Page MenuHomePhabricator

phan-taint-check-plugin false positive in Linker::formatLinksInComment()
Closed, ResolvedPublic

Description

Filing as a security out of caution.

I spent a while trying to track down the final phan-taint-check-plugin failures in CheckUser, and tracked it down to Linker::formatLinksInComment(). I wasn't really able to narrow it down farther than that, it seemed to be complaining about the regex itself. I would appreciate a review of the function by someone other than myself before I add @return-taint escaped to it.

This is a false positive in the plugin.

Event Timeline

Legoktm created this task.Aug 25 2018, 5:52 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 25 2018, 5:52 AM

Spoke with @Bawolff on IRC, this isn't a security issue, it's a false positive in the plugin.

Legoktm renamed this task from phan-taint-check-plugin is reporting an XSS issue in Linker::formatLinksInComment() to phan-taint-check-plugin false positive in Linker::formatLinksInComment().Aug 30 2018, 5:04 AM
Legoktm removed a project: acl*security.
Legoktm updated the task description. (Show Details)
Legoktm changed the visibility from "Custom Policy" to "Public (No Login Required)".
Restricted Application added a project: acl*security. · View Herald TranscriptAug 30 2018, 5:04 AM

Change 456332 had a related patch set uploaded (by Legoktm; owner: Legoktm):
[mediawiki/core@master] Linker: Add @return-taint for formatLinksInComment()

https://gerrit.wikimedia.org/r/456332

Change 456332 merged by jenkins-bot:
[mediawiki/core@master] Linker: Add @return-taint for formatLinksInComment()

https://gerrit.wikimedia.org/r/456332

Change 456582 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] Change @return-taint to use onlysafefor_html instad of escapes_html

https://gerrit.wikimedia.org/r/456582

Change 456582 merged by jenkins-bot:
[mediawiki/core@master] Change @return-taint to use onlysafefor_html instad of escapes_html

https://gerrit.wikimedia.org/r/456582

Bawolff closed this task as Resolved.Sep 4 2018, 9:31 AM
Bawolff claimed this task.
sbassett triaged this task as Medium priority.Oct 15 2019, 7:42 PM