Would be nice to add phan-taint-check-plugin to FlaggedRevs extensions
<?xml version="1.0" encoding="ISO-8859-15"?>
<checkstyle version="6.5">
<file name="./frontend/FlaggablePageView.php">
<error line="2070" severity="warning" message="Calling method \Xml::tags() in \FlaggablePageView::addReviewCheck that outputs using tainted argument $attribs. (Caused by: Builtin-\Xml::tags) (Caused by: ./frontend/FlaggablePageView.php +2069)" source="SecurityCheck-DoubleEscaped"/>
</file>
<file name="./maintenance/clearCachedText.php">
<error line="63" severity="warning" message="Echoing expression that was not html escaped (Caused by: ./maintenance/clearCachedText.php +20; ./maintenance/clearCachedText.php +60)" source="SecurityCheck-XSS"/>
</file>
<file name="./maintenance/fixBug28348.php">
<error line="49" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \FixBug28348::update_images_bug_28348 that outputs using tainted argument $cond. (Caused by: ./maintenance/fixBug28348.php +47; ./maintenance/fixBug28348.php +32; ./maintenance/fixBug28348.php +46; ./maintenance/fixBug28348.php +41; ./maintenance/fixBug28348.php +32; ./maintenance/fixBug28348.php +46)" source="SecurityCheck-SQLInjection"/>
</file>
<file name="./maintenance/flagToSemiProtect.php">
<error line="67" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \FlagProtectToSemiProtect::flag_to_semi_protect that outputs using tainted argument $[arg #3]. (Caused by: ./maintenance/flagToSemiProtect.php +54; ./maintenance/flagToSemiProtect.php +62; ./maintenance/flagToSemiProtect.php +54)" source="SecurityCheck-SQLInjection"/>
</file>
<file name="./maintenance/populateRevTimestamp.php">
<error line="55" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \PopulateFRRevTimestamp::populate_fr_rev_timestamp that outputs using tainted argument $cond. (Caused by: ./maintenance/populateRevTimestamp.php +54; ./maintenance/populateRevTimestamp.php +34; ./maintenance/populateRevTimestamp.php +39; ./maintenance/populateRevTimestamp.php +53; ./maintenance/populateRevTimestamp.php +48; ./maintenance/populateRevTime...)" source="SecurityCheck-SQLInjection"/>
</file>
<file name="./maintenance/pruneRevData.php">
<error line="60" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \PruneFRIncludeData::prune_flaggedrevs that outputs using tainted argument $cond. (Caused by: ./maintenance/pruneRevData.php +59; ./maintenance/pruneRevData.php +42; ./maintenance/pruneRevData.php +58; ./maintenance/pruneRevData.php +50; ./maintenance/pruneRevData.php +42; ./maintenance/pruneRevData.php +58)" source="SecurityCheck-SQLInjection"/>
</file>
<file name="./maintenance/purgeReviewablePages.php">
<error line="75" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \PurgeReviewablePages::list_reviewable_pages that outputs using tainted argument $[arg #3]. (Caused by: ./maintenance/purgeReviewablePages.php +61; ./maintenance/purgeReviewablePages.php +69; ./maintenance/purgeReviewablePages.php +61)" source="SecurityCheck-SQLInjection"/>
</file>
<file name="./maintenance/reviewAllPages.php">
<error line="59" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \ReviewAllPages::autoreview_current that outputs using tainted argument $[arg #3]. (Caused by: ./maintenance/reviewAllPages.php +43; ./maintenance/reviewAllPages.php +51; ./maintenance/reviewAllPages.php +43)" source="SecurityCheck-SQLInjection"/>
</file>
<file name="./maintenance/updateAutoPromote.php">
<error line="41" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \UpdateFRAutoPromote::execute that outputs using tainted argument $cond. (Caused by: ./maintenance/updateAutoPromote.php +40; ./maintenance/updateAutoPromote.php +38; ./maintenance/updateAutoPromote.php +37; ./maintenance/updateAutoPromote.php +29)" source="SecurityCheck-SQLInjection"/>
</file>
<file name="./maintenance/updateTracking.php">
<error line="75" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \UpdateFRTracking::update_flaggedrevs that outputs using tainted argument $cond. (Caused by: ./maintenance/updateTracking.php +73; ./maintenance/updateTracking.php +58; ./maintenance/updateTracking.php +72; ./maintenance/updateTracking.php +67; ./maintenance/updateTracking.php +58; ./maintenance/updateTracking.php +72)" source="SecurityCheck-SQLInjection"/>
<error line="167" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \UpdateFRTracking::update_flaggedpages that outputs using tainted argument $cond. (Caused by: ./maintenance/updateTracking.php +166; ./maintenance/updateTracking.php +152; ./maintenance/updateTracking.php +165; ./maintenance/updateTracking.php +161; ./maintenance/updateTracking.php +152; ./maintenance/updateTracking.php +165)" source="SecurityCheck-SQLInjection"/>
<error line="210" severity="error" message="Calling method \Wikimedia\Rdbms\Database::delete() in \UpdateFRTracking::update_flaggedpages that outputs using tainted argument $[arg #2]. (Caused by: ../../includes/libs/rdbms/database/Database.php +2895) (Caused by: ./maintenance/updateTracking.php +152; ./maintenance/updateTracking.php +165; ./maintenance/updateTracking.php +161; ./maintenance/updateTracking.php +152; ./maintenance/updateTracking.php +165)" source="SecurityCheck-SQLInjection"/>
<error line="252" severity="error" message="Calling method \Wikimedia\Rdbms\Database::update() in \UpdateFRTracking::update_flaggedimages that outputs using tainted argument $[arg #3]. (Caused by: ./maintenance/updateTracking.php +249; ./maintenance/updateTracking.php +235; ./maintenance/updateTracking.php +248; ./maintenance/updateTracking.php +244; ./maintenance/updateTracking.php +235; ./maintenance/updateTracking.php +248)" source="SecurityCheck-SQLInjection"/>
</file>
</checkstyle>Many issues, possible false positive, in maintenance script