Make taint-check understand all QueryBuilders
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Daimona
	May 22 2020, 11:28 AM

Details

Related Changes in Gerrit:

Subject	Repo	Branch	Lines +/-
Add base taint-check annotations to InsertQueryBuilder	mediawiki/core	master	+36 -0
Add base taint-check annotations to Delete- and UpdateQueryBuilder	mediawiki/core	master	+59 -0
Hardcode taintedness of InsertQueryBuilder::row() and ::rows()	mediawiki/tools/phan/SecurityCheckPlugin	master	+74 -1
Add base taint-check annotations to SelectQueryBuilder	mediawiki/core	master	+45 -0

Customize query in gerrit

Related Objects

Mentioned In: T361523: Add hard-coded taints for ReplaceQueryBuilder similiar to InsertQueryBuilder
T273932: Obscure phan taint-check failures for ActorStore patches

Event Timeline

Daimona created this task.May 22 2020, 11:28 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 22 2020, 11:28 AM

Daimona moved this task from Backlog to MediaWiki mode on the phan-taint-check-plugin board.Jul 9 2020, 4:00 PM

• Pchelolo mentioned this in T273932: Obscure phan taint-check failures for ActorStore patches.Feb 4 2021, 9:14 PM

Daimona claimed this task.Sep 23 2023, 8:21 PM

Change 960184 had a related patch set uploaded (by Daimona Eaytoy; author: Daimona Eaytoy):

[mediawiki/core@master] Add base taint-check annotations to SelectQueryBuilder

https://gerrit.wikimedia.org/r/960184

gerritbot added a project: Patch-For-Review.Sep 23 2023, 8:28 PM

Daimona renamed this task from Make taint-check understand SelectQueryBuilder to Make taint-check understand all QueryBuilders.Sep 24 2023, 12:10 PM

Change 960184 merged by jenkins-bot:

[mediawiki/core@master] Add base taint-check annotations to SelectQueryBuilder

https://gerrit.wikimedia.org/r/960184

ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.28; 2023-09-26).Sep 25 2023, 4:00 PM

Maintenance_bot removed a project: Patch-For-Review.Sep 25 2023, 4:12 PM

Krinkle awarded a token.Sep 27 2023, 5:23 AM

Change 961487 had a related patch set uploaded (by Daimona Eaytoy; author: Daimona Eaytoy):

[mediawiki/tools/phan/SecurityCheckPlugin@master] Hardcode taintedness of InsertQueryBuilder::row() and ::rows()

https://gerrit.wikimedia.org/r/961487

gerritbot added a project: Patch-For-Review.Sep 27 2023, 11:41 PM

Change 960204 had a related patch set uploaded (by Daimona Eaytoy; author: Daimona Eaytoy):

[mediawiki/core@master] Add base taint-check annotations to InsertQueryBuilder

https://gerrit.wikimedia.org/r/960204

Change 961490 had a related patch set uploaded (by Daimona Eaytoy; author: Daimona Eaytoy):

[mediawiki/core@master] Add base taint-check annotations to Delete- and UpdateQueryBuilder

https://gerrit.wikimedia.org/r/961490

Change 961487 merged by jenkins-bot:

[mediawiki/tools/phan/SecurityCheckPlugin@master] Hardcode taintedness of InsertQueryBuilder::row() and ::rows()

https://gerrit.wikimedia.org/r/961487

Change 960204 merged by jenkins-bot:

[mediawiki/core@master] Add base taint-check annotations to InsertQueryBuilder

https://gerrit.wikimedia.org/r/960204

Change 961490 merged by jenkins-bot:

[mediawiki/core@master] Add base taint-check annotations to Delete- and UpdateQueryBuilder

https://gerrit.wikimedia.org/r/961490

Calling this done. Adding/improving annotations should be part of the normal development cycle.

Maintenance_bot removed a project: Patch-For-Review.Sep 28 2023, 3:12 PM

ReleaseTaggerBot edited projects, added MW-1.41-notes (1.41.0-wmf.29; 2023-10-03); removed MW-1.41-notes (1.41.0-wmf.28; 2023-09-26).Sep 29 2023, 9:06 AM

Umherirrender mentioned this in T361523: Add hard-coded taints for ReplaceQueryBuilder similiar to InsertQueryBuilder.Apr 1 2024, 9:41 PM

Make taint-check understand all QueryBuildersClosed, ResolvedPublicActions

Details

Related Objects

Event Timeline

Make taint-check understand all QueryBuilders
Closed, ResolvedPublic
Actions