Page MenuHomePhabricator

Make phan-taint-check-plugin voting for CirrusSearch extension
Closed, ResolvedPublic


Would be nice to make phan-taint-check-plugin voting for CirrusSearch extensions

<?xml version="1.0" encoding="ISO-8859-15"?>
<checkstyle version="6.5">
  <file name="./tests/phpunit/Maintenance/ScriptsRunnablePreload.php">
    <error line="16" severity="warning" message="Calling method \wfCirrusUnitTestScriptsRunablePreload() in [no method] that outputs using tainted argument $[arg #1]. (Caused by: ./tests/phpunit/Maintenance/ScriptsRunnablePreload.php +12)" source="SecurityCheck-OTHER"/>

Event Timeline

Restricted Application added a project: Discovery-Search. · View Herald TranscriptAug 21 2018, 12:18 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Umherirrender renamed this task from Add phan-taint-check-plugin to CirrusSearch extension to Make phan-taint-check-plugin voting for CirrusSearch extension.Aug 21 2018, 12:18 PM
Umherirrender updated the task description. (Show Details)
Umherirrender moved this task from Backlog to Wikimedia deployed on the phan-taint-check-plugin board.

The error is only reported in the test class, but i don't think taint analysis is of any use for code only run the test suite. The file is documented as entirely a hack that allows testing of certain hard to test parts of maintenance scripts.

Change 456337 had a related patch set uploaded (by Legoktm; owner: Legoktm):
[integration/config@master] seccheck for CheckUser and CirrusSearch

Change 456337 merged by jenkins-bot:
[integration/config@master] seccheck for CheckUser and CirrusSearch

Legoktm closed this task as Resolved.Aug 30 2018, 7:14 AM
Legoktm claimed this task.
sbassett triaged this task as Medium priority.Oct 15 2019, 7:35 PM