Weird interaction between phan and taint-check: PhanUndeclaredVariable
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Daimona
	Mar 28 2020, 2:13 PM

Description

See T248630#6003883

Details

	Subject	Repo	Branch	Lines +/-
	Fix edge case with prop access confusing other parts of phan	mediawiki/tools/phan/SecurityCheckPlugin	master	+82 -22

Customize query in gerrit

Related Objects
Search...

Status	Subtype	Assigned	Task
Open		None	T175865 CentralNotice banner goes behind of global user page's top menu buttons
Declined		None	T254277 Proposal: Stop collapsing Vector menu items under more menu and removal associated code
Resolved		Jdlrobson	T71729 [collapsibleTabs] If a tab's width changes after initial page load, endless animation loop can happen
Resolved	BUG REPORT	ovasileva	T253819 Regression: Dancing Search Bar in MediaWiki when menu is hidden
Resolved		Daimona	T254079 phan-seccheck typeerror
Resolved		Jdforrester-WMF	T248630 Upgrade phan to 0.10.2 and remove phan-taint-check-plugin
Resolved		Daimona	T248742 Weird interaction between phan and taint-check: PhanUndeclaredVariable

Event Timeline

Daimona created this task.Mar 28 2020, 2:13 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 28 2020, 2:13 PM

Fortunately this was an easy fix. The code analyzing property access (e.g. $foo->bar) has a special case for when $foo is a stdClass: in this case, accessing a $foo->bar would transfer foo's taintedness to bar. However, the code doing that didn't check whether the LHS of -> is a variable, hence it tried to parse a variable from the LHS even in cases like Foo::myFunc( 'myParam' )->bar. In turn, this would create a bogus variable named $Foo which phan wouldn't recognize.

Change 584121 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/tools/phan/SecurityCheckPlugin@master] Fix edge case with prop access confusing other parts of phan

https://gerrit.wikimedia.org/r/584121

gerritbot added a project: Patch-For-Review.Mar 28 2020, 2:35 PM

Daimona mentioned this in T248630: Upgrade phan to 0.10.2 and remove phan-taint-check-plugin.Apr 6 2020, 9:38 AM

Daimona added a parent task: T248630: Upgrade phan to 0.10.2 and remove phan-taint-check-plugin.

Daimona mentioned this in T249491: phan and taint-check weird interactions: PhanUndeclaredThis.Apr 6 2020, 10:15 AM

Daimona triaged this task as High priority.Apr 6 2020, 4:34 PM

Daimona added a subtask: T249519: phan and taint-check weird interactions: PhanUndeclaredThis, part 2.Apr 6 2020, 4:49 PM

Daimona removed a subtask: T249519: phan and taint-check weird interactions: PhanUndeclaredThis, part 2.

Jdforrester-WMF subscribed.Apr 6 2020, 5:25 PM

Change 584121 merged by jenkins-bot:
[mediawiki/tools/phan/SecurityCheckPlugin@master] Fix edge case with prop access confusing other parts of phan

https://gerrit.wikimedia.org/r/584121

Jdforrester-WMF moved this task from Backlog to Plugin itself on the phan-taint-check-plugin board.Apr 6 2020, 5:50 PM

Daimona mentioned this in rMTPS75ecad814c6a: Fix edge case with prop access confusing other parts of phan.Apr 6 2020, 6:03 PM

Maintenance_bot removed a project: Patch-For-Review.Apr 6 2020, 6:10 PM

Daimona closed this task as Resolved.Apr 7 2020, 2:14 PM