Page MenuHomePhabricator
Create Task
Maniphest T202375

Add phan-taint-check-plugin to FlaggedRevs extension
Closed, ResolvedPublic
Actions

Description

Would be nice to add phan-taint-check-plugin to FlaggedRevs extensions

<?xml version="1.0" encoding="ISO-8859-15"?>
<checkstyle version="6.5">
  <file name="./frontend/FlaggablePageView.php">
    <error line="2070" severity="warning" message="Calling method \Xml::tags() in \FlaggablePageView::addReviewCheck that outputs using tainted argument $attribs. (Caused by: Builtin-\Xml::tags) (Caused by: ./frontend/FlaggablePageView.php +2069)" source="SecurityCheck-DoubleEscaped"/>
  </file>
  <file name="./maintenance/clearCachedText.php">
    <error line="63" severity="warning" message="Echoing expression that was not html escaped (Caused by: ./maintenance/clearCachedText.php +20; ./maintenance/clearCachedText.php +60)" source="SecurityCheck-XSS"/>
  </file>
  <file name="./maintenance/fixBug28348.php">
    <error line="49" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \FixBug28348::update_images_bug_28348 that outputs using tainted argument $cond. (Caused by: ./maintenance/fixBug28348.php +47; ./maintenance/fixBug28348.php +32; ./maintenance/fixBug28348.php +46; ./maintenance/fixBug28348.php +41; ./maintenance/fixBug28348.php +32; ./maintenance/fixBug28348.php +46)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="./maintenance/flagToSemiProtect.php">
    <error line="67" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \FlagProtectToSemiProtect::flag_to_semi_protect that outputs using tainted argument $[arg #3]. (Caused by: ./maintenance/flagToSemiProtect.php +54; ./maintenance/flagToSemiProtect.php +62; ./maintenance/flagToSemiProtect.php +54)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="./maintenance/populateRevTimestamp.php">
    <error line="55" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \PopulateFRRevTimestamp::populate_fr_rev_timestamp that outputs using tainted argument $cond. (Caused by: ./maintenance/populateRevTimestamp.php +54; ./maintenance/populateRevTimestamp.php +34; ./maintenance/populateRevTimestamp.php +39; ./maintenance/populateRevTimestamp.php +53; ./maintenance/populateRevTimestamp.php +48; ./maintenance/populateRevTime...)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="./maintenance/pruneRevData.php">
    <error line="60" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \PruneFRIncludeData::prune_flaggedrevs that outputs using tainted argument $cond. (Caused by: ./maintenance/pruneRevData.php +59; ./maintenance/pruneRevData.php +42; ./maintenance/pruneRevData.php +58; ./maintenance/pruneRevData.php +50; ./maintenance/pruneRevData.php +42; ./maintenance/pruneRevData.php +58)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="./maintenance/purgeReviewablePages.php">
    <error line="75" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \PurgeReviewablePages::list_reviewable_pages that outputs using tainted argument $[arg #3]. (Caused by: ./maintenance/purgeReviewablePages.php +61; ./maintenance/purgeReviewablePages.php +69; ./maintenance/purgeReviewablePages.php +61)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="./maintenance/reviewAllPages.php">
    <error line="59" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \ReviewAllPages::autoreview_current that outputs using tainted argument $[arg #3]. (Caused by: ./maintenance/reviewAllPages.php +43; ./maintenance/reviewAllPages.php +51; ./maintenance/reviewAllPages.php +43)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="./maintenance/updateAutoPromote.php">
    <error line="41" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \UpdateFRAutoPromote::execute that outputs using tainted argument $cond. (Caused by: ./maintenance/updateAutoPromote.php +40; ./maintenance/updateAutoPromote.php +38; ./maintenance/updateAutoPromote.php +37; ./maintenance/updateAutoPromote.php +29)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="./maintenance/updateTracking.php">
    <error line="75" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \UpdateFRTracking::update_flaggedrevs that outputs using tainted argument $cond. (Caused by: ./maintenance/updateTracking.php +73; ./maintenance/updateTracking.php +58; ./maintenance/updateTracking.php +72; ./maintenance/updateTracking.php +67; ./maintenance/updateTracking.php +58; ./maintenance/updateTracking.php +72)" source="SecurityCheck-SQLInjection"/>
    <error line="167" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \UpdateFRTracking::update_flaggedpages that outputs using tainted argument $cond. (Caused by: ./maintenance/updateTracking.php +166; ./maintenance/updateTracking.php +152; ./maintenance/updateTracking.php +165; ./maintenance/updateTracking.php +161; ./maintenance/updateTracking.php +152; ./maintenance/updateTracking.php +165)" source="SecurityCheck-SQLInjection"/>
    <error line="210" severity="error" message="Calling method \Wikimedia\Rdbms\Database::delete() in \UpdateFRTracking::update_flaggedpages that outputs using tainted argument $[arg #2]. (Caused by: ../../includes/libs/rdbms/database/Database.php +2895) (Caused by: ./maintenance/updateTracking.php +152; ./maintenance/updateTracking.php +165; ./maintenance/updateTracking.php +161; ./maintenance/updateTracking.php +152; ./maintenance/updateTracking.php +165)" source="SecurityCheck-SQLInjection"/>
    <error line="252" severity="error" message="Calling method \Wikimedia\Rdbms\Database::update() in \UpdateFRTracking::update_flaggedimages that outputs using tainted argument $[arg #3]. (Caused by: ./maintenance/updateTracking.php +249; ./maintenance/updateTracking.php +235; ./maintenance/updateTracking.php +248; ./maintenance/updateTracking.php +244; ./maintenance/updateTracking.php +235; ./maintenance/updateTracking.php +248)" source="SecurityCheck-SQLInjection"/>
  </file>
</checkstyle>

Many issues, possible false positive, in maintenance script

Details

Related Gerrit Patches:
mediawiki/extensions/FlaggedRevs : masterDon't double escape message
mediawiki/extensions/FlaggedRevs : masterFix phan-taint-check false positives
integration/config : masterMake flaggedrevs run seccheck.

Related Objects
Search...

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 21 2018, 11:06 AM
gerritbot added a subscriber: gerritbot.Sep 1 2018, 6:42 AM

Change 456809 had a related patch set uploaded (by Legoktm; owner: Legoktm):
[mediawiki/extensions/FlaggedRevs@master] Don't double escape message

https://gerrit.wikimedia.org/r/456809

gerritbot added a comment.Sep 7 2018, 7:22 PM

Change 458874 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/FlaggedRevs@master] Fix phan-taint-check false positives

https://gerrit.wikimedia.org/r/458874

gerritbot added a comment.Sep 8 2018, 1:33 AM

Change 458956 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[integration/config@master] Make flaggedrevs run seccheck.

https://gerrit.wikimedia.org/r/458956

gerritbot added a comment.Sep 8 2018, 1:49 AM

Change 458956 merged by jenkins-bot:
[integration/config@master] Make flaggedrevs run seccheck.

https://gerrit.wikimedia.org/r/458956

gerritbot added a comment.Sep 8 2018, 2:00 AM

Change 458874 merged by jenkins-bot:
[mediawiki/extensions/FlaggedRevs@master] Fix phan-taint-check false positives

https://gerrit.wikimedia.org/r/458874

Legoktm closed this task as Resolved.Sep 8 2018, 3:43 AM
Legoktm assigned this task to Bawolff.
gerritbot added a comment.Sep 8 2018, 5:36 PM

Change 456809 abandoned by Legoktm:
Don't double escape message

Reason:
Nope

https://gerrit.wikimedia.org/r/456809

sbassett triaged this task as Medium priority.Oct 15 2019, 7:35 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL