Page MenuHomePhabricator

mwext-php72-phan-seccheck-docker failing for RenameUser
Closed, ResolvedPublic

Description

https://integration.wikimedia.org/ci/job/mwext-php72-phan-seccheck-docker/12467/console

<?xml version="1.0" encoding="ISO-8859-15"?>
<checkstyle version="6.5">
  <file name="includes/RenameuserLogFormatter.php">
    <error line="34" severity="warning" message="Calling method \RenameuserLogFormatter::myPageLink() in \RenameuserLogFormatter::getMessageParameters that outputs using tainted argument $[arg #2]. (Caused by: includes/RenameuserLogFormatter.php +58) (Caused by: includes/RenameuserLogFormatter.php +9; includes/RenameuserLogFormatter.php +28; includes/RenameuserLogFormatter.php +34)" source="SecurityCheck-DoubleEscaped"/>
    <error line="40" severity="warning" message="Calling method \RenameuserLogFormatter::myPageLink() in \RenameuserLogFormatter::getMessageParameters that outputs using tainted argument $[arg #2]. (Caused by: includes/RenameuserLogFormatter.php +58) (Caused by: includes/RenameuserLogFormatter.php +9; includes/RenameuserLogFormatter.php +28; includes/RenameuserLogFormatter.php +34; includes/RenameuserLogFormatter.php +40)" source="SecurityCheck-DoubleEscaped"/>
  </file>
</checkstyle>

Details

Related Gerrit Patches:
mediawiki/extensions/Renameuser : masterbuild: Suppress taint issues

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 1 2019, 7:05 PM

Change 540200 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/extensions/Renameuser@master] build: Suppress taint isses under investigation

https://gerrit.wikimedia.org/r/540200

Yes, it's a known false positive. I don't know if I had opened a bug at the time, but it was discovered during the rollout of 2.0 and suppressed in various repos.

Change 540200 merged by jenkins-bot:
[mediawiki/extensions/Renameuser@master] build: Suppress taint issues

https://gerrit.wikimedia.org/r/540200

sbassett triaged this task as Normal priority.Tue, Oct 15, 7:07 PM
Jdforrester-WMF closed this task as Resolved.Tue, Oct 15, 7:24 PM
Jdforrester-WMF assigned this task to Daimona.