Page MenuHomePhabricator
Create Task
Maniphest T227406

Release taint-check 2.0.2 and 2.1.0
Closed, ResolvedPublic
Actions

Description

I checked the remaining patches in the 2.x branch, and determined that we could release a minor 2.0.2 version including:

  1. r507854 - code cleanup
  2. r507934 - code cleanup
  3. r507952 - code cleanup
  4. r507962 - handles ++ and --, pretty easy
  5. r521838 - fixes a crash seen for some MW extensions

I find all of the above to be minor changes, with no real risks. So IMHO we can put them in a 2.0.2 version and start using it for our codebases.

Note that the patch above already have CR+2, though I'd like to delay merging them until we'll have CI back working.

2.1.0

This is what I'd like to include in 2.1.0 (from T227406#5312104):

  • r507849 - Only touches caused-by lines
  • r507981 - Handles closures
  • r507986 - Handles variables used by closures
  • r508082 - Code cleanup
  • r508085 - Visits AST_EMPTY, straightforward
  • r508124 - Explicitly mark as INAPPLICABLE a few node kinds, + visit exit() and clone
  • r522076 - Just some debug logging
  • r522140 - Switch back to phpunit for IDEs etc.

And possibly also the fix for T230713, if we get it done before the release. should go in 3.0

Related Objects

Event Timeline

Daimona created this task.Jul 7 2019, 2:34 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 7 2019, 2:34 PM
Daimona added a comment.Jul 8 2019, 7:51 AM

And also the plan I envisioned for the next releases:

We could make another minor release (2.0.2, or maybe 2.1.0) including the following:

  1. r507849 - Only touches caused-by lines
  2. r507981 - Handles closures
  3. r507986 - Handles variables used by closures
  4. r508082 - Code cleanup
  5. r508085 - Visits AST_EMPTY, straightforward
  6. r508124 - Adds a bunch of new node types, mostly things that don't have taintedness

Commits 3. and 5. already have CR, the other ones don't.

At that point, I'll cherry pick to master and abandon r508091, thus emptying the 2.x branch. Then, it'll be the turn of r521040 (+ any change needed to make the plugin work with newer phan). That change will drop PHP70 support, and thus the next release should IMHO be a 3.0.0. With that change in place, I'll start working on the remaining bugs.

sbassett triaged this task as Low priority.Jul 9 2019, 4:34 PM
Daimona updated the task description. (Show Details)Jul 9 2019, 5:16 PM
Daimona updated the task description. (Show Details)Jul 9 2019, 6:27 PM
Daimona renamed this task from Release taint-check 2.0.1 to Release taint-check 2.0.2 and 2.1.0.Jul 9 2019, 6:36 PM
Daimona updated the task description. (Show Details)

We eventually went for an early 2.0.1 release to fix some issues with integration tests and CI, and get taint-check ready for deployment now. Everything in this task still applies to 2.0.2 (and 2.1.0), so I've updated the task description accordingly.

Daimona updated the task description. (Show Details)Jul 10 2019, 9:38 AM

I've added https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/521838/, and it's the only patch which needs CR before the 2.0.2 release.

Daimona added a comment.Jul 10 2019, 6:15 PM

Version 2.0.2 tagged just now. It includes the 5 patches mentioned in the task description. Next step is 2.1.0 with the 6 patch mentioned in T227406#5312104.

Daimona updated the task description. (Show Details)Jul 11 2019, 12:59 PM
Daimona updated the task description. (Show Details)Jul 11 2019, 4:51 PM
Daimona updated the task description. (Show Details)Jul 12 2019, 9:40 AM
Daimona updated the task description. (Show Details)Jul 12 2019, 12:16 PM
Daimona updated the task description. (Show Details)Jul 12 2019, 3:09 PM
sbassett added a comment.Aug 9 2019, 7:01 PM

@Daimona - can we call this done? And resolve for now?

Daimona added a comment.Aug 9 2019, 7:53 PM

@sbassett 2.1.0 is still not released. We could split that part to a separate task, but some of the 8 patches listed in the task description are still not merged.

sbassett added a comment.Aug 9 2019, 8:11 PM

@Daimona - ah, ok. Yeah, I guess we can leave open for 2.1.0. Thanks.

Daimona updated the task description. (Show Details)Aug 19 2019, 11:22 AM
Daimona updated the task description. (Show Details)Sep 29 2019, 11:17 AM
Daimona updated the task description. (Show Details)Sep 30 2019, 3:31 PM
Daimona closed this task as Resolved.Oct 13 2019, 2:35 PM
Daimona claimed this task.
Daimona mentioned this in T235381: Release taint-check 2.1.0.

Moved the 2.1.0 part to T235381 for clarity.

sbassett moved this task from Backlog to Done on the phan-taint-check-plugin board.Oct 15 2019, 7:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL