Page MenuHomePhabricator
Create Task
Maniphest T202375

Add phan-taint-check-plugin to FlaggedRevs extension
Closed, ResolvedPublic
Actions

Description

Would be nice to add phan-taint-check-plugin to FlaggedRevs extensions

<?xml version="1.0" encoding="ISO-8859-15"?>
<checkstyle version="6.5">
  <file name="./frontend/FlaggablePageView.php">
    <error line="2070" severity="warning" message="Calling method \Xml::tags() in \FlaggablePageView::addReviewCheck that outputs using tainted argument $attribs. (Caused by: Builtin-\Xml::tags) (Caused by: ./frontend/FlaggablePageView.php +2069)" source="SecurityCheck-DoubleEscaped"/>
  </file>
  <file name="./maintenance/clearCachedText.php">
    <error line="63" severity="warning" message="Echoing expression that was not html escaped (Caused by: ./maintenance/clearCachedText.php +20; ./maintenance/clearCachedText.php +60)" source="SecurityCheck-XSS"/>
  </file>
  <file name="./maintenance/fixBug28348.php">
    <error line="49" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \FixBug28348::update_images_bug_28348 that outputs using tainted argument $cond. (Caused by: ./maintenance/fixBug28348.php +47; ./maintenance/fixBug28348.php +32; ./maintenance/fixBug28348.php +46; ./maintenance/fixBug28348.php +41; ./maintenance/fixBug28348.php +32; ./maintenance/fixBug28348.php +46)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="./maintenance/flagToSemiProtect.php">
    <error line="67" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \FlagProtectToSemiProtect::flag_to_semi_protect that outputs using tainted argument $[arg #3]. (Caused by: ./maintenance/flagToSemiProtect.php +54; ./maintenance/flagToSemiProtect.php +62; ./maintenance/flagToSemiProtect.php +54)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="./maintenance/populateRevTimestamp.php">
    <error line="55" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \PopulateFRRevTimestamp::populate_fr_rev_timestamp that outputs using tainted argument $cond. (Caused by: ./maintenance/populateRevTimestamp.php +54; ./maintenance/populateRevTimestamp.php +34; ./maintenance/populateRevTimestamp.php +39; ./maintenance/populateRevTimestamp.php +53; ./maintenance/populateRevTimestamp.php +48; ./maintenance/populateRevTime...)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="./maintenance/pruneRevData.php">
    <error line="60" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \PruneFRIncludeData::prune_flaggedrevs that outputs using tainted argument $cond. (Caused by: ./maintenance/pruneRevData.php +59; ./maintenance/pruneRevData.php +42; ./maintenance/pruneRevData.php +58; ./maintenance/pruneRevData.php +50; ./maintenance/pruneRevData.php +42; ./maintenance/pruneRevData.php +58)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="./maintenance/purgeReviewablePages.php">
    <error line="75" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \PurgeReviewablePages::list_reviewable_pages that outputs using tainted argument $[arg #3]. (Caused by: ./maintenance/purgeReviewablePages.php +61; ./maintenance/purgeReviewablePages.php +69; ./maintenance/purgeReviewablePages.php +61)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="./maintenance/reviewAllPages.php">
    <error line="59" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \ReviewAllPages::autoreview_current that outputs using tainted argument $[arg #3]. (Caused by: ./maintenance/reviewAllPages.php +43; ./maintenance/reviewAllPages.php +51; ./maintenance/reviewAllPages.php +43)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="./maintenance/updateAutoPromote.php">
    <error line="41" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \UpdateFRAutoPromote::execute that outputs using tainted argument $cond. (Caused by: ./maintenance/updateAutoPromote.php +40; ./maintenance/updateAutoPromote.php +38; ./maintenance/updateAutoPromote.php +37; ./maintenance/updateAutoPromote.php +29)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="./maintenance/updateTracking.php">
    <error line="75" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \UpdateFRTracking::update_flaggedrevs that outputs using tainted argument $cond. (Caused by: ./maintenance/updateTracking.php +73; ./maintenance/updateTracking.php +58; ./maintenance/updateTracking.php +72; ./maintenance/updateTracking.php +67; ./maintenance/updateTracking.php +58; ./maintenance/updateTracking.php +72)" source="SecurityCheck-SQLInjection"/>
    <error line="167" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \UpdateFRTracking::update_flaggedpages that outputs using tainted argument $cond. (Caused by: ./maintenance/updateTracking.php +166; ./maintenance/updateTracking.php +152; ./maintenance/updateTracking.php +165; ./maintenance/updateTracking.php +161; ./maintenance/updateTracking.php +152; ./maintenance/updateTracking.php +165)" source="SecurityCheck-SQLInjection"/>
    <error line="210" severity="error" message="Calling method \Wikimedia\Rdbms\Database::delete() in \UpdateFRTracking::update_flaggedpages that outputs using tainted argument $[arg #2]. (Caused by: ../../includes/libs/rdbms/database/Database.php +2895) (Caused by: ./maintenance/updateTracking.php +152; ./maintenance/updateTracking.php +165; ./maintenance/updateTracking.php +161; ./maintenance/updateTracking.php +152; ./maintenance/updateTracking.php +165)" source="SecurityCheck-SQLInjection"/>
    <error line="252" severity="error" message="Calling method \Wikimedia\Rdbms\Database::update() in \UpdateFRTracking::update_flaggedimages that outputs using tainted argument $[arg #3]. (Caused by: ./maintenance/updateTracking.php +249; ./maintenance/updateTracking.php +235; ./maintenance/updateTracking.php +248; ./maintenance/updateTracking.php +244; ./maintenance/updateTracking.php +235; ./maintenance/updateTracking.php +248)" source="SecurityCheck-SQLInjection"/>
  </file>
</checkstyle>

Many issues, possible false positive, in maintenance script

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Don't double escape messagemediawiki/extensions/FlaggedRevsmaster+1 -1
Fix phan-taint-check false positivesmediawiki/extensions/FlaggedRevsmaster+24 -12
Make flaggedrevs run seccheck.integration/configmaster+1 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Umherirrender created this task.Aug 21 2018, 11:06 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 21 2018, 11:06 AM
Umherirrender moved this task from Backlog to Wikimedia deployed on the phan-taint-check-plugin board.Aug 21 2018, 11:06 AM
Umherirrender added a parent task: T201219: Enable phan-taint-check-plugin on all Wikimedia-deployed repositories after getting it to pass.Aug 21 2018, 12:40 PM
Legoktm added a subtask: T201811: Make Pager::getNavigationBar safe for phan-taint-check-plugin.Sep 1 2018, 6:40 AM
gerritbot subscribed.Sep 1 2018, 6:42 AM

Change 456809 had a related patch set uploaded (by Legoktm; owner: Legoktm):
[mediawiki/extensions/FlaggedRevs@master] Don't double escape message

https://gerrit.wikimedia.org/r/456809

gerritbot added a project: Patch-For-Review.Sep 1 2018, 6:42 AM
Bawolff closed subtask T201811: Make Pager::getNavigationBar safe for phan-taint-check-plugin as Resolved.Sep 7 2018, 7:20 PM
gerritbot added a comment.Sep 7 2018, 7:22 PM

Change 458874 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/FlaggedRevs@master] Fix phan-taint-check false positives

https://gerrit.wikimedia.org/r/458874

gerritbot added a comment.Sep 8 2018, 1:33 AM

Change 458956 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[integration/config@master] Make flaggedrevs run seccheck.

https://gerrit.wikimedia.org/r/458956

gerritbot added a comment.Sep 8 2018, 1:49 AM

Change 458956 merged by jenkins-bot:
[integration/config@master] Make flaggedrevs run seccheck.

https://gerrit.wikimedia.org/r/458956

gerritbot added a comment.Sep 8 2018, 2:00 AM

Change 458874 merged by jenkins-bot:
[mediawiki/extensions/FlaggedRevs@master] Fix phan-taint-check false positives

https://gerrit.wikimedia.org/r/458874

ReleaseTaggerBot added a project: MW-1.32-notes (WMF-deploy-2018-09-18 (1.32.0-wmf.22)).Sep 8 2018, 3:00 AM
Legoktm closed this task as Resolved.Sep 8 2018, 3:43 AM
Legoktm assigned this task to Bawolff.
gerritbot added a comment.Sep 8 2018, 5:36 PM

Change 456809 abandoned by Legoktm:
Don't double escape message

Reason:
Nope

https://gerrit.wikimedia.org/r/456809

sbassett moved this task from Wikimedia deployed to Done on the phan-taint-check-plugin board.Oct 15 2019, 6:53 PM
Maintenance_bot removed a project: Patch-For-Review.Oct 15 2019, 7:14 PM
sbassett triaged this task as Medium priority.Oct 15 2019, 7:35 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits