Page MenuHomePhabricator

Add phan-taint-check-plugin to DonationInterface extension
Open, Needs TriagePublic

Description

Would be nice to add phan-taint-check-plugin to DonationInterface extensions

Details

Related Gerrit Patches:
integration/config : masterlayout: [DonationInterface] Run taint-check
mediawiki/extensions/DonationInterface : masterAdd phan taint-check plugin
mediawiki/tools/phan/SecurityCheckPlugin : masterFix fatal when using global keyword with indirect variable

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 21 2018, 12:25 PM

Change 458972 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/tools/phan/SecurityCheckPlugin@master] Fix fatal when using global keyword with indirect variable

https://gerrit.wikimedia.org/r/458972

Bawolff added a subscriber: Bawolff.Sep 8 2018, 2:23 AM

It seems like it is mostly failing on double escaping in debug related code:

./gateway_common/GatewayPage.php:271 SecurityCheck-DoubleEscaped Calling method \Html::element() in \GatewayPage::displayResultsForDebug that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: ./gateway_common/GatewayPage.php +270)
./gateway_common/GatewayPage.php:283 SecurityCheck-DoubleEscaped Calling method \Html::element() in \GatewayPage::displayResultsForDebug that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: ./gateway_common/GatewayPage.php +282; ./gateway_common/GatewayPage.php +282)
./gateway_common/GatewayPage.php:287 SecurityCheck-DoubleEscaped Calling method \Html::element() in \GatewayPage::displayResultsForDebug that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: ./gateway_common/GatewayPage.php +279; ./gateway_common/GatewayPage.php +279)
./gateway_common/GatewayPage.php:308 SecurityCheck-DoubleEscaped Calling method \Html::element() in \GatewayPage::displayResultsForDebug that outputs using tainted argument $val. (Caused by: Builtin-\Html::element) (Caused by: ./gateway_common/GatewayPage.php +307)
./globalcollect_gateway/globalcollect_gateway.body.php:82 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \GlobalCollectGateway::displayBankTransferInformation that outputs using tainted argument $[arg #1]. (Caused by: ./globalcollect_gateway/globalcollect_gateway.body.php +57)
./globalcollect_gateway/globalcollect_gateway.body.php:136 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \GlobalCollectGateway::displayOnlineBankTransferInformation that outputs using tainted argument $[arg #1]. (Caused by: ./globalcollect_gateway/globalcollect_gateway.body.php +117)

Change 458972 merged by jenkins-bot:
[mediawiki/tools/phan/SecurityCheckPlugin@master] Fix fatal when using global keyword with indirect variable

https://gerrit.wikimedia.org/r/458972

Change 522681 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/extensions/DonationInterface@master] Add phan taint-check plugin

https://gerrit.wikimedia.org/r/522681

Change 522681 merged by jenkins-bot:
[mediawiki/extensions/DonationInterface@master] Add phan taint-check plugin

https://gerrit.wikimedia.org/r/522681

Change 550017 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[integration/config@master] layout: [DonationInterface] Run taint-check

https://gerrit.wikimedia.org/r/550017

Change 550017 abandoned by Daimona Eaytoy:
layout: [DonationInterface] Run taint-check

Reason:
Better not mess with this. It can be kept as experimental.

https://gerrit.wikimedia.org/r/550017