Page MenuHomePhabricator

Suppress or fix non-double escape phan-taint-check warnings for MW core
Closed, ResolvedPublic

Description

As the first step to getting phan-taint-check running on MW core, we need to get rid of the false (and true!) positives in MW core.

As first step, ignore the double escaping warnings, to make this task more manageable (We can exclude those warnings in initial deployment to build process)

Details

ProjectBranchLines +/-Subject
mediawiki/coremaster+22 -11
mediawiki/coremaster+0 -1
mediawiki/coremaster+77 -60
mediawiki/coremaster+2 -1
mediawiki/coremaster+5 -0
mediawiki/coremaster+3 -0
mediawiki/coremaster+30 -8
mediawiki/coremaster+4 -0
mediawiki/tools/phan/SecurityCheckPluginmaster+57 -8
mediawiki/coremaster+12 -6
mediawiki/coremaster+12 -7
mediawiki/coremaster+6 -1
mediawiki/coremaster+2 -0
mediawiki/coremaster+2 -0
mediawiki/coremaster+7 -7
mediawiki/coremaster+26 -26
mediawiki/coremaster+19 -26
mediawiki/coremaster+2 -2
mediawiki/coremaster+2 -0
mediawiki/coremaster+3 -1
mediawiki/coremaster+15 -9
mediawiki/coremaster+14 -2
mediawiki/coremaster+42 -25
mediawiki/coremaster+2 -2
mediawiki/coremaster+17 -6
mediawiki/coremaster+5 -0
mediawiki/coremaster+4 -4
mediawiki/coremaster+1 -1
Show related patches Customize query in gerrit

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

Change 491036 merged by jenkins-bot:
[mediawiki/core@master] Make Special:Version escape extension names that aren't links

https://gerrit.wikimedia.org/r/491036

I checked with 2.x, and we have 64 DoubleEscaped of a total of 512 warnings, so they're not really a problem. I'll sample a few warnings and check how many false positives I got. If there are too many, it may be worth fixing taint-check first (if the fix is easy), then start working on core as soon as a future version (not 2.0) is released.

EDIT: And apparently some of them are false positives. I'll check how we can fix those. ATM I cannot compare the results with seccheck master due to system incompatibility, so I'm wondering, is there an error count available for taint-check master?

I checked with 2.x, and we have 64 DoubleEscaped of a total of 512 warnings

After having fixed some other regressions, running https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/507619/ on core yields 218 DoubleEscaped warnings and 249 total warnings. I'll look into the remaining issues.

sbassett changed the task status from Open to Stalled.Jun 26 2019, 7:21 PM
sbassett triaged this task as Medium priority.
sbassett added a subscriber: sbassett.

@Daimona - with r/507619 being merged, do we need to keep this task open? If there are remaining issues, do we want to break those out into other tasks?

@sbassett Great question! I think we need the final error count with seccheck 2.x. Individual tasks will probably be the right choice once we get a limited amount of different errors.

Change 522419 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/core@master] [WIP] Add phan-taint-check-plugin

https://gerrit.wikimedia.org/r/522419

Daimona changed the task status from Stalled to Open.Jul 12 2019, 11:50 AM

Let's see how many things we have to fix, and whether to open separate tasks.

Current warnings list is here:

1<?xml version="1.0" encoding="ISO-8859-15"?>
2<checkstyle version="6.5">
3 <file name="includes/CategoryViewer.php">
4 <error line="184" severity="warning" message="Calling method \CategoryViewer::generateLink() in \CategoryViewer::addSubcategoryObject that outputs using tainted argument $[arg #4]. (Caused by: includes/CategoryViewer.php +203)" source="SecurityCheck-DoubleEscaped"/>
5 <error line="416" severity="warning" message="Calling method \CategoryViewer::formatList() in \CategoryViewer::getSubcategorySection that outputs using tainted argument $[arg #2]. (Caused by: includes/CategoryViewer.php +534) (Caused by: includes/CategoryViewer.php +191; includes/CategoryViewer.php +275)" source="SecurityCheck-DoubleEscaped"/>
6 <error line="446" severity="warning" message="Calling method \CategoryViewer::formatList() in \CategoryViewer::getPagesSection that outputs using tainted argument $[arg #2]. (Caused by: includes/CategoryViewer.php +534) (Caused by: includes/CategoryViewer.php +268; includes/CategoryViewer.php +279)" source="SecurityCheck-DoubleEscaped"/>
7 <error line="474" severity="warning" message="Calling method \CategoryViewer::formatList() in \CategoryViewer::getImageSection that outputs using tainted argument $[arg #2]. (Caused by: includes/CategoryViewer.php +534) (Caused by: includes/CategoryViewer.php +253; includes/CategoryViewer.php +283)" source="SecurityCheck-DoubleEscaped"/>
8 </file>
9 <file name="includes/Linker.php">
10 <error line="858" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/Linker.php +858)" source="SecurityCheck-DoubleEscaped"/>
11 <error line="1760" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/Linker.php +1760)" source="SecurityCheck-DoubleEscaped"/>
12 </file>
13 <file name="includes/OutputPage.php">
14 <error line="2561" severity="warning" message="Echoing expression that was not html escaped (Caused by: includes/OutputPage.php +1573; includes/OutputPage.php +1551; includes/OutputPage.php +1560; includes/OutputPage.php +1939; includes/OutputPage.php +2653; includes/OutputPage.php +3960; includes/OutputPage.php +2843; includes/OutputPage.php +2730; i...)" source="SecurityCheck-XSS"/>
15 <error line="3165" severity="warning" message="Calling method \ResourceLoader::makeConfigSetScript() in \OutputPage::getBottomScripts that outputs using tainted argument $[arg #1]. (Caused by: includes/resourceloader/ResourceLoader.php +1537) (Caused by: includes/OutputPage.php +1890)" source="SecurityCheck-DoubleEscaped"/>
16 <error line="3166" severity="warning" message="Calling method \ResourceLoader::makeConfigSetScript() in \OutputPage::getBottomScripts that outputs using tainted argument $[arg #1]. (Caused by: includes/resourceloader/ResourceLoader.php +1537) (Caused by: includes/OutputPage.php +1890)" source="SecurityCheck-DoubleEscaped"/>
17 <error line="3816" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/OutputPage.php +3812)" source="SecurityCheck-DoubleEscaped"/>
18 </file>
19 <file name="includes/Rest/ResponseFactory.php">
20 <error line="234" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/Rest/ResponseFactory.php +234)" source="SecurityCheck-DoubleEscaped"/>
21 </file>
22 <file name="includes/actions/HistoryAction.php">
23 <error line="415" severity="warning" message="Calling method \FeedItem::__construct() in \HistoryAction::feedEmpty that outputs using tainted argument $[arg #2]. (Caused by: includes/changes/FeedItem.php +145) (Caused by: Builtin-\Message::parseAsBlock; includes/language/Message.php +981)" source="SecurityCheck-DoubleEscaped"/>
24 <error line="457" severity="warning" message="Calling method \FeedItem::__construct() in \HistoryAction::feedItem that outputs using tainted argument $text. (Caused by: includes/changes/FeedItem.php +145) (Caused by: includes/actions/HistoryAction.php +436)" source="SecurityCheck-DoubleEscaped"/>
25 </file>
26 <file name="includes/actions/RawAction.php">
27 <error line="127" severity="warning" message="Calling method \HttpError::__construct() in \RawAction::onView that outputs using tainted argument $msg. (Caused by: includes/exception/HttpError.php +122) (Caused by: includes/actions/RawAction.php +126)" source="SecurityCheck-DoubleEscaped"/>
28 <error line="152" severity="warning" message="Calling method \HttpError::__construct() in \RawAction::onView that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php +122) (Caused by: includes/GlobalFunctions.php +1270)" source="SecurityCheck-DoubleEscaped"/>
29 </file>
30 <file name="includes/api/ApiCSPReport.php">
31 <error line="188" severity="warning" message="Calling method \ApiCSPReport::error() in \ApiCSPReport::getReport that outputs using tainted argument $msg. (Caused by: includes/api/ApiCSPReport.php +252) (Caused by: includes/api/ApiCSPReport.php +184)" source="SecurityCheck-DoubleEscaped"/>
32 </file>
33 <file name="includes/api/ApiFeedContributions.php">
34 <error line="148" severity="warning" message="Calling method \FeedItem::__construct() in \ApiFeedContributions::feedItem that outputs using tainted argument $[arg #2]. (Caused by: includes/changes/FeedItem.php +145) (Caused by: includes/api/ApiFeedContributions.php +197; includes/api/ApiFeedContributions.php +177)" source="SecurityCheck-DoubleEscaped"/>
35 </file>
36 <file name="includes/api/ApiFeedWatchlist.php">
37 <error line="157" severity="warning" message="Calling method \FeedItem::__construct() in \ApiFeedWatchlist::execute that outputs using tainted argument $errorTitle. (Caused by: includes/changes/FeedItem.php +119) (Caused by: includes/api/ApiFeedWatchlist.php +155)" source="SecurityCheck-DoubleEscaped"/>
38 <error line="164" severity="warning" message="Calling method \FeedItem::__construct() in \ApiFeedWatchlist::execute that outputs using tainted argument $errorTitle. (Caused by: includes/changes/FeedItem.php +119) (Caused by: includes/api/ApiFeedWatchlist.php +162)" source="SecurityCheck-DoubleEscaped"/>
39 </file>
40 <file name="includes/api/ApiFormatJson.php">
41 <error line="112" severity="warning" message="Calling method \ApiFormatJson::printText() in \ApiFormatJson::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/api/ApiFormatJson.php +112; includes/api/ApiFormatJson.php +109)" source="SecurityCheck-XSS"/>
42 </file>
43 <file name="includes/api/ApiHelp.php">
44 <error line="293" severity="warning" message="Calling method \Html::element() in \ApiHelp::getHelpInternal that outputs using tainted argument $headerContent. (Caused by: Builtin-\Html::element) (Caused by: includes/api/ApiHelp.php +269; includes/api/ApiHelp.php +293)" source="SecurityCheck-DoubleEscaped"/>
45 <error line="571" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/api/ApiHelp.php +571)" source="SecurityCheck-DoubleEscaped"/>
46 <error line="807" severity="warning" message="Calling method \Html::element() in \ApiHelp::getHelpInternal that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::element) (Caused by: includes/api/ApiHelp.php +317; includes/api/ApiHelp.php +808; includes/api/ApiHelp.php +807)" source="SecurityCheck-DoubleEscaped"/>
47 <error line="808" severity="warning" message="Calling method \Html::element() in \ApiHelp::getHelpInternal that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::element) (Caused by: includes/api/ApiHelp.php +317; includes/api/ApiHelp.php +808)" source="SecurityCheck-DoubleEscaped"/>
48 </file>
49 <file name="includes/api/ApiQueryBacklinks.php">
50 <error line="450" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/api/ApiQueryBacklinks.php +173; includes/api/ApiQueryBacklinks.php +295; includes/api/ApiQueryBacklinks.php +250; includes/api/ApiQueryBacklinks.php +294; includes/api/ApiQueryBacklinks.php +287)" source="SecurityCheck-DoubleEscaped"/>
51 </file>
52 <file name="includes/block/DatabaseBlock.php">
53 <error line="321" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \MediaWiki\Block\DatabaseBlock::newLoad that outputs using tainted argument $conds. (Caused by: Builtin-\Wikimedia\Rdbms\Database::select) (Caused by: includes/block/DatabaseBlock.php +299; includes/block/DatabaseBlock.php +295; includes/block/DatabaseBlock.php +303; includes/block/DatabaseBlock.php +305; includes/block/DatabaseBlock.php +310; includes/block/DatabaseBlock.php +312)" source="SecurityCheck-SQLInjection"/>
54 </file>
55 <file name="includes/changes/ChangesFeed.php">
56 <error line="115" severity="warning" message="Calling method \FeedItem::__construct() in \ChangesFeed::buildItems that outputs using tainted argument $[arg #5]. (Caused by: includes/changes/FeedItem.php +182) (Caused by: Builtin-\Message::escaped; includes/language/Message.php +994)" source="SecurityCheck-DoubleEscaped"/>
57 </file>
58 <file name="includes/changes/EnhancedChangesList.php">
59 <error line="756" severity="warning" message="Calling method \Html::rawElement() in \EnhancedChangesList::recentChangesBlockLine that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::rawElement) (Caused by: includes/changes/EnhancedChangesList.php +755)" source="SecurityCheck-DoubleEscaped"/>
60 </file>
61 <file name="includes/changes/FeedItem.php">
62 <error line="119" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getTitle that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/changes/FeedItem.php +119; includes/api/ApiFeedContributions.php +148; includes/changes/ChangesFeed.php +115; includes/api/ApiFeedWatchlist.php +157)" source="SecurityCheck-DoubleEscaped"/>
63 <error line="119" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getTitle that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/changes/FeedItem.php +119; includes/api/ApiFeedContributions.php +148; includes/changes/ChangesFeed.php +115; includes/api/ApiFeedWatchlist.php +157; includes/api/ApiFeedWatchlist.php +164; includes/actions/HistoryAction.php +457)" source="SecurityCheck-DoubleEscaped"/>
64 <error line="119" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getTitle that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/changes/FeedItem.php +119; includes/api/ApiFeedContributions.php +148; includes/changes/ChangesFeed.php +115; includes/api/ApiFeedWatchlist.php +157; includes/api/ApiFeedWatchlist.php +164; includes/actions/HistoryAction.php +457; includes/...)" source="SecurityCheck-DoubleEscaped"/>
65 <error line="145" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getDescription that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/api/ApiFeedContributions.php +148; includes/changes/FeedItem.php +145)" source="SecurityCheck-DoubleEscaped"/>
66 <error line="145" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getDescription that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/api/ApiFeedContributions.php +148; includes/changes/FeedItem.php +145; includes/actions/HistoryAction.php +457)" source="SecurityCheck-DoubleEscaped"/>
67 <error line="145" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getDescription that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/api/ApiFeedContributions.php +148; includes/changes/FeedItem.php +145; includes/actions/HistoryAction.php +457; includes/actions/HistoryAction.php +415)" source="SecurityCheck-DoubleEscaped"/>
68 <error line="145" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getDescription that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/api/ApiFeedContributions.php +148; includes/changes/FeedItem.php +145; includes/actions/HistoryAction.php +457; includes/actions/HistoryAction.php +415; includes/specials/SpecialNewpages.php +490)" source="SecurityCheck-DoubleEscaped"/>
69 <error line="182" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getAuthor that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/changes/FeedItem.php +182; includes/changes/ChangesFeed.php +115)" source="SecurityCheck-DoubleEscaped"/>
70 <error line="182" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getAuthor that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/changes/FeedItem.php +182; includes/changes/ChangesFeed.php +115; includes/specials/SpecialNewpages.php +490)" source="SecurityCheck-DoubleEscaped"/>
71 </file>
72 <file name="includes/exception/HttpError.php">
73 <error line="122" severity="warning" message="Calling method \htmlspecialchars() in \HttpError::getHTML that outputs using tainted argument $[arg #1]. (Caused by: includes/exception/HttpError.php +122; includes/actions/RawAction.php +127)" source="SecurityCheck-DoubleEscaped"/>
74 <error line="122" severity="warning" message="Calling method \htmlspecialchars() in \HttpError::getHTML that outputs using tainted argument $[arg #1]. (Caused by: includes/exception/HttpError.php +122; includes/actions/RawAction.php +127; includes/actions/RawAction.php +152; includes/linkeddata/PageDataRequestHandler.php +75; includes/linkeddata/PageDataRequestHandler.php +92; includes/linkeddata/PageDataRequ...)" source="SecurityCheck-DoubleEscaped"/>
75 </file>
76 <file name="includes/htmlform/fields/HTMLFormFieldCloner.php">
77 <error line="391" severity="warning" message="Calling method \Html::rawElement() in \HTMLFormFieldCloner::getInputHTML that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::rawElement) (Caused by: includes/htmlform/fields/HTMLFormFieldCloner.php +390)" source="SecurityCheck-DoubleEscaped"/>
78 <error line="471" severity="warning" message="Calling method \Html::rawElement() in \HTMLFormFieldCloner::getInputOOUI that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::rawElement) (Caused by: includes/htmlform/fields/HTMLFormFieldCloner.php +470)" source="SecurityCheck-DoubleEscaped"/>
79 </file>
80 <file name="includes/installer/DatabaseInstaller.php">
81 <error line="643" severity="warning" message="Calling method \DatabaseInstaller::getPasswordBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +545) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
82 <error line="643" severity="warning" message="Calling method \DatabaseInstaller::getTextBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +518) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
83 <error line="645" severity="warning" message="Calling method \DatabaseInstaller::getTextBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +518) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
84 <error line="651" severity="warning" message="Calling method \DatabaseInstaller::getPasswordBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +545) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
85 </file>
86 <file name="includes/installer/DatabaseUpdater.php">
87 <error line="227" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/installer/DatabaseUpdater.php +227)" source="SecurityCheck-DoubleEscaped"/>
88 </file>
89 <file name="includes/installer/MssqlInstaller.php">
90 <error line="92" severity="warning" message="Calling method \MssqlInstaller::getPasswordBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
91 <error line="92" severity="warning" message="Calling method \MssqlInstaller::getRadioSet() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
92 <error line="92" severity="warning" message="Calling method \MssqlInstaller::getTextBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
93 <error line="100" severity="warning" message="Calling method \MssqlInstaller::getTextBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
94 <error line="102" severity="warning" message="Calling method \MssqlInstaller::getTextBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
95 <error line="104" severity="warning" message="Calling method \MssqlInstaller::getTextBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
96 <error line="109" severity="warning" message="Calling method \MssqlInstaller::getRadioSet() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
97 <error line="127" severity="warning" message="Calling method \MssqlInstaller::getTextBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
98 <error line="133" severity="warning" message="Calling method \MssqlInstaller::getPasswordBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
99 <error line="325" severity="error" message="Calling method \Wikimedia\Rdbms\Database::query() in \MssqlInstaller::canCreateAccounts that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query)" source="SecurityCheck-SQLInjection"/>
100 <error line="368" severity="warning" message="Calling method \MssqlInstaller::getRadioSet() in \MssqlInstaller::getSettingsForm that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
101 <error line="375" severity="warning" message="Calling method \MssqlInstaller::getRadioSet() in \MssqlInstaller::getSettingsForm that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
102 </file>
103 <file name="includes/installer/MysqlInstaller.php">
104 <error line="82" severity="warning" message="Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
105 <error line="90" severity="warning" message="Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
106 <error line="92" severity="warning" message="Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
107 </file>
108 <file name="includes/installer/OracleInstaller.php">
109 <error line="67" severity="warning" message="Calling method \OracleInstaller::getTextBox() in \OracleInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
110 <error line="77" severity="warning" message="Calling method \OracleInstaller::getTextBox() in \OracleInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
111 </file>
112 <file name="includes/installer/PostgresInstaller.php">
113 <error line="64" severity="warning" message="Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
114 <error line="73" severity="warning" message="Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
115 <error line="79" severity="warning" message="Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
116 </file>
117 <file name="includes/installer/PostgresUpdater.php">
118 <error line="1071" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \PostgresUpdater::dropFkey that outputs using tainted argument $command. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/installer/PostgresUpdater.php +1070; includes/installer/PostgresUpdater.php +1066; includes/installer/PostgresUpdater.php +1062; includes/installer/PostgresUpdater.php +1068)" source="SecurityCheck-SQLInjection"/>
119 <error line="1093" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \PostgresUpdater::changeFkeyDeferrable that outputs using tainted argument $command. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/installer/PostgresUpdater.php +1092; includes/installer/PostgresUpdater.php +1089; includes/installer/PostgresUpdater.php +1080; includes/installer/PostgresUpdater.php +1088)" source="SecurityCheck-SQLInjection"/>
120 </file>
121 <file name="includes/installer/SqliteInstaller.php">
122 <error line="88" severity="warning" message="Calling method \SqliteInstaller::getTextBox() in \SqliteInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +518) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
123 <error line="93" severity="warning" message="Calling method \SqliteInstaller::getTextBox() in \SqliteInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +518) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
124 </file>
125 <file name="includes/installer/WebInstallerName.php">
126 <error line="58" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
127 <error line="58" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932) (Caused by: includes/installer/WebInstaller.php +692; includes/installer/WebInstallerName.php +56)" source="SecurityCheck-DoubleEscaped"/>
128 <error line="58" severity="warning" message="Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +970) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
129 <error line="58" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +805) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
130 <error line="59" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
131 <error line="59" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932) (Caused by: includes/installer/WebInstaller.php +692; includes/installer/WebInstallerName.php +56)" source="SecurityCheck-DoubleEscaped"/>
132 <error line="59" severity="warning" message="Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +970) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
133 <error line="59" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +805) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
134 <error line="67" severity="warning" message="Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +970) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
135 <error line="82" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +805) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
136 <error line="95" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +805) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
137 <error line="103" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
138 <error line="108" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932) (Caused by: includes/installer/WebInstaller.php +692; includes/installer/WebInstallerName.php +56)" source="SecurityCheck-DoubleEscaped"/>
139 </file>
140 <file name="includes/installer/WebInstallerOptions.php">
141 <error line="127" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932; includes/installer/WebInstallerName.php +58) (Caused by: includes/installer/WebInstallerOptions.php +125; includes/installer/WebInstallerOptions.php +121) (1092280 &amp;lt;- 567976)" source="SecurityCheckMulti"/>
142 <error line="128" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932; includes/installer/WebInstallerName.php +58) (Caused by: includes/installer/WebInstallerOptions.php +125; includes/installer/WebInstallerOptions.php +121) (1092280 &amp;lt;- 567976)" source="SecurityCheckMulti"/>
143 <error line="129" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932; includes/installer/WebInstallerName.php +58) (Caused by: includes/installer/WebInstallerOptions.php +125; includes/installer/WebInstallerOptions.php +121) (1092280 &amp;lt;- 567976)" source="SecurityCheckMulti"/>
144 <error line="145" severity="warning" message="Calling method \WebInstallerOptions::addHTML() in \WebInstallerOptions::execute that outputs using tainted argument $skinHtml. (Caused by: includes/installer/WebInstallerOptions.php +108; includes/installer/WebInstallerOptions.php +127; includes/installer/WebInstallerOptions.php +114; includes/installer/WebInstallerOptions.php +138; includes/installer/WebInstallerOptions.php +143; incl...)" source="SecurityCheck-XSS"/>
145 <error line="246" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932; includes/installer/WebInstallerName.php +58) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
146 <error line="246" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +805) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
147 <error line="248" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932; includes/installer/WebInstallerName.php +58) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
148 <error line="248" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +805) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
149 <error line="249" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932; includes/installer/WebInstallerName.php +58) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
150 <error line="256" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +805) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
151 <error line="263" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +805) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
152 <error line="270" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932; includes/installer/WebInstallerName.php +58) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
153 <error line="271" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932; includes/installer/WebInstallerName.php +58) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
154 <error line="298" severity="warning" message="Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +852) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
155 <error line="300" severity="warning" message="Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +852) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
156 <error line="314" severity="warning" message="Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +852) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
157 </file>
158 <file name="includes/jobqueue/utils/BacklinkJobUtils.php">
159 <error line="102" severity="error" message="Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument $[arg #1]. (Caused by: includes/cache/BacklinkCache.php +441) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)" source="SecurityCheck-SQLInjection"/>
160 <error line="112" severity="error" message="Calling method \BacklinkCache::getLinks() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument $[arg #1]. (Caused by: includes/cache/BacklinkCache.php +172) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)" source="SecurityCheck-SQLInjection"/>
161 </file>
162 <file name="includes/language/Message.php">
163 <error line="1396" severity="warning" message="Calling method \Message::extractParam() in \Message::formatListParam that outputs using tainted argument $[arg #1]. (Caused by: includes/language/Message.php +1204)" source="SecurityCheck-DoubleEscaped"/>
164 <error line="1396" severity="warning" message="Calling method \Message::extractParam() in \Message::formatListParam that outputs using tainted argument $[arg #1]. (Caused by: includes/language/Message.php +1204; includes/language/Message.php +1245)" source="SecurityCheck-DoubleEscaped"/>
165 </file>
166 <file name="includes/libs/rdbms/database/DatabasePostgres.php">
167 <error line="874" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \Wikimedia\Rdbms\DatabasePostgres::resetSequenceForTable that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query)" source="SecurityCheck-SQLInjection"/>
168 </file>
169 <file name="includes/linkeddata/PageDataRequestHandler.php">
170 <error line="75" severity="warning" message="Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php +122) (Caused by: includes/GlobalFunctions.php +1270)" source="SecurityCheck-DoubleEscaped"/>
171 <error line="92" severity="warning" message="Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php +122) (Caused by: includes/GlobalFunctions.php +1270; includes/linkeddata/PageDataRequestHandler.php +84)" source="SecurityCheck-DoubleEscaped"/>
172 <error line="98" severity="warning" message="Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php +122) (Caused by: includes/GlobalFunctions.php +1270; includes/linkeddata/PageDataRequestHandler.php +84; includes/linkeddata/PageDataRequestHandler.php +96)" source="SecurityCheck-DoubleEscaped"/>
173 <error line="147" severity="warning" message="Calling method \HttpError::__construct() in \PageDataRequestHandler::httpContentNegotiation that outputs using tainted argument $msg. (Caused by: includes/exception/HttpError.php +122) (Caused by: includes/linkeddata/PageDataRequestHandler.php +146)" source="SecurityCheck-DoubleEscaped"/>
174 </file>
175 <file name="includes/logging/BlockLogFormatter.php">
176 <error line="74" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/logging/BlockLogFormatter.php +32; includes/logging/BlockLogFormatter.php +59)" source="SecurityCheck-DoubleEscaped"/>
177 </file>
178 <file name="includes/media/ExifBitmapHandler.php">
179 <error line="66" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/media/ExifBitmapHandler.php +44; includes/media/ExifBitmapHandler.php +58; includes/media/ExifBitmapHandler.php +67; includes/media/ExifBitmapHandler.php +66) (1049600 &amp;lt;- 567976)" source="SecurityCheckMulti"/>
180 </file>
181 <file name="includes/media/FormatMetadata.php">
182 <error line="164" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/media/FormatMetadata.php +164)" source="SecurityCheck-DoubleEscaped"/>
183 <error line="941" severity="warning" message="Calling method \htmlspecialchars() in \FormatMetadata::makeFormattedData that outputs using tainted argument $val. (Caused by: includes/media/FormatMetadata.php +168; includes/media/FormatMetadata.php +183; includes/media/FormatMetadata.php +205; includes/media/FormatMetadata.php +223; includes/media/FormatMetadata.php +235; includes/media/FormatMetadata.php +248; includes/...)" source="SecurityCheck-DoubleEscaped"/>
184 <error line="952" severity="warning" message="Calling method \htmlspecialchars() in \FormatMetadata::makeFormattedData that outputs using tainted argument $val. (Caused by: includes/media/FormatMetadata.php +168; includes/media/FormatMetadata.php +183; includes/media/FormatMetadata.php +205; includes/media/FormatMetadata.php +223; includes/media/FormatMetadata.php +235; includes/media/FormatMetadata.php +248; includes/...)" source="SecurityCheck-DoubleEscaped"/>
185 <error line="974" severity="warning" message="Calling method \htmlspecialchars() in \FormatMetadata::makeFormattedData that outputs using tainted argument $[arg #1]. (Caused by: includes/media/FormatMetadata.php +168; includes/media/FormatMetadata.php +183; includes/media/FormatMetadata.php +205; includes/media/FormatMetadata.php +223; includes/media/FormatMetadata.php +235; includes/media/FormatMetadata.php +248; includes/...)" source="SecurityCheck-DoubleEscaped"/>
186 </file>
187 <file name="includes/page/ImagePage.php">
188 <error line="165" severity="warning" message="Calling method \OutputPage::addHTML() in \ImagePage::view that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/page/ImagePage.php +725; includes/page/ImagePage.php +701)" source="SecurityCheck-XSS"/>
189 </file>
190 <file name="includes/parser/PPFrame_DOM.php">
191 <error line="127" severity="warning" message="Calling method \wfEscapeWikiText() in \PPFrame_DOM::newChild that outputs using tainted argument $name. (Caused by: includes/GlobalFunctions.php +1549) (Caused by: includes/parser/PPFrame_DOM.php +125)" source="SecurityCheck-DoubleEscaped"/>
192 <error line="130" severity="warning" message="Calling method \wfEscapeWikiText() in \PPFrame_DOM::newChild that outputs using tainted argument $name. (Caused by: includes/GlobalFunctions.php +1549) (Caused by: includes/parser/PPFrame_DOM.php +125)" source="SecurityCheck-DoubleEscaped"/>
193 </file>
194 <file name="includes/parser/PPFrame_Hash.php">
195 <error line="119" severity="warning" message="Calling method \wfEscapeWikiText() in \PPFrame_Hash::newChild that outputs using tainted argument $name. (Caused by: includes/GlobalFunctions.php +1549) (Caused by: includes/parser/PPFrame_Hash.php +117)" source="SecurityCheck-DoubleEscaped"/>
196 <error line="122" severity="warning" message="Calling method \wfEscapeWikiText() in \PPFrame_Hash::newChild that outputs using tainted argument $name. (Caused by: includes/GlobalFunctions.php +1549) (Caused by: includes/parser/PPFrame_Hash.php +117)" source="SecurityCheck-DoubleEscaped"/>
197 </file>
198 <file name="includes/parser/Parser.php">
199 <error line="555" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +555)" source="SecurityCheck-DoubleEscaped"/>
200 <error line="762" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +762)" source="SecurityCheck-DoubleEscaped"/>
201 <error line="1428" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +1428)" source="SecurityCheck-DoubleEscaped"/>
202 <error line="1442" severity="warning" message="Calling method \Parser::doTableStuff() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1449) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442)" source="SecurityCheck-DoubleEscaped"/>
203 <error line="1442" severity="warning" message="Calling method \Parser::doTableStuff() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1449) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442)" source="SecurityCheck-DoubleEscaped"/>
204 <error line="1442" severity="warning" message="Calling method \Parser::doTableStuff() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1449) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442)" source="SecurityCheck-DoubleEscaped"/>
205 <error line="1442" severity="warning" message="Calling method \Parser::doTableStuff() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1449) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442)" source="SecurityCheck-DoubleEscaped"/>
206 <error line="1449" severity="warning" message="Calling method \Parser::replaceInternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +2239) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
207 <error line="1449" severity="warning" message="Calling method \Parser::replaceInternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +2239) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/parser/Parser.php +1449)" source="SecurityCheck-DoubleEscaped"/>
208 <error line="1449" severity="warning" message="Calling method \Parser::replaceInternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +2239) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/parser/Parser.php +1449)" source="SecurityCheck-DoubleEscaped"/>
209 <error line="1449" severity="warning" message="Calling method \Parser::replaceInternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +2239) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/parser/Parser.php +1449)" source="SecurityCheck-DoubleEscaped"/>
210 <error line="1449" severity="warning" message="Calling method \Parser::replaceInternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +2239) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/parser/Parser.php +1449)" source="SecurityCheck-DoubleEscaped"/>
211 <error line="1451" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1994) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
212 <error line="1451" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1994) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/parser/Parser.php +1449; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
213 <error line="1451" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1994) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/parser/Parser.php +1449; includes/parser/Parser.php +1451)" source="SecurityCheck-DoubleEscaped"/>
214 <error line="1451" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1994) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/parser/Parser.php +1449; includes/parser/Parser.php +1451)" source="SecurityCheck-DoubleEscaped"/>
215 <error line="1451" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1994) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/parser/Parser.php +1449; includes/parser/Parser.php +1451)" source="SecurityCheck-DoubleEscaped"/>
216 <error line="1996" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +1994)" source="SecurityCheck-DoubleEscaped"/>
217 <error line="2018" severity="warning" message="Calling method \LanguageConverter::markNoConversion() in \Parser::replaceExternalLinks that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1728) (Caused by: includes/parser/Parser.php +1994; includes/parser/Parser.php +1996; includes/parser/Parser.php +2018)" source="SecurityCheck-DoubleEscaped"/>
218 <error line="2027" severity="warning" message="Calling method \Linker::makeExternalLink() in \Parser::replaceExternalLinks that outputs using tainted argument $text. (Caused by: includes/Linker.php +844) (Caused by: includes/parser/Parser.php +1994; includes/parser/Parser.php +1996; includes/parser/Parser.php +2018; includes/parser/Parser.php +2027)" source="SecurityCheck-DoubleEscaped"/>
219 <error line="2027" severity="warning" message="Calling method \Linker::makeExternalLink() in \Parser::replaceExternalLinks that outputs using tainted argument $text. (Caused by: includes/Linker.php +844) (Caused by: includes/parser/Parser.php +1994; includes/parser/Parser.php +1996; includes/parser/Parser.php +2027)" source="SecurityCheck-DoubleEscaped"/>
220 <error line="2238" severity="warning" message="Calling method \Parser::replaceInternalLinks2() in \Parser::replaceInternalLinks that outputs using tainted argument $s. (Caused by: includes/parser/Parser.php +2482) (Caused by: includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
221 <error line="2369" severity="warning" message="Calling method \Parser::maybeDoSubpageLink() in \Parser::replaceInternalLinks2 that outputs using tainted argument $text. (Caused by: includes/Linker.php +1384) (Caused by: includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
222 <error line="2421" severity="warning" message="Calling method \Parser::replaceInternalLinks2() in \Parser::replaceInternalLinks2 that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +2482) (Caused by: includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
223 <error line="2482" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +2482)" source="SecurityCheck-DoubleEscaped"/>
224 <error line="2482" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +2609; includes/parser/Parser.php +2609; includes/parser/Parser.php +2609; includes/parser/Parser.php +2609; includes/parser/Parser.php +2609; includes/parser/Parser.php +2609; includes/parser/Parser.php +2609; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
225 <error line="2482" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +3338; includes/parser/Parser.php +3338; includes/parser/Parser.php +3338; includes/parser/Parser.php +3338; includes/parser/Parser.php +2369; includes/parser/Parser.php +3338; includes/parser/Parser.php +3338; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
226 <error line="2482" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::replaceInternalLinks2 that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1994) (Caused by: includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
227 <error line="2483" severity="warning" message="Calling method \Parser::replaceInternalLinks2() in \Parser::replaceInternalLinks2 that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +2482) (Caused by: includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
228 <error line="3492" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +3489; includes/parser/Parser.php +3492)" source="SecurityCheck-DoubleEscaped"/>
229 <error line="3507" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +3489; includes/parser/Parser.php +3492; includes/parser/Parser.php +3500)" source="SecurityCheck-XSS"/>
230 <error line="6187" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +6187)" source="SecurityCheck-DoubleEscaped"/>
231 </file>
232 <file name="includes/parser/Preprocessor_DOM.php">
233 <error line="99" severity="warning" message="Calling method \UtfNormal\Validator::cleanUp() in \Preprocessor_DOM::newPartNodeArray that outputs using tainted argument $xml. (Caused by: includes/media/DjVuImage.php +302) (Caused by: includes/parser/Preprocessor_DOM.php +83; includes/parser/Preprocessor_DOM.php +86; includes/parser/Preprocessor_DOM.php +91; includes/parser/Preprocessor_DOM.php +99)" source="SecurityCheck-DoubleEscaped"/>
234 <error line="176" severity="warning" message="Calling method \UtfNormal\Validator::cleanUp() in \Preprocessor_DOM::preprocessToObj that outputs using tainted argument $xml. (Caused by: includes/media/DjVuImage.php +302) (Caused by: includes/parser/Preprocessor_DOM.php +155)" source="SecurityCheck-DoubleEscaped"/>
235 </file>
236 <file name="includes/parser/Sanitizer.php">
237 <error line="1438" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Sanitizer.php +1438)" source="SecurityCheck-DoubleEscaped"/>
238 </file>
239 <file name="includes/preferences/DefaultPreferencesFactory.php">
240 <error line="351" severity="warning" message="HTMLForm label key escapes its input (Caused by: Builtin-\Message::parse; includes/language/Message.php +945)" source="SecurityCheck-DoubleEscaped"/>
241 <error line="707" severity="warning" message="HTMLForm option label needs escaping (Maybe false positive as could not determine if it was key or value that is unescaped) (Caused by: includes/preferences/DefaultPreferencesFactory.php +704)" source="SecurityCheck-XSS"/>
242 </file>
243 <file name="includes/specials/SpecialExpandTemplates.php">
244 <error line="130" severity="warning" message="Calling method \SpecialExpandTemplates::makeOutput() in \SpecialExpandTemplates::execute that outputs using tainted argument $rawhtml. (Caused by: includes/specials/SpecialExpandTemplates.php +227) (Caused by: includes/specials/SpecialExpandTemplates.php +128)" source="SecurityCheck-DoubleEscaped"/>
245 </file>
246 <file name="includes/specials/SpecialNewpages.php">
247 <error line="490" severity="warning" message="Calling method \FeedItem::__construct() in \SpecialNewpages::feedItem that outputs using tainted argument $[arg #2]. (Caused by: includes/changes/FeedItem.php +145) (Caused by: includes/specials/SpecialNewpages.php +519)" source="SecurityCheck-DoubleEscaped"/>
248 </file>
249 <file name="includes/specials/SpecialRecentChanges.php">
250 <error line="476" severity="warning" message="Calling method \Xml::tags() in \SpecialRecentChanges::doHeader that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Xml::tags) (Caused by: includes/specials/SpecialRecentChanges.php +469)" source="SecurityCheck-DoubleEscaped"/>
251 <error line="819" severity="warning" message="Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php +785)" source="SecurityCheck-DoubleEscaped"/>
252 <error line="916" severity="warning" message="Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php +785) (Caused by: Builtin-\Message::parse; includes/language/Message.php +945)" source="SecurityCheck-DoubleEscaped"/>
253 <error line="919" severity="warning" message="Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php +785) (Caused by: Builtin-\Message::parse; includes/language/Message.php +945)" source="SecurityCheck-DoubleEscaped"/>
254 </file>
255 <file name="includes/specials/SpecialStatistics.php">
256 <error line="277" severity="warning" message="Calling method \Language::formatNum() in \SpecialStatistics::getOtherStats that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstallerOptions.php +333)" source="SecurityCheck-DoubleEscaped"/>
257 <error line="279" severity="warning" message="Calling method \Language::formatNum() in \SpecialStatistics::getOtherStats that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstallerOptions.php +333)" source="SecurityCheck-DoubleEscaped"/>
258 </file>
259 <file name="includes/specials/SpecialVersion.php">
260 <error line="100" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/specials/SpecialVersion.php +100)" source="SecurityCheck-DoubleEscaped"/>
261 <error line="124" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/specials/SpecialVersion.php +124)" source="SecurityCheck-DoubleEscaped"/>
262 <error line="578" severity="warning" message="Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserTags that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +844) (Caused by: Builtin-\Message::parse; includes/language/Message.php +945)" source="SecurityCheck-DoubleEscaped"/>
263 <error line="584" severity="warning" message="Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserTags that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +844) (Caused by: Builtin-\Message::parse; includes/language/Message.php +945)" source="SecurityCheck-DoubleEscaped"/>
264 <error line="593" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/specials/SpecialVersion.php +593)" source="SecurityCheck-DoubleEscaped"/>
265 <error line="619" severity="warning" message="Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserFunctionHooks that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +844) (Caused by: Builtin-\Message::parse; includes/language/Message.php +945)" source="SecurityCheck-DoubleEscaped"/>
266 <error line="625" severity="warning" message="Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserFunctionHooks that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +844) (Caused by: Builtin-\Message::parse; includes/language/Message.php +945)" source="SecurityCheck-DoubleEscaped"/>
267 <error line="776" severity="warning" message="Calling method \Linker::makeExternalLink() in \SpecialVersion::getCreditsForExtension that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +844)" source="SecurityCheck-DoubleEscaped"/>
268 </file>
269 <file name="includes/specials/SpecialWhatLinksHere.php">
270 <error line="460" severity="warning" message="Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $prev. (Caused by: includes/specials/SpecialWhatLinksHere.php +442) (Caused by: includes/specials/SpecialWhatLinksHere.php +452)" source="SecurityCheck-DoubleEscaped"/>
271 <error line="464" severity="warning" message="Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $next. (Caused by: includes/specials/SpecialWhatLinksHere.php +442) (Caused by: includes/specials/SpecialWhatLinksHere.php +453)" source="SecurityCheck-DoubleEscaped"/>
272 <error line="472" severity="warning" message="Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $prettyLimit. (Caused by: includes/specials/SpecialWhatLinksHere.php +442) (Caused by: includes/specials/SpecialWhatLinksHere.php +470)" source="SecurityCheck-DoubleEscaped"/>
273 <error line="566" severity="warning" message="Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getFilterPanel that outputs using tainted argument $msg. (Caused by: includes/specials/SpecialWhatLinksHere.php +442) (Caused by: includes/specials/SpecialWhatLinksHere.php +564; includes/specials/SpecialWhatLinksHere.php +547; includes/specials/SpecialWhatLinksHere.php +548)" source="SecurityCheck-DoubleEscaped"/>
274 <error line="567" severity="warning" message="Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getFilterPanel that outputs using tainted argument $msg. (Caused by: includes/specials/SpecialWhatLinksHere.php +442) (Caused by: includes/specials/SpecialWhatLinksHere.php +564; includes/specials/SpecialWhatLinksHere.php +547; includes/specials/SpecialWhatLinksHere.php +548)" source="SecurityCheck-DoubleEscaped"/>
275 </file>
276 <file name="includes/specials/forms/UploadForm.php">
277 <error line="135" severity="warning" message="HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php +253)" source="SecurityCheck-XSS"/>
278 <error line="301" severity="warning" message="HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php +253)" source="SecurityCheck-XSS"/>
279 </file>
280 <file name="includes/specials/pagers/AllMessagesTablePager.php">
281 <error line="264" severity="warning" message="Calling method \MediaWiki\Linker\LinkRenderer::makeKnownLink() in \AllMessagesTablePager::formatValue that outputs using tainted argument $talkLink. (Caused by: Builtin-\MediaWiki\Linker\LinkRenderer::makeKnownLink) (Caused by: includes/specials/pagers/AllMessagesTablePager.php +253)" source="SecurityCheck-DoubleEscaped"/>
282 <error line="266" severity="warning" message="Calling method \MediaWiki\Linker\LinkRenderer::makeBrokenLink() in \AllMessagesTablePager::formatValue that outputs using tainted argument $talkLink. (Caused by: includes/linker/LinkRenderer.php +357) (Caused by: includes/specials/pagers/AllMessagesTablePager.php +253)" source="SecurityCheck-DoubleEscaped"/>
283 <error line="302" severity="warning" message="Calling method \Html::element() in \AllMessagesTablePager::formatRow that outputs using tainted argument $formatted. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/pagers/AllMessagesTablePager.php +296)" source="SecurityCheck-DoubleEscaped"/>
284 </file>
285 <file name="includes/specials/pagers/UsersPager.php">
286 <error line="177" severity="warning" message="Calling method \Linker::userLink() in \UsersPager::formatRow that outputs using tainted argument $userName. (Caused by: includes/Linker.php +918) (Caused by: includes/specials/pagers/UsersPager.php +175; includes/EditPage.php +3851; includes/EditPage.php +3878; includes/user/UserRightsProxy.php +130)" source="SecurityCheck-DoubleEscaped"/>
287 </file>
288 <file name="includes/user/User.php">
289 <error line="4519" severity="warning" message="Calling method \User::sendMail() in \User::sendConfirmationMail that outputs using tainted argument $[arg #4]. (Caused by: includes/user/User.php +4544) (Caused by: includes/user/User.php +4497)" source="SecurityCheck-XSS"/>
290 <error line="4776" severity="error" message="Calling method \Wikimedia\Rdbms\Database::selectField() in \User::getEditTimestamp that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::selectField) (Caused by: includes/user/User.php +4772)" source="SecurityCheck-SQLInjection"/>
291 <error line="5047" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::selectField() in \User::initEditCountInternal that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::selectField) (Caused by: includes/user/User.php +5046)" source="SecurityCheck-SQLInjection"/>
292 </file>
293 <file name="languages/Language.php">
294 <error line="4240" severity="warning" message="Calling method \htmlspecialchars() in \Language::convertHtml that outputs using tainted argument $[arg #1]. (Caused by: languages/Language.php +4185; languages/Language.php +4185; languages/Language.php +4240)" source="SecurityCheck-DoubleEscaped"/>
295 </file>
296 <file name="maintenance/convertLinks.php">
297 <error line="221" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \ConvertLinks::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/convertLinks.php +209; maintenance/convertLinks.php +205; maintenance/convertLinks.php +204; maintenance/convertLinks.php +158)" source="SecurityCheck-SQLInjection"/>
298 </file>
299 <file name="maintenance/populateContentTables.php">
300 <error line="219" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::select() in \PopulateContentTables::populateTable that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::select) (Caused by: maintenance/populateContentTables.php +218; maintenance/populateContentTables.php +217; maintenance/populateContentTables.php +201)" source="SecurityCheck-SQLInjection"/>
301 </file>
302 <file name="maintenance/refreshExternallinksIndex.php">
303 <error line="73" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RefreshExternallinksIndex::doDBUpdates that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance/refreshExternallinksIndex.php +71; maintenance/populateContentTables.php +201; maintenance/refreshExternallinksIndex.php +59)" source="SecurityCheck-SQLInjection"/>
304 </file>
305 <file name="maintenance/storage/compressOld.php">
306 <error line="331" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \CompressOld::compressWithConcat that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: includes/Title.php +3562; includes/Title.php +3562)" source="SecurityCheck-SQLInjection"/>
307 </file>
308</checkstyle>

It has 187 warnings, of which 165 are DoubleEscaped. This is way less than T216348#5185224.

Some of those are actual issues. However, I'd like to wait for seccheck 3.0 before starting to fix them.

Latest result with taint-check 3.0.1 (excluding roughly 120 DoubleEscaped warnings):

<checkstyle version="6.5">
  <file name="includes/OutputPage.php">
    <error line="2559" severity="warning" message="Echoing expression that was not html escaped (Caused by: includes/OutputPage.php +1611; includes/OutputPage.php +1589; includes/OutputPage.php +1598; includes/OutputPage.php +1970; includes/OutputPage.php +2559; includes/OutputPage.php +2653; includes/OutputPage.php +3981; includes/OutputPage.php +2843; i...)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/Revision/RevisionStore.php">
    <error line="2452" severity="error" message="Calling method \Wikimedia\Rdbms\DBConnRef::selectField() in \MediaWiki\Revision\RevisionStore::getRelativeRevision that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\DBConnRef::selectField)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="includes/export/WikiExporter.php">
    <error line="529" severity="warning" message="Calling method \DumpOutput::writeOpenPage() in \WikiExporter::outputPageStreamBatch that outputs using tainted argument $output. (Caused by: includes/export/DumpOutput.php +50) (Caused by: includes/export/WikiExporter.php +528)" source="SecurityCheck-XSS"/>
    <error line="532" severity="warning" message="Calling method \DumpOutput::writeRevision() in \WikiExporter::outputPageStreamBatch that outputs using tainted argument $output. (Caused by: includes/export/DumpOutput.php +65) (Caused by: includes/export/WikiExporter.php +531)" source="SecurityCheck-XSS"/>
    <error line="596" severity="warning" message="Calling method \DumpOutput::writeLogItem() in \WikiExporter::outputLogStream that outputs using tainted argument $output. (Caused by: includes/export/DumpOutput.php +73) (Caused by: includes/export/WikiExporter.php +595)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/installer/CliInstaller.php">
    <error line="233" severity="warning" message="Echoing expression that was not html escaped (Caused by: includes/installer/CliInstaller.php +253)" source="SecurityCheck-XSS"/>
    <error line="238" severity="warning" message="Echoing expression that was not html escaped (Caused by: includes/installer/CliInstaller.php +253)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/installer/PostgresUpdater.php">
    <error line="1113" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \PostgresUpdater::dropFkey that outputs using tainted argument $command. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/installer/PostgresUpdater.php +1112; includes/installer/PostgresUpdater.php +1108)" source="SecurityCheck-SQLInjection"/>
    <error line="1135" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \PostgresUpdater::changeFkeyDeferrable that outputs using tainted argument $command. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/installer/PostgresUpdater.php +1134; includes/installer/PostgresUpdater.php +1131)" source="SecurityCheck-SQLInjection"/>
    <error line="1144" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \PostgresUpdater::changeFkeyDeferrable that outputs using tainted argument $command. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/installer/PostgresUpdater.php +1134; includes/installer/PostgresUpdater.php +1131; includes/installer/PostgresUpdater.php +1141; includes/installer/PostgresUpdater.php +1133; includes/installer/PostgresUpdater.php +1131)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="includes/installer/WebInstallerOptions.php">
    <error line="217" severity="warning" message="Calling method \Message::rawParams() in \WebInstallerOptions::execute that outputs using tainted argument $ext. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/installer/WebInstallerOptions.php +160; includes/installer/WebInstallerOptions.php +175) (Param is raw)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/jobqueue/utils/BacklinkJobUtils.php">
    <error line="102" severity="error" message="Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument $[arg #1]. (Caused by: includes/cache/BacklinkCache.php +441) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)" source="SecurityCheck-SQLInjection"/>
    <error line="112" severity="error" message="Calling method \BacklinkCache::getLinks() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument $[arg #1]. (Caused by: includes/cache/BacklinkCache.php +172) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="includes/libs/rdbms/database/DatabasePostgres.php">
    <error line="835" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \Wikimedia\Rdbms\DatabasePostgres::resetSequencesForTable that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/libs/rdbms/database/DatabasePostgres.php +831)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="includes/libs/rdbms/database/DatabaseSqlite.php">
    <error line="1026" severity="error" message="Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Wikimedia\Rdbms\DatabaseSqlite::duplicateTableStructure that outputs using tainted argument $sql. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/libs/rdbms/database/DatabaseSqlite.php +1009; includes/libs/rdbms/database/DatabaseSqlite.php +1022)" source="SecurityCheck-SQLInjection"/>
    <error line="1052" severity="error" message="Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Wikimedia\Rdbms\DatabaseSqlite::duplicateTableStructure that outputs using tainted argument $sql. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/libs/rdbms/database/DatabaseSqlite.php +1042; includes/libs/rdbms/database/DatabaseSqlite.php +1041; includes/Storage/NameTableStore.php +384; includes/libs/rdbms/database/DatabaseSqlite.php +607; includes/libs/rdbms/database/DatabaseSqlite...)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="includes/logging/LogFormatter.php">
    <error line="255" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="260" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="273" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="277" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="304" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="310" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="314" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="320" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="335" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="348" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="353" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="372" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="376" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="383" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="406" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $duration. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +400) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="406" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="410" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="421" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $duration. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +414) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="421" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="430" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="434" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/logging/LogPage.php">
    <error line="250" severity="warning" message="Calling method \Message::rawParams() in \LogPage::actionText that outputs using tainted argument $titleLink. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogPage.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/page/ImagePage.php">
    <error line="165" severity="warning" message="Calling method \OutputPage::addHTML() in \ImagePage::view that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/page/ImagePage.php +733; includes/page/ImagePage.php +709)" source="SecurityCheck-XSS"/>
    <error line="510" severity="warning" message="Calling method \Message::rawParams() in \ImagePage::openShowImage that outputs using tainted argument $select. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/page/ImagePage.php +502) (Param is raw)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/parser/Parser.php">
    <error line="3511" severity="warning" message="Calling method \Parser::insertStripItem() in \Parser::braceSubstitution that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1230)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/preferences/DefaultPreferencesFactory.php">
    <error line="379" severity="warning" message="Calling method \Message::rawParams() in \MediaWiki\Preferences\DefaultPreferencesFactory::profilePreferences that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/preferences/DefaultPreferencesFactory.php +364; includes/preferences/DefaultPreferencesFactory.php +350; includes/preferences/DefaultPreferencesFactory.php +372) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="379" severity="warning" message="Calling method \Message::rawParams() in \MediaWiki\Preferences\DefaultPreferencesFactory::profilePreferences that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/preferences/DefaultPreferencesFactory.php +365; includes/preferences/DefaultPreferencesFactory.php +351; includes/preferences/DefaultPreferencesFactory.php +373) (Param is raw)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/resourceloader/ResourceLoader.php">
    <error line="917" severity="warning" message="Echoing expression that was not html escaped (Caused by: includes/resourceloader/ResourceLoader.php +870; includes/resourceloader/ResourceLoader.php +902)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/specials/SpecialContributions.php">
    <error line="579" severity="warning" message="HTMLForm option label needs escaping (for value 'associated') (Caused by: Builtin-\Message::text; includes/language/Message.php +952)" source="SecurityCheck-XSS"/>
    <error line="579" severity="warning" message="HTMLForm option label needs escaping (for value 'nsInvert') (Caused by: Builtin-\Message::text; includes/language/Message.php +952)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/specials/SpecialUserrights.php">
    <error line="677" severity="warning" message="Calling method \Message::rawParams() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/specials/SpecialUserrights.php +654; includes/specials/SpecialUserrights.php +650; includes/specials/SpecialUserrights.php +657; includes/specials/SpecialUserrights.php +650) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="677" severity="warning" message="Calling method \Message::rawParams() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/specials/SpecialUserrights.php +655; includes/specials/SpecialUserrights.php +651; includes/specials/SpecialUserrights.php +658; includes/specials/SpecialUserrights.php +651) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="682" severity="warning" message="Calling method \Message::rawParams() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/specials/SpecialUserrights.php +670) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="682" severity="warning" message="Calling method \Message::rawParams() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/specials/SpecialUserrights.php +671) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="757" severity="warning" message="Calling method \OutputPage::addHTML() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialUserrights.php +691; includes/specials/SpecialUserrights.php +695; includes/specials/SpecialUserrights.php +677; includes/specials/SpecialUserrights.php +704; includes/specials/SpecialUserrights.php +700; includes/specials/S...  includes/specials/SpecialUserrights.php +724)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/specials/SpecialVersion.php">
    <error line="153" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialVersion::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialVersion.php +495; includes/specials/SpecialVersion.php +483; includes/specials/SpecialVersion.php +491; includes/specials/SpecialVersion.php +493; includes/specials/SpecialVersion.php +469; includes/specials/SpecialVersion.php +436; includes/specials/SpecialVersion.php +460; includes/specials/SpecialVersion.php +465; includes/specials/SpecialVersion.php +467; includes/specials/SpecialVersion.php +600; includes/specials/SpecialVersion.php +642; includes/specials/SpecialVersion.php +671)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/specials/forms/UploadForm.php">
    <error line="139" severity="warning" message="HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php +263)" source="SecurityCheck-XSS"/>
    <error line="306" severity="warning" message="HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php +263)" source="SecurityCheck-XSS"/>
  </file>
  <file name="maintenance/convertExtensionToRegistration.php">
    <error line="87" severity="warning" message="Argument to require, include or eval is user controlled (Caused by: maintenance/convertExtensionToRegistration.php +83)" source="SecurityCheck-OTHER"/>
  </file>
  <file name="maintenance/convertLinks.php">
    <error line="226" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \ConvertLinks::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/convertLinks.php +214; maintenance/convertLinks.php +210; maintenance/convertLinks.php +157; maintenance/convertLinks.php +206; maintenance/convertLinks.php +209; maintenance/convertLinks.php +162; includes/installer/MysqlUpdater.php +61...)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/fixTimestamps.php">
    <error line="54" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \FixTimestamps::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/fixTimestamps.php +48; maintenance/fixTimestamps.php +47)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/generateJsonI18n.php">
    <error line="71" severity="warning" message="Calling method \GenerateJsonI18n::transformI18nFile() in \GenerateJsonI18n::execute that outputs using tainted argument $phpfile. (Caused by: maintenance/generateJsonI18n.php +113) (Caused by: maintenance/generateJsonI18n.php +51; maintenance/generateJsonI18n.php +60; maintenance/generateJsonI18n.php +53)" source="SecurityCheck-OTHER"/>
    <error line="91" severity="warning" message="Calling method \GenerateJsonI18n::transformI18nFile() in \GenerateJsonI18n::execute that outputs using tainted argument $phpfile. (Caused by: maintenance/generateJsonI18n.php +113) (Caused by: maintenance/generateJsonI18n.php +51; maintenance/generateJsonI18n.php +60; maintenance/generateJsonI18n.php +53)" source="SecurityCheck-OTHER"/>
  </file>
  <file name="maintenance/includes/MigrateActors.php">
    <error line="316" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::update() in \MigrateActors::migrate that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::update) (Caused by: maintenance/includes/MigrateActors.php +306)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/mergeMessageFileList.php">
    <error line="170" severity="warning" message="Argument to require, include or eval is user controlled (Caused by: maintenance/mergeMessageFileList.php +159)" source="SecurityCheck-OTHER"/>
  </file>
  <file name="maintenance/migrateComments.php">
    <error line="105" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::insert() in \MigrateComments::loadCommentIDs that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::insert) (Caused by: maintenance/migrateComments.php +73)" source="SecurityCheck-SQLInjection"/>
    <error line="105" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::insert() in \MigrateComments::loadCommentIDs that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::insert) (Caused by: maintenance/migrateComments.php +73; maintenance/migrateComments.php +169; maintenance/migrateComments.php +97; maintenance/migrateComments.php +263; maintenance/migrateComments.php +97; maintenance/migrateComments.php +265; maintenance/migrateComme...)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/nukeNS.php">
    <error line="62" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukeNS::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukeNS.php +54)" source="SecurityCheck-SQLInjection"/>
    <error line="72" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukeNS::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukeNS.php +69)" source="SecurityCheck-SQLInjection"/>
    <error line="88" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukeNS::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukeNS.php +69)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/nukePage.php">
    <error line="63" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukePage::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukePage.php +56)" source="SecurityCheck-SQLInjection"/>
    <error line="74" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukePage::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukePage.php +56)" source="SecurityCheck-SQLInjection"/>
    <error line="77" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukePage::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukePage.php +56)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/populateContentModel.php">
    <error line="61" severity="error" message="Calling method \PopulateContentModel::populateRevisionOrArchive() in \PopulateContentModel::execute that outputs using tainted argument $table. (Caused by: maintenance/populateContentModel.php +229) (Caused by: maintenance/populateContentModel.php +57)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/populateContentTables.php">
    <error line="217" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::select() in \PopulateContentTables::populateTable that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::select) (Caused by: maintenance/populateContentTables.php +216; maintenance/populateContentTables.php +215; maintenance/populateContentTables.php +199)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/recountCategories.php">
    <error line="126" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues() in \RecountCategories::doWork that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues) (Caused by: maintenance/recountCategories.php +117; maintenance/recountCategories.php +82)" source="SecurityCheck-SQLInjection"/>
    <error line="126" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues() in \RecountCategories::doWork that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues) (Caused by: maintenance/recountCategories.php +117; maintenance/recountCategories.php +82; maintenance/recountCategories.php +145)" source="SecurityCheck-SQLInjection"/>
    <error line="161" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::update() in \RecountCategories::doWork that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::update) (Caused by: includes/jobqueue/JobQueueDB.php +643; maintenance/recountCategories.php +160; maintenance/recountCategories.php +82)" source="SecurityCheck-SQLInjection"/>
    <error line="161" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::update() in \RecountCategories::doWork that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::update) (Caused by: maintenance/recountCategories.php +82; includes/jobqueue/JobQueueDB.php +643; maintenance/recountCategories.php +160; maintenance/recountCategories.php +160)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/refreshExternallinksIndex.php">
    <error line="73" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RefreshExternallinksIndex::doDBUpdates that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance/refreshExternallinksIndex.php +71; maintenance/populateContentTables.php +199; maintenance/refreshExternallinksIndex.php +59)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/runBatchedQuery.php">
    <error line="80" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RunBatchedQuery::execute that outputs using tainted argument $key. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance/runBatchedQuery.php +51)" source="SecurityCheck-SQLInjection"/>
    <error line="80" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RunBatchedQuery::execute that outputs using tainted argument $table. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance/runBatchedQuery.php +50)" source="SecurityCheck-SQLInjection"/>
    <error line="81" severity="error" message="ORDER BY clause is user controlled (Caused by: maintenance/runBatchedQuery.php +51) (Originally at: maintenance/runBatchedQuery.php:80)" source="SecurityCheck-SQLInjection"/>
    <error line="97" severity="error" message="IDatabase::makeList with LIST_AND, LIST_OR or LIST_SET must sql escape string key names and values of numeric keys (Caused by: maintenance/runBatchedQuery.php +87; maintenance/runBatchedQuery.php +92)" source="SecurityCheck-SQLInjection"/>
    <error line="99" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \RunBatchedQuery::execute that outputs using tainted argument $query. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/runBatchedQuery.php +95; maintenance/runBatchedQuery.php +52)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/runScript.php">
    <error line="64" severity="warning" message="Argument to require, include or eval is user controlled (Caused by: maintenance/runScript.php +57)" source="SecurityCheck-OTHER"/>
  </file>
  <file name="maintenance/sql.php">
    <error line="112" severity="error" message="Calling method \MwSql::sqlDoQuery() in \MwSql::execute that outputs using tainted argument $query. (Caused by: maintenance/sql.php +174) (Caused by: maintenance/sql.php +111)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/sqlite.inc">
    <error line="80" severity="error" message="Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Sqlite::checkSqlSyntax that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/Storage/NameTableStore.php +384; includes/libs/rdbms/database/DatabaseSqlite.php +607; includes/libs/rdbms/database/DatabaseSqlite.php +783; includes/libs/rdbms/database/DatabaseSqlite.php +1030; includes/libs/rdbms/database/DatabaseSqlite....)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/storage/compressOld.php">
    <error line="328" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \CompressOld::compressWithConcat that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: includes/resourceloader/ResourceLoaderWikiModule.php +440; maintenance/checkBadRedirects.php +49; maintenance/deleteOldRevisions.php +64; maintenance/orphans.php +160; includes/CategoryFinder.php +216; includes/CategoryFinder.php +248; includes/api/ApiQueryInfo.php +755; includes/api/ApiQueryAllPages.php +217; includes/api/ApiQueryAllPages.php +226; includes/api/ApiQueryBacklinks.php +182; includes/api/ApiQueryBac...)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/uppercaseTitlesForUnicodeTransition.php">
    <error line="153" severity="warning" message="Argument to require, include or eval is user controlled (Caused by: maintenance/uppercaseTitlesForUnicodeTransition.php +146)" source="SecurityCheck-OTHER"/>
  </file>
</checkstyle>

Change 589891 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/core@master] maintenance: Add @return-taint none to getArg and getOption

https://gerrit.wikimedia.org/r/589891

Change 589891 merged by jenkins-bot:
[mediawiki/core@master] maintenance: Add @return-taint none to getArg and getOption

https://gerrit.wikimedia.org/r/589891

It is possible that the new version of taint check taking mixed different as before? I seeing some false positive where mixed return type of functions seems to be involved.

<file name="maintenance\refreshExternallinksIndex.php">
  <error line="76" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RefreshExternallinksIndex::doDBUpdates that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance\refreshExternallinksIndex.php +74; maintenance\populateContentTables.php +199; maintenance\refreshExternallinksIndex.php +61)" source="SecurityCheck-SQLInjection"/>
</file>
		$start = $minmax->min - 1;
		$last = $minmax->max;
		$lbFactory = MediaWikiServices::getInstance()->getDBLoadBalancerFactory();
		while ( $start < $last ) {
			$end = min( $start + $this->mBatchSize, $last );      // <!-- php.net document min() as mixed return type - I hope that phan can see that this would return always an int as real type
			$this->output( "el_id $start - $end of $last\n" );
			$res = $dbw->select( 'externallinks', [ 'el_id', 'el_to', 'el_index' ],
				[
					"el_id > $start",
					"el_id <= $end",
				],
				__METHOD__,
				[ 'ORDER BY' => 'el_id' ]
			);

Or it is a issue with objects as $minmax is a object with two int fields.

<file name="includes\specials\pagers\ImageListPager.php">
  <error line="503" severity="warning" message="Calling method \MediaWiki\Linker\LinkRenderer::makeLink() in \ImageListPager::formatValue that outputs using tainted argument $name. (Caused by: Builtin-\MediaWiki\Linker\LinkRenderer::makeLink) (Caused by: includes\specials\pagers\ImageListPager.php +502)" source="SecurityCheck-DoubleEscaped"/>
</file>
					$name = User::whoIs( $this->mCurrentRow->img_user );
					$link = $linkRenderer->makeLink(
						Title::makeTitle( NS_USER, $name ),
						$name
					);

The $name seems save and correct as there is no escaping involved. User::whoIs takes it data from UserCache::getProp which is documented as mixed

Change 595234 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Avoid reuse of local variable in RevisionStore

https://gerrit.wikimedia.org/r/595234

Change 595237 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Use db abstraction layer in nukePage and nukeNS maintenance script

https://gerrit.wikimedia.org/r/595237

It is possible that the new version of taint check taking mixed different as before? I seeing some false positive where mixed return type of functions seems to be involved.

Not in taint-check directly, as it doesn't care about types, except for a very small part.

The call to min() isn't clearing the taint from its arguments, and that's indeed because the function returns mixed. Taint-check handles internal funcs that return min as if they just preserve the taint of the arguments, and that's what it does here. However, it's always been like this AFAIK.

The $name seems save and correct as there is no escaping involved.

I can't tell for sure. Taint-check does have several false positives, but it also analyzes things very deeply, and lots of times I have found it to be right even when it didn't seem so at first.

User::whoIs takes it data from UserCache::getProp which is documented as mixed

It might or might not be related. Unlike built-in PHP functions, method are analyzed thoroughly, and the return type only plays a tiny part.


As a side note, I suggest not to worry about taint-check issues for core. Many of those are false positives, and I'm focusing on them for the next release.

It is possible that the new version of taint check taking mixed different as before? I seeing some false positive where mixed return type of functions seems to be involved.

Not in taint-check directly, as it doesn't care about types, except for a very small part.

The call to min() isn't clearing the taint from its arguments, and that's indeed because the function returns mixed. Taint-check handles internal funcs that return min as if they just preserve the taint of the arguments, and that's what it does here. However, it's always been like this AFAIK.

But than it takes the taint of the arguments of min() different as in release before, but that looks all like int for me. Maybe needs a deeper check.

The $name seems save and correct as there is no escaping involved.

I can't tell for sure. Taint-check does have several false positives, but it also analyzes things very deeply, and lots of times I have found it to be right even when it didn't seem so at first.

User::whoIs takes it data from UserCache::getProp which is documented as mixed

It might or might not be related. Unlike built-in PHP functions, method are analyzed thoroughly, and the return type only plays a tiny part.

It seems that all user names are unsafe as seeing many places with users from the UserCache or from User::getName, very confusing. Seems also needs a deeper check.


As a side note, I suggest not to worry about taint-check issues for core. Many of those are false positives, and I'm focusing on them for the next release.

Not all, I just looking around and try to fix some of them.

It is possible that the new version of taint check taking mixed different as before? I seeing some false positive where mixed return type of functions seems to be involved.

Not in taint-check directly, as it doesn't care about types, except for a very small part.

The call to min() isn't clearing the taint from its arguments, and that's indeed because the function returns mixed. Taint-check handles internal funcs that return min as if they just preserve the taint of the arguments, and that's what it does here. However, it's always been like this AFAIK.

But than it takes the taint of the arguments of min() different as in release before

This is possible, but the current is intended behaviour.

, but that looks all like int for me. Maybe needs a deeper check.

Phan hardcodes min() as returning mixed, there's nothing we can do about that -- except add a special case, like "if all arguments to min() are integers, then the return value is an integer", but that should really live inside phan, not taint-check. There's no other "deeper check" that would work, take the following:

$min = min( ['<script>alert()</script>'], [42]);
echo $min[0];

It seems that all user names are unsafe as seeing many places with users from the UserCache or from User::getName, very confusing. Seems also needs a deeper check.

User names *are* unsafe, so nothing wrong here.

As a side note, I suggest not to worry about taint-check issues for core. Many of those are false positives, and I'm focusing on them for the next release.

Not all, I just looking around and try to fix some of them.

Yeah, I was just suggesting to wait for a release or two, because many issues are false positives, and there are many other false negatives that still don't show up.

It seems that all user names are unsafe as seeing many places with users from the UserCache or from User::getName, very confusing. Seems also needs a deeper check.

User names *are* unsafe, so nothing wrong here.

It seems is the other way round. User names are treated as safe and using it in places where escaping is known (as LinkRenderer::makeLink as second argument) it is reported as DoubleEscaped.
Also pass an user name to wfEscapeWikiText reports DoubleEscaped

It seems that all user names are unsafe as seeing many places with users from the UserCache or from User::getName, very confusing. Seems also needs a deeper check.

User names *are* unsafe, so nothing wrong here.

It seems is the other way round. User names are treated as safe and using it in places where escaping is known (as LinkRenderer::makeLink as second argument) it is reported as DoubleEscaped.
Also pass an user name to wfEscapeWikiText reports DoubleEscaped

Taint for User::mName is polluted by Wikimedia\IPUtils::sanitizeIP.
When comment out that statement in User::getName then many issues go away (including the one listed above from ImageListPager)

Change 595255 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Improve some message escaping on special pages

https://gerrit.wikimedia.org/r/595255

Change 595234 merged by jenkins-bot:
[mediawiki/core@master] Avoid reuse of local variable in RevisionStore

https://gerrit.wikimedia.org/r/595234

Change 595237 merged by jenkins-bot:
[mediawiki/core@master] Use db abstraction layer in nukePage and nukeNS maintenance script

https://gerrit.wikimedia.org/r/595237

Change 595255 abandoned by Umherirrender:
[mediawiki/core@master] Improve some message escaping on special pages

Reason:
Outdated and seems unneeded/unwanted

https://gerrit.wikimedia.org/r/595255

With mw-phan 0.10.4 we have 157 errors, 100 of which are DoubleEscaped:

phan 0.10.4
13:49:09 includes/AjaxDispatcher.php:112 UnusedSuppression Element \AjaxDispatcher::performAction suppresses issue SecurityCheck-XSS but does not use it
13:49:09 includes/CategoryViewer.php:193 SecurityCheck-DoubleEscaped Calling method \CategoryViewer::generateLink() in \CategoryViewer::addSubcategoryObject that outputs using tainted argument $[arg #4]. (Caused by: includes/CategoryViewer.php +212)
13:49:09 includes/GlobalFunctions.php:913 PhanRedundantCondition Redundant attempt to cast $wgDebugRawPage of type true to truthy
13:49:09 includes/GlobalFunctions.php:1310 PhanRedundantCondition Redundant attempt to cast $wgShowHostnames of type true to truthy
13:49:09 includes/OutputPage.php:2607 SecurityCheck-XSS Echoing expression that was not html escaped (Caused by: includes/OutputPage.php +1631; includes/OutputPage.php +1609; includes/OutputPage.php +1618; includes/OutputPage.php +2607; includes/OutputPage.php +2699; includes/OutputPage.php +4063; includes/OutputPage.php +2889; includes/OutputPage.php +2777; i...)
13:49:09 includes/actions/RawAction.php:127 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \RawAction::onView that outputs using tainted argument $msg. (Caused by: includes/exception/HttpError.php +125) (Caused by: includes/actions/RawAction.php +126)
13:49:09 includes/actions/RawAction.php:152 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \RawAction::onView that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php +125) (Caused by: includes/GlobalFunctions.php +1228)
13:49:09 includes/api/ApiCSPReport.php:190 SecurityCheck-DoubleEscaped Calling method \ApiCSPReport::error() in \ApiCSPReport::getReport that outputs using tainted argument $msg. (Caused by: includes/api/ApiCSPReport.php +254) (Caused by: includes/api/ApiCSPReport.php +186)
13:49:09 includes/api/ApiFormatPhp.php:36 UnusedSuppression Element \ApiFormatPhp::execute suppresses issue SecurityCheck-XSS but does not use it
13:49:09 includes/api/ApiHelp.php:311 SecurityCheck-DoubleEscaped Calling method \Html::element() in \ApiHelp::getHelpInternal that outputs using tainted argument $headerContent. (Caused by: Builtin-\Html::element) (Caused by: includes/api/ApiHelp.php +278; includes/api/ApiHelp.php +287)
13:49:09 includes/api/ApiTokens.php:42 PhanParamTooManyCallable Call with 1 arg(s) to Closure() (As a provided callable) which only takes 0 arg(s) defined at includes/api/ApiTokens.php:78
13:49:09 includes/config/EtcdConfig.php:110 PhanTypeArraySuspiciousNullable Suspicious array access to $this->procCache of nullable type array|null
13:49:09 includes/config/EtcdConfig.php:116 PhanTypeArraySuspiciousNullable Suspicious array access to $this->procCache of nullable type array|null
13:49:09 includes/config/EtcdConfig.php:125 PhanTypeArraySuspiciousNullable Suspicious array access to $this->procCache of nullable type array|array<string,non-empty-mixed>|null
13:49:09 includes/exception/HttpError.php:125 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \HttpError::getHTML that outputs using tainted argument $[arg #1]. (Caused by: includes/exception/HttpError.php +125; includes/actions/RawAction.php +127)
13:49:09 includes/exception/HttpError.php:125 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \HttpError::getHTML that outputs using tainted argument $[arg #1]. (Caused by: includes/exception/HttpError.php +125; includes/actions/RawAction.php +127; includes/actions/RawAction.php +152; includes/linkeddata/PageDataRequestHandler.php +76; includes/linkeddata/PageDataRequestHandler.php +93; includes/linkeddata/PageDataRequ...)
13:49:09 includes/exception/MWException.php:115 PhanRedundantCondition Redundant attempt to cast $wgShowExceptionDetails of type true to truthy
13:49:09 includes/exception/MWException.php:152 PhanRedundantCondition Redundant attempt to cast $wgShowExceptionDetails of type true to truthy
13:49:09 includes/export/WikiExporter.php:601 SecurityCheck-XSS Calling method \DumpOutput::writeLogItem() in \WikiExporter::outputLogStream that outputs using tainted argument $output. (Caused by: includes/export/DumpOutput.php +73) (Caused by: includes/export/WikiExporter.php +600)
13:49:09 includes/htmlform/fields/HTMLFormFieldCloner.php:400 SecurityCheck-DoubleEscaped Calling method \Html::rawElement() in \HTMLFormFieldCloner::getInputHTML that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::rawElement) (Caused by: includes/htmlform/fields/HTMLFormFieldCloner.php +399)
13:49:09 includes/htmlform/fields/HTMLFormFieldCloner.php:472 SecurityCheck-DoubleEscaped Calling method \Html::rawElement() in \HTMLFormFieldCloner::getInputOOUI that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::rawElement) (Caused by: includes/htmlform/fields/HTMLFormFieldCloner.php +471)
13:49:09 includes/installer/CliInstaller.php:246 SecurityCheck-XSS Echoing expression that was not html escaped (Caused by: includes/installer/CliInstaller.php +266)
13:49:09 includes/installer/CliInstaller.php:251 SecurityCheck-XSS Echoing expression that was not html escaped (Caused by: includes/installer/CliInstaller.php +266)
13:49:09 includes/installer/DatabaseInstaller.php:688 SecurityCheck-DoubleEscaped Calling method \DatabaseInstaller::getPasswordBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +589) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/DatabaseInstaller.php:688 SecurityCheck-DoubleEscaped Calling method \DatabaseInstaller::getTextBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +562) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/DatabaseInstaller.php:690 SecurityCheck-DoubleEscaped Calling method \DatabaseInstaller::getTextBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +562) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/DatabaseInstaller.php:696 SecurityCheck-DoubleEscaped Calling method \DatabaseInstaller::getPasswordBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +589) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/Installer.php:1534 UnusedSuppression Element \Installer::includeExtensions suppresses issue SecurityCheck-OTHER but does not use it
13:49:09 includes/installer/Installer.php:1566 UnusedSuppression Element \Installer::getAutoExtensionLegacyHooks suppresses issue SecurityCheck-OTHER but does not use it
13:49:09 includes/installer/MysqlInstaller.php:82 SecurityCheck-DoubleEscaped Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/MysqlInstaller.php:90 SecurityCheck-DoubleEscaped Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/MysqlInstaller.php:92 SecurityCheck-DoubleEscaped Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/PostgresInstaller.php:65 SecurityCheck-DoubleEscaped Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/PostgresInstaller.php:74 SecurityCheck-DoubleEscaped Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/PostgresInstaller.php:80 SecurityCheck-DoubleEscaped Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/SqliteInstaller.php:90 SecurityCheck-DoubleEscaped Calling method \SqliteInstaller::getTextBox() in \SqliteInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/SqliteInstaller.php:95 SecurityCheck-DoubleEscaped Calling method \SqliteInstaller::getTextBox() in \SqliteInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:58 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:58 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680; includes/installer/WebInstallerName.php +53; includes/installer/WebInstallerName.php +56)
13:49:09 includes/installer/WebInstallerName.php:58 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +958) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:58 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +793) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:59 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:59 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680; includes/installer/WebInstallerName.php +53; includes/installer/WebInstallerName.php +56)
13:49:09 includes/installer/WebInstallerName.php:59 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +958) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:59 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +793) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:67 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +958) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:82 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +793) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:95 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +793) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:103 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:108 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680; includes/installer/WebInstallerName.php +53; includes/installer/WebInstallerName.php +56)
13:49:09 includes/installer/WebInstallerOptions.php:117 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getRadioElements() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +1015) (Caused by: includes/installer/WebInstallerOptions.php +114; includes/installer/WebInstallerOptions.php +113)
13:49:09 includes/installer/WebInstallerOptions.php:126 SecurityCheck-DoubleEscaped Calling method \WebInstallerOptions::makeScreenshotsLink() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #2]. (Caused by: includes/installer/WebInstallerOptions.php +353) (Caused by: includes/installer/WebInstallerOptions.php +124)
13:49:09 includes/installer/WebInstallerOptions.php:128 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \WebInstallerOptions::execute that outputs using tainted argument $skin. (Caused by: includes/installer/WebInstallerOptions.php +124)
13:49:09 includes/installer/WebInstallerOptions.php:130 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstallerOptions.php +126; includes/installer/WebInstallerOptions.php +128; includes/installer/WebInstallerOptions.php +124)
13:49:09 includes/installer/WebInstallerOptions.php:131 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstallerOptions.php +126; includes/installer/WebInstallerOptions.php +128; includes/installer/WebInstallerOptions.php +124)
13:49:09 includes/installer/WebInstallerOptions.php:132 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstallerOptions.php +126; includes/installer/WebInstallerOptions.php +128; includes/installer/WebInstallerOptions.php +124)
13:49:09 includes/installer/WebInstallerOptions.php:178 SecurityCheck-DoubleEscaped Calling method \Html::element() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::element) (Caused by: includes/installer/WebInstallerOptions.php +124; includes/installer/WebInstallerOptions.php +124; includes/installer/WebInstallerOptions.php +160; includes/installer/WebInstallerOptions.php +175)
13:49:09 includes/installer/WebInstallerOptions.php:200 SecurityCheck-DoubleEscaped Calling method \Html::element() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::element) (Caused by: includes/installer/WebInstallerOptions.php +199)
13:49:09 includes/installer/WebInstallerOptions.php:200 SecurityCheck-DoubleEscaped Calling method \Html::element() in \WebInstallerOptions::execute that outputs using tainted argument $name. (Caused by: Builtin-\Html::element) (Caused by: includes/installer/WebInstallerOptions.php +199)
13:49:09 includes/installer/WebInstallerOptions.php:209 SecurityCheck-DoubleEscaped Calling method \Html::element() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::element) (Caused by: includes/installer/WebInstallerOptions.php +199; includes/installer/WebInstallerOptions.php +208)
13:49:09 includes/installer/WebInstallerOptions.php:209 SecurityCheck-DoubleEscaped Calling method \Html::element() in \WebInstallerOptions::execute that outputs using tainted argument $name. (Caused by: Builtin-\Html::element) (Caused by: includes/installer/WebInstallerOptions.php +199; includes/installer/WebInstallerOptions.php +208)
13:49:09 includes/installer/WebInstallerOptions.php:217 SecurityCheck-XSS Calling method \Message::rawParams() in \WebInstallerOptions::execute that outputs using tainted argument $ext. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/installer/WebInstallerOptions.php +160; includes/installer/WebInstallerOptions.php +175) (Param is raw)
13:49:09 includes/installer/WebInstallerOptions.php:223 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstallerOptions.php +180; includes/installer/WebInstallerOptions.php +160; includes/installer/WebInstallerOptions.php +175; includes/installer/WebInstallerOptions.php +217; includes/installer/WebInstallerOptions.php +221; includes/installer/WebInstallerOptions.php +160; includes/installer/WebInstallerOptions.php +175; includes/installer/WebInstallerOptions.php +160; includes/installer/WebInstallerOptions.php +175)
13:49:09 includes/installer/WebInstallerOptions.php:236 SecurityCheck-DoubleEscaped Calling method \Xml::encodeJsVar() in \WebInstallerOptions::execute that outputs using tainted argument $dependencyMap. (Caused by: Builtin-\Xml::encodeJsVar) (Caused by: includes/installer/WebInstallerOptions.php +187; includes/installer/WebInstallerOptions.php +124; includes/installer/WebInstallerOptions.php +124; includes/installer/WebInstallerOptions.php +160; includes/installer/WebInstallerOptions.php +175; incl...)
13:49:09 includes/installer/WebInstallerOptions.php:237 SecurityCheck-DoubleEscaped Calling method \Xml::encodeJsVar() in \WebInstallerOptions::execute that outputs using tainted argument $dependencyMap. (Caused by: Builtin-\Xml::encodeJsVar) (Caused by: includes/installer/WebInstallerOptions.php +187; includes/installer/WebInstallerOptions.php +124; includes/installer/WebInstallerOptions.php +124; includes/installer/WebInstallerOptions.php +160; includes/installer/WebInstallerOptions.php +175; incl...)
13:49:09 includes/installer/WebInstallerOptions.php:250 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:250 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +793) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:252 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:252 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +793) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:253 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:260 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +793) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:267 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +793) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:274 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:275 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:302 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +840) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:304 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +840) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:318 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +840) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/jobqueue/utils/BacklinkJobUtils.php:102 SecurityCheck-SQLInjection Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument $[arg #1]. (Caused by: includes/cache/BacklinkCache.php +443) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)
13:49:09 includes/language/Message.php:916 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \Message::__toString that outputs using tainted argument $[arg #1]. (Caused by: includes/language/Message.php +272)
13:49:09 includes/language/Message.php:916 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \Message::__toString that outputs using tainted argument $[arg #1]. (Caused by: includes/language/Message.php +272; includes/language/Message.php +1299; includes/language/Message.php +1290)
13:49:09 includes/language/Message.php:1377 SecurityCheck-DoubleEscaped Calling method \Message::extractParam() in \Message::formatListParam that outputs using tainted argument $[arg #1]. (Caused by: includes/language/Message.php +1190; includes/language/Message.php +1226)
13:49:09 includes/libs/rdbms/database/DatabaseSqlite.php:1030 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Wikimedia\Rdbms\DatabaseSqlite::duplicateTableStructure that outputs using tainted argument $sql. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/libs/rdbms/database/DatabaseSqlite.php +1013; includes/libs/rdbms/database/DatabaseSqlite.php +1026)
13:49:09 includes/libs/rdbms/database/DatabaseSqlite.php:1064 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Wikimedia\Rdbms\DatabaseSqlite::duplicateTableStructure that outputs using tainted argument $sql. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/libs/rdbms/database/DatabaseSqlite.php +1050; includes/libs/rdbms/database/DatabaseSqlite.php +1049; includes/Storage/NameTableStore.php +384; includes/libs/rdbms/database/DatabaseSqlite.php +606; includes/libs/rdbms/database/DatabaseSqlite...)
13:49:09 includes/libs/rdbms/database/resultwrapper/FakeResultWrapper.php:42 PhanTypeArraySuspiciousNullable Suspicious array access to $this->result of nullable type \stdClass[]|array[]|null
13:49:09 includes/libs/rdbms/lbfactory/LBFactory.php:455 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleConditionInLoop on this line but this suppression is unused or suppressed elsewhere
13:49:09 includes/libs/stats/BufferingStatsdDataFactory.php:79 PhanUndeclaredMethod Call to undeclared method \Liuggio\StatsdClient\Entity\StatsdDataInterface::setKey (Did you mean expr->getKey())
13:49:09 includes/libs/stats/BufferingStatsdDataFactory.php:82 PhanUndeclaredMethod Call to undeclared method \Liuggio\StatsdClient\Entity\StatsdDataInterface::setValue (Did you mean expr->getValue())
13:49:09 includes/libs/stats/BufferingStatsdDataFactory.php:85 PhanUndeclaredMethod Call to undeclared method \Liuggio\StatsdClient\Entity\StatsdDataInterface::setMetric (Did you mean expr->getMetric())
13:49:09 includes/linkeddata/PageDataRequestHandler.php:76 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php +125) (Caused by: includes/GlobalFunctions.php +1228)
13:49:09 includes/linkeddata/PageDataRequestHandler.php:93 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php +125) (Caused by: includes/GlobalFunctions.php +1228; includes/linkeddata/PageDataRequestHandler.php +85)
13:49:09 includes/linkeddata/PageDataRequestHandler.php:99 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php +125) (Caused by: includes/GlobalFunctions.php +1228; includes/linkeddata/PageDataRequestHandler.php +97)
13:49:09 includes/linkeddata/PageDataRequestHandler.php:150 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \PageDataRequestHandler::httpContentNegotiation that outputs using tainted argument $msg. (Caused by: includes/exception/HttpError.php +125) (Caused by: includes/linkeddata/PageDataRequestHandler.php +149)
13:49:09 includes/logging/BlockLogFormatter.php:98 SecurityCheck-XSS Calling method \Message::rawParams() in \BlockLogFormatter::getMessageParameters that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/BlockLogFormatter.php +82) (Param is raw)
13:49:09 includes/logging/BlockLogFormatter.php:104 SecurityCheck-XSS Calling method \Message::rawParams() in \BlockLogFormatter::getMessageParameters that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/BlockLogFormatter.php +87) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:263 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:268 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:281 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:285 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:308 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:314 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:318 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:324 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:339 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:352 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:357 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:376 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:380 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:387 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:410 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $duration. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +404) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:410 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:414 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:425 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $duration. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +418) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:425 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:434 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:438 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogPage.php:255 SecurityCheck-XSS Calling method \Message::rawParams() in \LogPage::actionText that outputs using tainted argument $titleLink. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogPage.php +252) (Param is raw)
13:49:09 includes/media/ExifBitmapHandler.php:75 SecurityCheck-DoubleEscaped Calling method \FormatMetadata::flattenArrayReal() in \ExifBitmapHandler::convertMetadataVersion that outputs using tainted argument $val. (Caused by: includes/media/FormatMetadata.php +1205) (Caused by: includes/media/ExifBitmapHandler.php +73)
13:49:09 includes/page/ImagePage.php:172 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \ImagePage::view that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/page/ImagePage.php +724; includes/page/ImagePage.php +700)
13:49:09 includes/page/ImagePage.php:449 SecurityCheck-DoubleEscaped Calling method \Linker::makeThumbLinkObj() in \ImagePage::openShowImage that outputs using tainted argument $link. (Caused by: includes/Linker.php +504) (Caused by: includes/page/ImagePage.php +443)
13:49:09 includes/page/ImagePage.php:469 SecurityCheck-DoubleEscaped Calling method \Linker::makeThumbLinkObj() in \ImagePage::openShowImage that outputs using tainted argument $link. (Caused by: includes/Linker.php +504) (Caused by: includes/page/ImagePage.php +463)
13:49:09 includes/parser/CoreTagHooks.php:58 UnusedSuppression Element \CoreTagHooks::pre suppresses issue SecurityCheck-XSS but does not use it
13:49:09 includes/parser/PPTemplateFrame_Hash.php:65 PhanTypeMismatchForeach float|int passed to foreach instead of array
13:49:09 includes/parser/Parser.php:3246 SecurityCheck-XSS Calling method \Parser::insertStripItem() in \Parser::braceSubstitution that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1304) (Caused by: includes/parser/Parser.php +2995; includes/parser/Parser.php +3089; includes/parser/Parser.php +2995; includes/parser/Parser.php +3191; includes/parser/Parser.php +3170; includes/parser/Parser.php +3080; includes/parser/Parser.php +3133; includes/pa...)
13:49:09 includes/parser/Parser.php:3249 SecurityCheck-DoubleEscaped Calling method \wfEscapeWikiText() in \Parser::braceSubstitution that outputs using tainted argument $text. (Caused by: includes/GlobalFunctions.php +1494) (Caused by: includes/parser/Parser.php +2995; includes/parser/Parser.php +3089; includes/parser/Parser.php +2995; includes/parser/Parser.php +3191; includes/parser/Parser.php +3170; includes/parser/Parser.php +3080; includes/parser/Parser.php +3133; includes/pa...)
13:49:09 includes/preferences/DefaultPreferencesFactory.php:806 SecurityCheck-XSS HTMLForm option label needs escaping (Maybe false positive as could not determine if it was key or value that is unescaped) (Caused by: includes/preferences/DefaultPreferencesFactory.php +803)
13:49:09 includes/resourceloader/ResourceLoader.php:1137 PhanRedundantCondition Redundant attempt to cast $wgShowExceptionDetails of type true to truthy
13:49:09 includes/skins/Skin.php:2028 UnusedSuppression Element \Skin::doEditSectionLink suppresses issue SecurityCheck-XSS but does not use it
13:49:09 includes/specials/SpecialChangeCredentials.php:179 SecurityCheck-DoubleEscaped Calling method \Html::element() in \SpecialChangeCredentials::getAuthForm that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/SpecialChangeCredentials.php +177)
13:49:09 includes/specials/SpecialChangeCredentials.php:180 SecurityCheck-DoubleEscaped Calling method \Html::element() in \SpecialChangeCredentials::getAuthForm that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/SpecialChangeCredentials.php +177)
13:49:09 includes/specials/SpecialChangeCredentials.php:182 SecurityCheck-DoubleEscaped Calling method \Html::element() in \SpecialChangeCredentials::getAuthForm that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/SpecialChangeCredentials.php +177)
13:49:09 includes/specials/SpecialChangeCredentials.php:184 SecurityCheck-DoubleEscaped Calling method \Html::element() in \SpecialChangeCredentials::getAuthForm that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/SpecialChangeCredentials.php +177)
13:49:09 includes/specials/SpecialChangeCredentials.php:237 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Linker\LinkRenderer::makeLink() in \SpecialChangeCredentials::showSubpageList that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\MediaWiki\Linker\LinkRenderer::makeLink) (Caused by: includes/specials/SpecialChangeCredentials.php +236)
13:49:09 includes/specials/SpecialChangeCredentials.php:238 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Linker\LinkRenderer::makeLink() in \SpecialChangeCredentials::showSubpageList that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\MediaWiki\Linker\LinkRenderer::makeLink) (Caused by: includes/specials/SpecialChangeCredentials.php +236)
13:49:09 includes/specials/SpecialExpandTemplates.php:149 SecurityCheck-DoubleEscaped Calling method \SpecialExpandTemplates::makeOutput() in \SpecialExpandTemplates::execute that outputs using tainted argument $rawhtml. (Caused by: includes/specials/SpecialExpandTemplates.php +246) (Caused by: includes/specials/SpecialExpandTemplates.php +147)
13:49:09 includes/specials/SpecialRecentChanges.php:502 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \SpecialRecentChanges::outputChangesList that outputs using tainted argument $rclistOutput. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialRecentChanges.php +443; includes/specials/SpecialRecentChanges.php +443; includes/specials/SpecialRecentChanges.php +443; includes/specials/SpecialRecentChanges.php +490; includes/specials/SpecialRecentChanges.php +494)
13:49:09 includes/specials/SpecialRecentChanges.php:538 SecurityCheck-DoubleEscaped Calling method \Xml::tags() in \SpecialRecentChanges::doHeader that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Xml::tags) (Caused by: includes/specials/SpecialRecentChanges.php +531)
13:49:09 includes/specials/SpecialRecentChanges.php:814 SecurityCheck-DoubleEscaped Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php +780)
13:49:09 includes/specials/SpecialRecentChanges.php:911 SecurityCheck-DoubleEscaped Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php +780) (Caused by: Builtin-\Message::parse; includes/language/Message.php +929)
13:49:09 includes/specials/SpecialRecentChanges.php:914 SecurityCheck-DoubleEscaped Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php +780) (Caused by: Builtin-\Message::parse; includes/language/Message.php +929)
13:49:09 includes/specials/SpecialUndelete.php:1137 SecurityCheck-XSS Calling method \Message::rawParams() in \SpecialUndelete::formatRevisionRow that outputs using tainted argument $pageLink. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/specials/SpecialUndelete.php +1088; includes/specials/SpecialUndelete.php +1091; includes/specials/SpecialUndelete.php +1103; includes/specials/SpecialUndelete.php +1107) (Param is raw)
13:49:09 includes/specials/SpecialUserrights.php:776 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialUserrights.php +710; includes/specials/SpecialUserrights.php +714; includes/specials/SpecialUserrights.php +696; includes/specials/SpecialUserrights.php +723; includes/specials/SpecialUserrights.php +719; includes/specials/S...  includes/specials/SpecialUserrights.php +743)
13:49:09 includes/specials/SpecialVersion.php:642 SecurityCheck-DoubleEscaped Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserTags that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +846) (Caused by: Builtin-\Message::parse; includes/language/Message.php +929)
13:49:09 includes/specials/SpecialVersion.php:648 SecurityCheck-DoubleEscaped Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserTags that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +846) (Caused by: Builtin-\Message::parse; includes/language/Message.php +929)
13:49:09 includes/specials/SpecialVersion.php:683 SecurityCheck-DoubleEscaped Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserFunctionHooks that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +846) (Caused by: Builtin-\Message::parse; includes/language/Message.php +929)
13:49:09 includes/specials/SpecialVersion.php:689 SecurityCheck-DoubleEscaped Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserFunctionHooks that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +846) (Caused by: Builtin-\Message::parse; includes/language/Message.php +929)
13:49:09 includes/specials/SpecialVersion.php:839 SecurityCheck-DoubleEscaped Calling method \Linker::makeExternalLink() in \SpecialVersion::getCreditsForExtension that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +846)
13:49:09 includes/specials/SpecialWatchlist.php:603 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \SpecialWatchlist::outputChangesList that outputs using tainted argument $s. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialWatchlist.php +558; includes/specials/SpecialWatchlist.php +558; includes/specials/SpecialWatchlist.php +558; includes/specials/SpecialWatchlist.php +598; includes/specials/SpecialWatchlist.php +601)
13:49:09 includes/specials/SpecialWatchlist.php:764 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \SpecialWatchlist::doHeader that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: Builtin-\Html::rawElement; Builtin-\Html::rawElement; Builtin-\Html::rawElement; Builtin-\Html::rawElement; includes/api/ApiFormatBase.php +276; includes/api/ApiFormatBase.php +283; includes/EditPage.php +3660; includes/EditPage.php +3020; includes/EditPage.php +3170; includes/EditPage.php +3173; includes/page/ImagePage.php +932...  includes/specials/SpecialWatchlist.php +748; includes/specials/SpecialWatchlist.php +628; includes/specials/SpecialWatchlist.php +633; includes/specials/SpecialWatchlist.php +634; includes/specials/SpecialWatchlist.php +638; includes/specials/SpecialWatchlist.php +628; includes/specials/Specia...)
13:49:09 includes/specials/SpecialWatchlist.php:776 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \SpecialWatchlist::doHeader that outputs using tainted argument $form. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialWatchlist.php +628; includes/specials/SpecialWatchlist.php +633; includes/specials/SpecialWatchlist.php +634; includes/specials/SpecialWatchlist.php +638; includes/specials/SpecialWatchlist.php +628; includes/specials/Specia...)
13:49:09 includes/specials/SpecialWhatLinksHere.php:444 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::wlhLink() in \SpecialWhatLinksHere::listItem that outputs using tainted argument $[arg #2]. (Caused by: includes/specials/SpecialWhatLinksHere.php +473) (Caused by: includes/specials/SpecialWhatLinksHere.php +400)
13:49:09 includes/specials/SpecialWhatLinksHere.php:444 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::wlhLink() in \SpecialWhatLinksHere::listItem that outputs using tainted argument $[arg #3]. (Caused by: includes/specials/SpecialWhatLinksHere.php +493) (Caused by: includes/specials/SpecialWhatLinksHere.php +400)
13:49:09 includes/specials/SpecialWhatLinksHere.php:528 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $prev. (Caused by: includes/specials/SpecialWhatLinksHere.php +510) (Caused by: includes/specials/SpecialWhatLinksHere.php +520)
13:49:09 includes/specials/SpecialWhatLinksHere.php:532 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $next. (Caused by: includes/specials/SpecialWhatLinksHere.php +510) (Caused by: includes/specials/SpecialWhatLinksHere.php +521)
13:49:09 includes/specials/SpecialWhatLinksHere.php:540 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $prettyLimit. (Caused by: includes/specials/SpecialWhatLinksHere.php +510) (Caused by: includes/specials/SpecialWhatLinksHere.php +538)
13:49:09 includes/specials/SpecialWhatLinksHere.php:634 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getFilterPanel that outputs using tainted argument $msg. (Caused by: includes/specials/SpecialWhatLinksHere.php +510) (Caused by: includes/specials/SpecialWhatLinksHere.php +632; includes/specials/SpecialWhatLinksHere.php +615; includes/specials/SpecialWhatLinksHere.php +616)
13:49:09 includes/specials/SpecialWhatLinksHere.php:635 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getFilterPanel that outputs using tainted argument $msg. (Caused by: includes/specials/SpecialWhatLinksHere.php +510) (Caused by: includes/specials/SpecialWhatLinksHere.php +632; includes/specials/SpecialWhatLinksHere.php +615; includes/specials/SpecialWhatLinksHere.php +616)
13:49:09 includes/specials/forms/UploadForm.php:177 SecurityCheck-XSS HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php +290)
13:49:09 includes/specials/forms/UploadForm.php:344 SecurityCheck-XSS HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php +290)
13:49:09 includes/specials/pagers/AllMessagesTablePager.php:301 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Linker\LinkRenderer::makeKnownLink() in \AllMessagesTablePager::formatValue that outputs using tainted argument $talkLink. (Caused by: Builtin-\MediaWiki\Linker\LinkRenderer::makeKnownLink) (Caused by: includes/specials/pagers/AllMessagesTablePager.php +291)
13:49:09 includes/specials/pagers/AllMessagesTablePager.php:303 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Linker\LinkRenderer::makeBrokenLink() in \AllMessagesTablePager::formatValue that outputs using tainted argument $talkLink. (Caused by: includes/linker/LinkRenderer.php +293) (Caused by: includes/specials/pagers/AllMessagesTablePager.php +291)
13:49:09 includes/specials/pagers/AllMessagesTablePager.php:339 SecurityCheck-DoubleEscaped Calling method \Html::element() in \AllMessagesTablePager::formatRow that outputs using tainted argument $formatted. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/pagers/AllMessagesTablePager.php +333)
13:49:09 includes/user/User.php:316 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:338 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:494 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:775 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleCondition on this line but this suppression is unused or suppressed elsewhere
13:49:09 includes/user/User.php:824 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue PhanRedundantCondition on this line but this suppression is unused or suppressed elsewhere
13:49:09 includes/user/User.php:1489 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 languages/Language.php:4130 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \Language::translateBlockExpiry that outputs using tainted argument $[arg #1]. (Caused by: languages/Language.php +4128)
13:49:09 languages/Language.php:4137 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \Language::translateBlockExpiry that outputs using tainted argument $[arg #1]. (Caused by: languages/Language.php +4128; languages/Language.php +4135)
13:49:09 languages/LanguageConverter.php:1289 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \LanguageConverter::convertHtml that outputs using tainted argument $[arg #1]. (Caused by: languages/LanguageConverter.php +710; languages/LanguageConverter.php +710)
13:49:09 maintenance/Sqlite.php:81 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Sqlite::checkSqlSyntax that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/Storage/NameTableStore.php +384; includes/libs/rdbms/database/DatabaseSqlite.php +606; includes/libs/rdbms/database/DatabaseSqlite.php +782; includes/libs/rdbms/database/DatabaseSqlite.php +1038; includes/libs/rdbms/database/DatabaseSqlite....)
13:49:09 maintenance/convertLinks.php:227 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \ConvertLinks::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/convertLinks.php +215; maintenance/convertLinks.php +211; maintenance/convertLinks.php +158; maintenance/convertLinks.php +207; maintenance/convertLinks.php +210; maintenance/convertLinks.php +163; includes/installer/MysqlUpdater.php +68...)
13:49:09 maintenance/eval.php:78 SecurityCheck-OTHER Argument to require, include or eval is user controlled (Caused by: maintenance/eval.php +64)
13:49:09 maintenance/populateContentTables.php:217 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\IDatabase::select() in \PopulateContentTables::populateTable that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::select) (Caused by: maintenance/populateContentTables.php +216; maintenance/populateContentTables.php +215; maintenance/populateContentTables.php +199)
13:49:09 maintenance/recountCategories.php:126 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues() in \RecountCategories::doWork that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues) (Caused by: maintenance/recountCategories.php +117; maintenance/recountCategories.php +145)
13:49:09 maintenance/refreshExternallinksIndex.php:76 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RefreshExternallinksIndex::doDBUpdates that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance/refreshExternallinksIndex.php +74; maintenance/populateContentTables.php +199; maintenance/refreshExternallinksIndex.php +61)
13:49:09 maintenance/runScript.php:64 SecurityCheck-OTHER Argument to require, include or eval is user controlled (Caused by: maintenance/runScript.php +57)
13:49:09 maintenance/storage/compressOld.php:330 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \CompressOld::compressWithConcat that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: includes/resourceloader/ResourceLoaderWikiModule.php +443; includes/page/PageArchive.php +569; includes/cache/MessageCache.php +535; includes/cache/MessageCache.php +535; includes/cache/MessageCache.php +580; maintenance/checkBadRedirects.php +55; m...  includes/cache/LinkCache.php +278; includes/cache/LinkCache.php +297; includes/Title.php +3460; includes/api/ApiQueryInfo.php +740; includes/api/ApiQueryAllPages.php +221; includes/api/ApiQueryAllPages.php +230; includes/api/ApiQueryBacklinks.php +1...)

Instead, if I use taint-check master, I get 218 errors, 125 of which are double-escaped. This is more similar to T216348#6007521, but I don't really know what caused it.

Guess we'll have to wait another bit.

13:49:09 includes/GlobalFunctions.php:913 PhanRedundantCondition Redundant attempt to cast $wgDebugRawPage of type true to truthy
13:49:09 includes/GlobalFunctions.php:1310 PhanRedundantCondition Redundant attempt to cast $wgShowHostnames of type true to truthy
13:49:09 includes/user/User.php:316 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:338 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:494 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:775 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleCondition on this line but this suppression is unused or suppressed elsewhere
13:49:09 includes/user/User.php:824 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue PhanRedundantCondition on this line but this suppression is unused or suppressed elsewhere
13:49:09 includes/user/User.php:1489 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy

The globals are set by Installer and Maintenance and Setup, that seems to "leak" into the type check for all classes/files and results in the issues reports. Seems odd to suppress.

Is there a way to not leak types from one class to another?
Without taint phan does not have a problem with it.

Change 643978 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Add some int casts for queries in maintenance scripts

https://gerrit.wikimedia.org/r/643978

Change 643981 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Improve code around internal queries in sqlite database class

https://gerrit.wikimedia.org/r/643981

13:49:09 includes/jobqueue/utils/BacklinkJobUtils.php:102 SecurityCheck-SQLInjection Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument #1 (`$params['table']`). (Caused by: includes/cache/BacklinkCache.php +443) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)

This could be a false positive: Variable $params has taintedness: YES

Change 643978 merged by jenkins-bot:
[mediawiki/core@master] Add some int casts for queries in maintenance scripts

https://gerrit.wikimedia.org/r/643978

13:49:09 includes/jobqueue/utils/BacklinkJobUtils.php:102 SecurityCheck-SQLInjection Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument #1 (`$params['table']`). (Caused by: includes/cache/BacklinkCache.php +443) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)

This could be a false positive: Variable $params has taintedness: YES

The annotation still doesn't print the whole taintedness object. Could you please tryapplying the following hack to vendor/mediawiki/phan-taint-check-plugin/src/SecurityCheckPlugin.php

$msg = "Variable {CODE} has taintedness: {DETAILS}"; // Line 246
echo "\n\n$taint\n\n"; // Add this line

and then re-running phan. It should print the whole shape.

Change 643993 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/tools/phan/SecurityCheckPlugin@master] Don't leak global variables in global scope

https://gerrit.wikimedia.org/r/643993

13:49:09 includes/jobqueue/utils/BacklinkJobUtils.php:102 SecurityCheck-SQLInjection Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument #1 (`$params['table']`). (Caused by: includes/cache/BacklinkCache.php +443) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)

This could be a false positive: Variable $params has taintedness: YES

The annotation still doesn't print the whole taintedness object. Could you please tryapplying the following hack to vendor/mediawiki/phan-taint-check-plugin/src/SecurityCheckPlugin.php

$msg = "Variable {CODE} has taintedness: {DETAILS}"; // Line 246
echo "\n\n$taint\n\n"; // Add this line

and then re-running phan. It should print the whole shape.

$taint is equal to {DETAILS}, but what about var_export( $var->taintedness )?

SecurityCheckPlugin\Taintedness::__set_state(array(
   'flags' => 43688,
   'dimTaint' =>
  array (
    'namespace' =>
    SecurityCheckPlugin\Taintedness::__set_state(array(
       'flags' => 0,
       'dimTaint' =>
      array (
      ),
       'unknownDimsTaint' => 0,
    )),
    'title' =>
    SecurityCheckPlugin\Taintedness::__set_state(array(
       'flags' => 0,
       'dimTaint' =>
      array (
      ),
       'unknownDimsTaint' => 0,
    )),
    'requestId' =>
    SecurityCheckPlugin\Taintedness::__set_state(array(
       'flags' => 43688,
       'dimTaint' =>
      array (
      ),
       'unknownDimsTaint' => 0,
    )),
  ),
   'unknownDimsTaint' => 0,
))

In Job.php:

$this->params = $params + [ 'requestId' => WebRequest::getRequestId() ];

When comment out that line, everything is fine ...

$taint is equal to {DETAILS}, but what about var_export( $var->taintedness )?

Oh yes, I meant $var->taintedness. No need to var_export it though, it has a __toString() which pretty-prints the object.

[ object snip ]

Seems like it's picking up taintedness in an offset it can't resolve.

In Job.php:

$this->params = $params + [ 'requestId' => WebRequest::getRequestId() ];

When comment out that line, everything is fine ...

I'd have to investigate, could you please copy these comments to a new task while I take a look?

Change 643996 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Add int casts/htmlspecialchars for prints in maintenance scripts

https://gerrit.wikimedia.org/r/643996

Change 644005 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Suppress taint-check in UploadForm

https://gerrit.wikimedia.org/r/644005

Change 644006 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Suppress taint-check in DefaultPreferencesFactory

https://gerrit.wikimedia.org/r/644006

Change 644017 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Annotate File::getDescriptionText to return safe html for taint-check

https://gerrit.wikimedia.org/r/644017

Change 644019 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Suppress taint-check issues in Parser

https://gerrit.wikimedia.org/r/644019

Change 644020 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Suppress taint-check issues in LogFormatter/LogPage

https://gerrit.wikimedia.org/r/644020

False positive:

13:49:09 includes/export/WikiExporter.php:601 SecurityCheck-XSS Calling method \DumpOutput::writeLogItem() in \WikiExporter::outputLogStream that outputs using tainted argument $output. (Caused by: includes/export/DumpOutput.php +73) (Caused by: includes/export/WikiExporter.php +600)

\Xml::elementClean needs to be part of taint-check similar to \Xml::element to fix this

The static Message::rawParam is not part of the taint-check. It is possible to rewrite ->rawParams() with ->params( Message:rawParam() ) to bypass the checks.

\Xml::elementClean needs to be part of taint-check similar to \Xml::element to fix this

! In T216348#6654152, @Umherirrender wrote:
The static Message::rawParam is not part of the taint-check. It is possible to rewrite ->rawParams() with ->params( Message:rawParam() ) to bypass the checks.

These can, and probably should, be annotated directly in MW core. I think we were moving away from hardcoded taint data.

Change 644006 merged by jenkins-bot:
[mediawiki/core@master] Suppress taint-check in DefaultPreferencesFactory

https://gerrit.wikimedia.org/r/644006

Change 644020 merged by jenkins-bot:
[mediawiki/core@master] Suppress taint-check issues in LogFormatter/LogPage

https://gerrit.wikimedia.org/r/644020

Change 644005 merged by jenkins-bot:
[mediawiki/core@master] Suppress taint-check in UploadForm

https://gerrit.wikimedia.org/r/644005

Change 643981 merged by jenkins-bot:
[mediawiki/core@master] Improve code around internal queries in sqlite database class

https://gerrit.wikimedia.org/r/643981

Change 647804 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Add taint hints for message creation method

https://gerrit.wikimedia.org/r/647804

Change 648368 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Document HttpError to help taint-check

https://gerrit.wikimedia.org/r/648368

Change 648379 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Suppress taint-check issues related to Linker functions

https://gerrit.wikimedia.org/r/648379

Change 648368 merged by jenkins-bot:
[mediawiki/core@master] Document HttpError to help taint-check

https://gerrit.wikimedia.org/r/648368

Change 643993 merged by jenkins-bot:
[mediawiki/tools/phan/SecurityCheckPlugin@master] Don't leak global variables in global scope

https://gerrit.wikimedia.org/r/643993

FTR, current taint-check master yields 159 total issues on a slightly oudated clone of mw core, whereas taint-check 3.1.0 has 182.

FTR, current taint-check master yields 159 total issues on a slightly oudated clone of mw core, whereas taint-check 3.1.0 has 182.

Correction, it wasn't the current master. The *real* current master, which includes a fix for T269895, finds 151 issues.

Change 647804 merged by jenkins-bot:
[mediawiki/core@master] Add taint hints for message creation method

https://gerrit.wikimedia.org/r/647804

Change 643996 merged by jenkins-bot:
[mediawiki/core@master] Suppress taint-check issues in maintenance scripts/cli context

https://gerrit.wikimedia.org/r/643996

Running core with taint-check gives also many

Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleCondition on this line but this suppression is unused or suppressed elsewhere

It seems that taint-check deeper analyze as phan and allows other decision. But I am not sure if that could be a bug in taint-check or just in phan itself

Running core with taint-check gives also many

Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleCondition on this line but this suppression is unused or suppressed elsewhere

It seems that taint-check deeper analyze as phan and allows other decision. But I am not sure if that could be a bug in taint-check or just in phan itself

It seems I have mixed it with the update to newer phan - fixed with https://gerrit.wikimedia.org/r/c/mediawiki/core/+/648544

Running core with taint-check gives also many

Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleCondition on this line but this suppression is unused or suppressed elsewhere

It seems that taint-check deeper analyze as phan and allows other decision. But I am not sure if that could be a bug in taint-check or just in phan itself

There are three places:

includes\libs\rdbms\lbfactory\LBFactory.php line 458

UnusedPluginSuppression: Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleConditionInLoop on this line but this suppression is unused or suppressed elsewhere

for this code:

				// No writes since the last replication wait
				(
					// @phan-suppress-next-line PhanImpossibleConditionInLoop
					$opts['ifWritesSince'] &&
					$lb->lastMasterChangeTimestamp() < $opts['ifWritesSince']
				)

It seems taint-check analyze the array plus better than phan itself (phan seems not to assume that this can change by the existing array on the left side of the array plus):

		$opts += [
			'domain' => false,
			'cluster' => false,
			'timeout' => $this->replicationWaitTimeout,
			'ifWritesSince' => null
		];

Same on includes\user\User.php for line 800 and 849

			// @phan-suppress-next-line PhanImpossibleCondition
			if ( !$options['create'] ) {
				// No.
				return null;
			}

[...]

			// @phan-suppress-next-line PhanRedundantCondition
			if ( !$options['steal'] ) {
				return null;
			}

for this array

		$options += [
			'validate' => UserNameUtils::RIGOR_VALID,
			'create' => true,
			'steal' => false,
		];

Some PhanTypeArraySuspiciousNullable also showing up.

One in FakeResultWrapper line 42, but there is a similiar suppression for the same variable in that file, seems okay for me

Three in EtcdConfig with lazy inited procCache class property. It is seems always set after the load(), thats also okay for me

Change 644019 abandoned by Umherirrender:
[mediawiki/core@master] Suppress taint-check issues in Parser

Reason:
It seems better to set the suppression together with enabling the feature

https://gerrit.wikimedia.org/r/644019

Change 648379 abandoned by Umherirrender:
[mediawiki/core@master] Suppress taint-check issues related to Linker functions

Reason:
It seems better to set the suppression together with enabling the feature

https://gerrit.wikimedia.org/r/648379

Change 644017 abandoned by Umherirrender:
[mediawiki/core@master] Annotate File::getDescriptionText to return safe html for taint-check

Reason:
It seems better to set the taint annotation together with enabling the feature

https://gerrit.wikimedia.org/r/644017

Change 652553 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] build: Enable phan-taint-check-plugin and suppress issues

https://gerrit.wikimedia.org/r/652553

Change 652553 merged by jenkins-bot:
[mediawiki/core@master] build: Enable phan-taint-check-plugin and suppress issues

https://gerrit.wikimedia.org/r/652553

Change 522419 abandoned by Daimona Eaytoy:
[mediawiki/core@master] [WIP] Add phan-taint-check-plugin

Reason:
Already done

https://gerrit.wikimedia.org/r/522419

Change 491039 abandoned by Umherirrender:
[mediawiki/core@master] Various fixes to Block.php to make phan-taint-check happy

Reason:
Code is now in DatabaseBlock. It seems taint-check is now okay with this code, because it is enabled and there is no suppression for that code

https://gerrit.wikimedia.org/r/491039