Page MenuHomePhabricator
Create Task
Maniphest T235383

Release taint-check 3.0.0
Closed, ResolvedPublic
Actions

Description

To be done after T235381. This release should include:

  • r522486 - Upg phan to 2.0.0, require PHP>=7.1
  • r491055 - Fix bug with wrong taint type
  • r541889 - Drop requirement on php-ast (T235053)
  • r522522 - Pay tech debt
  • r522606 - Upg phan to 2.2.5
  • r523108 - Add UnusedSuppressionPlugin
  • r522840 - Fix false positives with numbers addition
  • r539701 - Config cleanup
  • r543120 - Factor out a method
  • r542997 - Better handling of var reassignment
  • r544295 - Another improvement for var reassignment
  • r542757 - Upg phan to 2.2.13
  • r542758 - Upg PHPUnit to 8.4
  • r542766 - Rearrange config files
  • r539888 - Remove OOUI hack (T230713)
  • r542953 - New taint type for better handling of Message and HtmlArmor
  • r561159 - Fix phan crash when analyzing MediaWiki core

These are mostly backend changes for what concerns platform requirements. Includes some bugfixes for false positives seen in WMF extensions, and adds UnusedSuppressionPlugin to highlight now-outdated @suppress annotations, limited to taint-check warnings. Finally, removes the php-ast requirement so that we can start moving taint-check to require-dev in all repos. This is T235053 and we'll also need some CI changes before starting the rollout.

Related Objects
Search...

Event Timeline

Daimona created this task.Oct 13 2019, 2:43 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 13 2019, 2:43 PM
Daimona added a subtask: T235381: Release taint-check 2.1.0.Oct 13 2019, 2:43 PM
Daimona mentioned this in T235390: Merge taint-check-plugin into mediawiki-phan-config.Oct 13 2019, 5:05 PM
Daimona added a parent task: T235390: Merge taint-check-plugin into mediawiki-phan-config.
Daimona updated the task description. (Show Details)Oct 13 2019, 5:36 PM
Daimona updated the task description. (Show Details)Oct 13 2019, 5:45 PM
Daimona updated the task description. (Show Details)Oct 14 2019, 2:31 PM
Daimona updated the task description. (Show Details)Oct 14 2019, 6:22 PM
Daimona updated the task description. (Show Details)Oct 15 2019, 5:10 PM
sbassett triaged this task as Medium priority.Oct 15 2019, 6:50 PM
sbassett mentioned this in T235381: Release taint-check 2.1.0.
Daimona closed subtask T235381: Release taint-check 2.1.0 as Resolved.Oct 16 2019, 9:41 AM
Daimona updated the task description. (Show Details)Oct 18 2019, 2:27 PM
Daimona updated the task description. (Show Details)Oct 18 2019, 4:09 PM
Daimona updated the task description. (Show Details)Oct 20 2019, 9:51 AM
Jdforrester-WMF updated the task description. (Show Details)Nov 25 2019, 9:02 PM
Jdforrester-WMF updated the task description. (Show Details)
Jdforrester-WMF updated the task description. (Show Details)
Jdforrester-WMF updated the task description. (Show Details)Nov 25 2019, 9:11 PM
Daimona updated the task description. (Show Details)Nov 26 2019, 3:36 PM
Daimona updated the task description. (Show Details)Nov 26 2019, 4:09 PM
Daimona updated the task description. (Show Details)Nov 26 2019, 7:04 PM
Daimona mentioned this in T240069: Release taint-check 3.0.1.Dec 7 2019, 12:28 PM
Daimona added a parent task: T240069: Release taint-check 3.0.1.
Daimona removed a parent task: T235390: Merge taint-check-plugin into mediawiki-phan-config.
Daimona updated the task description. (Show Details)Dec 13 2019, 7:12 PM
Daimona updated the task description. (Show Details)Dec 19 2019, 7:06 PM
Daimona claimed this task.Dec 29 2019, 7:50 PM
Daimona updated the task description. (Show Details)Dec 30 2019, 4:27 PM
Daimona updated the task description. (Show Details)Feb 24 2020, 5:37 PM
Daimona updated the task description. (Show Details)Mar 26 2020, 4:28 PM
Daimona updated the task description. (Show Details)
Jdforrester-WMF updated the task description. (Show Details)Mar 26 2020, 4:32 PM
Jdforrester-WMF subscribed.Mar 26 2020, 4:34 PM
$ git log --topo-order --no-merges --oneline  2.1.0..
3094900 Fix phan crash when analyzing MediaWiki core
558af65 Add RAW_PARAM taint type
59bb9c6 build: Upgrade mediawiki-codesniffer from v29.0.0 to v30.0.0
4a25f85 Remove outdated config settings
b0ff035 Add UnusedSuppressionPlugin limited to our warnings
4df4ff7 Actually handle binary addition
7d77d14 Update PHPUnit to 8.5
d3b5aac build: Upgrade mediawiki-codesniffer to v29.0.0
18e7045 build: Updating composer dependencies
365eab9 Upgrade phan to 2.2.13
0c7ba27 Remove hack for OOUI constructors
325c76b Upgrade to phan 2.2.5
382f873 Further improvements for same var reassignments
a3d1d8a Better handling of reassignments of the same var
93e264b Don't fail hard when core methods cannot be found
56781f9 Shrink config files even more
2cd1360 Remove explicit dependency on ext-ast
50e789c Cleanup parent var linking code
c7ec2a2 Remove awful hack for var context
8250cb5 Upgrade to PHPUnit 8.4
451bc6b build: Upgrade MW phpcs to 28.0.0
f21945d Replace EXEC_TAINT with ALL_EXEC_TAINT where latter was meant
9efb68c Upgrade phan to 2.0.0, ast to 1.0.1 and require PHP72+

Good to go?

Jdforrester-WMF updated the task description. (Show Details)Mar 26 2020, 4:35 PM
Daimona added a comment.Mar 26 2020, 4:35 PM
In T235383#6002460, @Jdforrester-WMF wrote:

Good to go?

Yes, thanks! I'm going to tag it.

Daimona closed this task as Resolved.Mar 26 2020, 4:47 PM

{{Done}}!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits