Page MenuHomePhabricator
Create Task
Maniphest T202386

Add phan-taint-check-plugin to FundraisingEmailUnsubscribe extension
Closed, ResolvedPublic
Actions

Description

Would be nice to add phan-taint-check-plugin to FundraisingEmailUnsubscribe extensions

Details

SubjectRepoBranchLines +/-
Configure phan-taint-check 1.5.0mediawiki/extensions/FundraisingEmailUnsubscribemaster+5 -4
Enable phan-taint-check on FundraisingEmailUnsubscribeintegration/configmaster+1 -0
seccheck: Install plugin into /opt/phanintegration/configmaster+24 -3
Customize query in gerrit

Related Objects
Search...

Event Timeline

Umherirrender created this task.Aug 21 2018, 12:25 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 21 2018, 12:25 PM
Umherirrender moved this task from Backlog to Wikimedia deployed on the phan-taint-check-plugin board.Aug 21 2018, 12:26 PM
Umherirrender added a parent task: T201219: Enable phan-taint-check-plugin on all Wikimedia-deployed repositories after getting it to pass.Aug 21 2018, 12:40 PM
DStrine moved this task from Triage to Sprint +1 on the Fundraising-Backlog board.Aug 21 2018, 8:26 PM
gerritbot subscribed.Sep 8 2018, 2:27 AM

Change 458979 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/FundraisingEmailUnsubscribe@master] Configure phan-taint-check 1.5.0

https://gerrit.wikimedia.org/r/458979

gerritbot added a project: Patch-For-Review.Sep 8 2018, 2:27 AM
gerritbot added a comment.Sep 8 2018, 2:31 AM

Change 458980 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[integration/config@master] Enable phan-taint-check on FundraisingEmailUnsubscribe

https://gerrit.wikimedia.org/r/458980

Bawolff subscribed.Sep 8 2018, 2:34 AM

Huh. Currently failing due to:
Package mediawiki/phan-taint-check-plugin at version 1.5.0 has a PHP requirement incompatible with your PHP version (5.6.33)

I suppose that is due to the config line in composer.json that this extension has.

gerritbot added a comment.Sep 8 2018, 2:44 AM

Change 458980 abandoned by Brian Wolff:
Enable phan-taint-check on FundraisingEmailUnsubscribe

Reason:
Nevermind

https://gerrit.wikimedia.org/r/458980

Umherirrender added subscribers: Legoktm, hashar.Sep 8 2018, 7:21 AM
In T202386#4568661, @Bawolff wrote:

Huh. Currently failing due to:
Package mediawiki/phan-taint-check-plugin at version 1.5.0 has a PHP requirement incompatible with your PHP version (5.6.33)

I suppose that is due to the config line in composer.json that this extension has.

Run taint-check-plugin with --ignore-platform-reqs because it is not used in production?

Legoktm claimed this task.Sep 8 2018, 10:54 PM
gerritbot added a comment.Sep 8 2018, 11:05 PM

Change 459265 had a related patch set uploaded (by Legoktm; owner: Legoktm):
[integration/config@master] seccheck: Install plugin into /opt/phan

https://gerrit.wikimedia.org/r/459265

gerritbot added a comment.Sep 9 2018, 12:08 AM

Change 459265 merged by jenkins-bot:
[integration/config@master] seccheck: Install plugin into /opt/phan

https://gerrit.wikimedia.org/r/459265

gerritbot added a comment.Sep 9 2018, 2:30 AM

Change 458980 restored by Legoktm:
Enable phan-taint-check on FundraisingEmailUnsubscribe

https://gerrit.wikimedia.org/r/458980

gerritbot added a comment.Sep 9 2018, 2:31 AM

Change 458980 merged by jenkins-bot:
[integration/config@master] Enable phan-taint-check on FundraisingEmailUnsubscribe

https://gerrit.wikimedia.org/r/458980

Legoktm added a comment.Sep 9 2018, 2:35 AM
In T202386#4568801, @Umherirrender wrote:
In T202386#4568661, @Bawolff wrote:

Huh. Currently failing due to:
Package mediawiki/phan-taint-check-plugin at version 1.5.0 has a PHP requirement incompatible with your PHP version (5.6.33)

I suppose that is due to the config line in composer.json that this extension has.

Run taint-check-plugin with --ignore-platform-reqs because it is not used in production?

That was my initial thought, but I'm worried about that causing problems later on. I played around a bit and with some advice from bawolff I got CI to install the plugin in a separate directory so it won't be affected by the extensions' own config. This will also fix the problem of BlueSpice* depending upon ext-tidy, which wasn't installed in the docker container.

gerritbot added a comment.Sep 9 2018, 2:37 AM

Change 458979 merged by jenkins-bot:
[mediawiki/extensions/FundraisingEmailUnsubscribe@master] Configure phan-taint-check 1.5.0

https://gerrit.wikimedia.org/r/458979

Legoktm closed this task as Resolved.Sep 9 2018, 2:38 AM
Umherirrender added a comment.Sep 9 2018, 7:05 AM
In T202386#4569562, @Legoktm wrote:
In T202386#4568801, @Umherirrender wrote:
In T202386#4568661, @Bawolff wrote:

Huh. Currently failing due to:
Package mediawiki/phan-taint-check-plugin at version 1.5.0 has a PHP requirement incompatible with your PHP version (5.6.33)

I suppose that is due to the config line in composer.json that this extension has.

Run taint-check-plugin with --ignore-platform-reqs because it is not used in production?

That was my initial thought, but I'm worried about that causing problems later on. I played around a bit and with some advice from bawolff I got CI to install the plugin in a separate directory so it won't be affected by the extensions' own config. This will also fix the problem of BlueSpice* depending upon ext-tidy, which wasn't installed in the docker container.

That sounds like a good solution. It needs to install some extra packages, but that is okay.

The normal phan job install in /src/phan/ to bypass the same problems (I guess).

sbassett moved this task from Wikimedia deployed to Done on the phan-taint-check-plugin board.Oct 15 2019, 6:53 PM
sbassett triaged this task as Medium priority.Oct 15 2019, 7:35 PM
sbassett removed a project: Patch-For-Review.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL