintenance_bot removed a project: Patch-For-Review.Oct 15 2019, 7:15 PM
sbassett triaged this task as Medium priority.Oct 15 2019, 7:34 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL