Page MenuHomePhabricator
Create Task
Maniphest T203344

phan-taint-check should warn about unnecessary @suppress tags
Closed, ResolvedPublic
Actions

Description

https://github.com/phan/phan/blob/master/.phan/plugins/UnusedSuppressionPlugin.php is an upstream plugin that does this, but we'd just want it to warn about SecurityCheck-* ones.

This would have caught https://gerrit.wikimedia.org/r/457074 for example.

Details

SubjectRepoBranchLines +/-
Add UnusedSuppressionPlugin limited to our warningsmediawiki/tools/phan/SecurityCheckPluginmaster+22 -19
Customize query in gerrit

Related Objects

Event Timeline

Legoktm triaged this task as Low priority.Sep 2 2018, 4:03 AM
Legoktm created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 2 2018, 4:03 AM
Bawolff moved this task from Backlog to Plugin itself on the phan-taint-check-plugin board.Sep 4 2018, 9:29 AM
Daimona subscribed.May 3 2019, 10:50 AM

I tried to do this as part of the plugin upgrade. However, phan has no way to filter unused suppressions. I think our best bet is to add the config option to phan. This problem wouldn't be a thing if seccheck ran in the same job as phan does (where unusedsuppression is enabled), but I doubt this is something we'd want to do in the near future.

Daimona added a project: User-Daimona.May 7 2019, 5:48 PM
Daimona claimed this task.Jul 12 2019, 11:16 AM

Opened PR upstream for https://github.com/phan/phan/issues/2961. Will be included in seccheck 3.x, after the upgrade to phan 2.x.

Daimona moved this task from Backlog to Blocked on the User-Daimona board.Jul 12 2019, 11:16 AM
gerritbot added a comment.Jul 15 2019, 9:23 AM

Change 523108 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/tools/phan/SecurityCheckPlugin@master] Add UnusedSuppressionPlugin limited to our warnings

https://gerrit.wikimedia.org/r/523108

gerritbot added a project: Patch-For-Review.Jul 15 2019, 9:23 AM
Daimona moved this task from Blocked to Under review on the User-Daimona board.Jul 15 2019, 9:26 AM
Daimona removed a project: User-Daimona.Jan 12 2020, 11:34 AM
gerritbot added a comment.Mar 26 2020, 4:23 PM

Change 523108 merged by jenkins-bot:
[mediawiki/tools/phan/SecurityCheckPlugin@master] Add UnusedSuppressionPlugin limited to our warnings

https://gerrit.wikimedia.org/r/523108

Daimona closed this task as Resolved.Mar 26 2020, 4:27 PM
Daimona removed a project: Patch-For-Review.
Jdforrester-WMF mentioned this in rMTPSb0ff035b225f: Add UnusedSuppressionPlugin limited to our warnings.Mar 26 2020, 6:28 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL