Page MenuHomePhabricator
Create Task
Maniphest T231311

Enable seccheck for MW core
Closed, ResolvedPublic
Actions

Description

The config was added in T203630, and as of July we had 187 warnings, reported at T216348#5332594. As I wrote there, I'd suggest to wait for seccheck 3.0 before moving on, and start with DoubleEscaped checks disabled, if there'll still be too many of them.

Details

SubjectRepoBranchLines +/-
build: Enable SecurityCheck-DoubleEscaped and suppress issuesmediawiki/coremaster+39 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

Daimona created this task.Aug 27 2019, 12:48 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 27 2019, 12:48 PM
Daimona added subtasks: T183174: UserGroupMembership::getLink() causes a significant portion of false positives for phan-taint-check-plugin, T216348: Suppress or fix non-double escape phan-taint-check warnings for MW core.Aug 27 2019, 12:48 PM
Krinkle moved this task from Inbox to Checkers on the MediaWiki-Core-Tests board.Sep 4 2019, 5:46 PM
sbassett triaged this task as Medium priority.Oct 15 2019, 7:07 PM
Daimona mentioned this in T248630: Upgrade phan to 0.10.2 and remove phan-taint-check-plugin.Mar 26 2020, 9:43 PM
Jdforrester-WMF moved this task from Backlog to MediaWiki mode on the phan-taint-check-plugin board.Apr 10 2020, 3:18 PM
Daimona added a comment.Jun 20 2020, 12:51 PM

FTR: I think the target version for this should be the next major version of taint-check. Lately, I've been focusing on core issues, so several false positives are now gone. I think a necessary (and perhaps also sufficient) condition is to have https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/605551/ included in the target version.

gerritbot added a comment.Dec 30 2020, 1:29 PM

Change 652553 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] build: Enable phan-taint-check-plugin and suppress issues

https://gerrit.wikimedia.org/r/652553

gerritbot added a project: Patch-For-Review.Dec 30 2020, 1:29 PM
gerritbot added a comment.Dec 30 2020, 6:39 PM

Change 652574 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] build: Enable SecurityCheck-DoubleEscaped and suppress issues

https://gerrit.wikimedia.org/r/652574

gerritbot added a comment.Dec 30 2020, 11:59 PM

Change 652574 merged by jenkins-bot:
[mediawiki/core@master] build: Enable SecurityCheck-DoubleEscaped and suppress issues

https://gerrit.wikimedia.org/r/652574

ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.25; 2021-01-05).Dec 31 2020, 12:00 AM
Jdforrester-WMF subscribed.Dec 31 2020, 12:01 AM

Do we want to keep this open for the tree of sub-tasks?

Umherirrender closed subtask T216348: Suppress or fix non-double escape phan-taint-check warnings for MW core as Resolved.Dec 31 2020, 10:14 AM
Umherirrender subscribed.
Umherirrender added a comment.Dec 31 2020, 11:11 AM
In T231311#6715024, @Jdforrester-WMF wrote:

Do we want to keep this open for the tree of sub-tasks?

It's done now, I would close it. The sub task needs to be work on even if this is resolved or open

Daimona closed this task as Resolved.Dec 31 2020, 12:14 PM
Daimona assigned this task to Umherirrender.
In T231311#6715288, @Umherirrender wrote:
In T231311#6715024, @Jdforrester-WMF wrote:

Do we want to keep this open for the tree of sub-tasks?

It's done now, I would close it. The sub task needs to be work on even if this is resolved or open

Agreed.

Daimona removed a project: Patch-For-Review.Dec 31 2020, 12:14 PM
Daimona moved this task from MediaWiki mode to Enabling on new repos on the phan-taint-check-plugin board.Oct 15 2022, 4:54 PM
matmarex closed subtask T183174: UserGroupMembership::getLink() causes a significant portion of false positives for phan-taint-check-plugin as Resolved.May 22 2023, 8:40 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits