mwext-php72-phan-seccheck-docker failing for RenameUser
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Umherirrender
	Oct 1 2019, 7:05 PM

Description

https://integration.wikimedia.org/ci/job/mwext-php72-phan-seccheck-docker/12467/console

<?xml version="1.0" encoding="ISO-8859-15"?>
<checkstyle version="6.5">
  <file name="includes/RenameuserLogFormatter.php">
    <error line="34" severity="warning" message="Calling method \RenameuserLogFormatter::myPageLink() in \RenameuserLogFormatter::getMessageParameters that outputs using tainted argument $[arg #2]. (Caused by: includes/RenameuserLogFormatter.php +58) (Caused by: includes/RenameuserLogFormatter.php +9; includes/RenameuserLogFormatter.php +28; includes/RenameuserLogFormatter.php +34)" source="SecurityCheck-DoubleEscaped"/>
    <error line="40" severity="warning" message="Calling method \RenameuserLogFormatter::myPageLink() in \RenameuserLogFormatter::getMessageParameters that outputs using tainted argument $[arg #2]. (Caused by: includes/RenameuserLogFormatter.php +58) (Caused by: includes/RenameuserLogFormatter.php +9; includes/RenameuserLogFormatter.php +28; includes/RenameuserLogFormatter.php +34; includes/RenameuserLogFormatter.php +40)" source="SecurityCheck-DoubleEscaped"/>
  </file>
</checkstyle>

Details

	Project	Branch	Lines +/-	Subject
	mediawiki/extensions/Renameuser	master	+2 -0	build: Suppress taint issues

Customize query in gerrit

Event Timeline

Umherirrender created this task.Oct 1 2019, 7:05 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 1 2019, 7:05 PM

Change 540200 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/extensions/Renameuser@master] build: Suppress taint isses under investigation

https://gerrit.wikimedia.org/r/540200

gerritbot added a project: Patch-For-Review.Oct 1 2019, 7:05 PM

Umherirrender added a project: ci-test-error.Oct 1 2019, 7:07 PM

Umherirrender added a subscriber: Daimona.

Jdforrester-WMF added a subscriber: Jdforrester-WMF.Oct 1 2019, 7:24 PM

Yes, it's a known false positive. I don't know if I had opened a bug at the time, but it was discovered during the rollout of 2.0 and suppressed in various repos.

Change 540200 merged by jenkins-bot:
[mediawiki/extensions/Renameuser@master] build: Suppress taint issues

https://gerrit.wikimedia.org/r/540200

ReleaseTaggerBot added a project: MW-1.35-notes (1.35.0-wmf.1; 2019-10-08).Oct 1 2019, 8:00 PM

Maintenance_bot removed a project: Patch-For-Review.Oct 1 2019, 8:10 PM

sbassett triaged this task as Medium priority.Oct 15 2019, 7:07 PM

Jdforrester-WMF closed this task as Resolved.Oct 15 2019, 7:24 PM

Jdforrester-WMF assigned this task to Daimona.

sbassett moved this task from Backlog to Done on the phan-taint-check-plugin board.Oct 15 2019, 7:24 PM