Page MenuHomePhabricator

phan-seccheck typeerror
Closed, ResolvedPublic

Description

See, eg, https://integration.wikimedia.org/ci/job/mwext-php72-phan-seccheck-docker/54751/console

TypeError: Argument 1 passed to PreTaintednessVisitor::linkParamAndFunc() must be an instance of Phan\Language\Element\Variable, instance of Phan\Language\Element\Property given, called in /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/PreTaintednessVisitor.php on line 147 and defined in /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessBaseVisitor.php:1093
Stack trace:
#0 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/PreTaintednessVisitor.php(147): PreTaintednessVisitor->linkParamAndFunc(Object(Phan\Language\Element\Property), Object(Phan\Language\Element\Method), 1)
#1 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/MWPreVisitor.php(40): PreTaintednessVisitor->visitMethod(Object(ast\Node))
#2 /opt/phan/vendor/phan/phan/src/Phan/Plugin/ConfigPluginSet.php(991): MWPreVisitor->visitMethod(Object(ast\Node))
#3 /opt/phan/vendor/phan/phan/src/Phan/Plugin/ConfigPluginSet.php(251): MWPreVisitor::Phan\Plugin\{closure}(Object(Phan\CodeBase), Object(Phan\Language\Context), Object(ast\Node))
#4 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1559): Phan\Plugin\ConfigPluginSet->preAnalyzeNode(Object(Phan\CodeBase), Object(Phan\Language\Context), Object(ast\Node))
#5 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1477): Phan\BlockAnalysisVisitor->preOrderAnalyze(Object(Phan\Language\Context), Object(ast\Node))
#6 /opt/phan/vendor/phan/phan/src/Phan/AST/Visitor/KindVisitorImplementation.php(32): Phan\BlockAnalysisVisitor->visitMethod(Object(ast\Node))
#7 /opt/phan/vendor/phan/phan/src/Phan/Analysis/Analyzable.php(132): Phan\AST\Visitor\KindVisitorImplementation->__invoke(Object(ast\Node))
#8 /opt/phan/vendor/phan/phan/src/Phan/Language/Element/FunctionTrait.php(949): Phan\Language\Element\Method->analyze(Object(Phan\Language\Context), Object(Phan\CodeBase))
#9 /opt/phan/vendor/phan/phan/src/Phan/Analysis/PostOrderAnalysisVisitor.php(3485): Phan\Language\Element\Method->analyzeWithNewParams(Object(Phan\Language\Context), Object(Phan\CodeBase), Array)
#10 /opt/phan/vendor/phan/phan/src/Phan/Analysis/PostOrderAnalysisVisitor.php(3070): Phan\Analysis\PostOrderAnalysisVisitor->analyzeMethodWithArgumentTypes(Object(ast\Node), Object(Phan\Language\Element\Method))
#11 /opt/phan/vendor/phan/phan/src/Phan/Analysis/PostOrderAnalysisVisitor.php(2568): Phan\Analysis\PostOrderAnalysisVisitor->analyzeCallToFunctionLike(Object(Phan\Language\Element\Method), Object(ast\Node))
#12 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1588): Phan\Analysis\PostOrderAnalysisVisitor->visitMethodCall(Object(ast\Node))
#13 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(424): Phan\BlockAnalysisVisitor->postOrderAnalyze(Object(Phan\Language\Context), Object(ast\Node))
#14 /opt/phan/vendor/phan/phan/src/Phan/AST/Visitor/KindVisitorImplementation.php(236): Phan\BlockAnalysisVisitor->visit(Object(ast\Node))
#15 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\AST\Visitor\KindVisitorImplementation->visitMethodCall(Object(ast\Node))
#16 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(222): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#17 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\BlockAnalysisVisitor->visitStmtList(Object(ast\Node))
#18 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(711): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#19 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\BlockAnalysisVisitor->visitIfElem(Object(ast\Node))
#20 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1000): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#21 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\BlockAnalysisVisitor->visitIf(Object(ast\Node))
#22 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(222): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#23 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\BlockAnalysisVisitor->visitStmtList(Object(ast\Node))
#24 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1490): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#25 /opt/phan/vendor/phan/phan/src/Phan/AST/Visitor/KindVisitorImplementation.php(32): Phan\BlockAnalysisVisitor->visitMethod(Object(ast\Node))
#26 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessBaseVisitor.php(582): Phan\AST\Visitor\KindVisitorImplementation->__invoke(Object(ast\Node))
#27 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessBaseVisitor.php(1283): TaintednessVisitor->analyzeFunc(Object(Phan\Language\Element\Method))
#28 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessBaseVisitor.php(2041): TaintednessVisitor->markAllDependentVarsYes(Object(Phan\Language\Element\Method), 0, 1572864)
#29 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessVisitor.php(730): TaintednessVisitor->handleMethodCall(Object(Phan\Language\Element\Method), Object(Phan\Language\FQSEN\FullyQualifiedMethodName), Array, Array)
#30 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/MWVisitor.php(49): TaintednessVisitor->visitMethodCall(Object(ast\Node))
#31 /opt/phan/vendor/phan/phan/src/Phan/Plugin/ConfigPluginSet.php(1096): MWVisitor->visitMethodCall(Object(ast\Node))
#32 /opt/phan/vendor/phan/phan/src/Phan/Plugin/ConfigPluginSet.php(285): MWVisitor::Phan\Plugin\{closure}(Object(Phan\CodeBase), Object(Phan\Language\Context), Object(ast\Node), Array)
#33 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1595): Phan\Plugin\ConfigPluginSet->postAnalyzeNode(Object(Phan\CodeBase), Object(Phan\Language\Context), Object(ast\Node), Array)
#34 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(424): Phan\BlockAnalysisVisitor->postOrderAnalyze(Object(Phan\Language\Context), Object(ast\Node))
#35 /opt/phan/vendor/phan/phan/src/Phan/AST/Visitor/KindVisitorImplementation.php(236): Phan\BlockAnalysisVisitor->visit(Object(ast\Node))
#36 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\AST\Visitor\KindVisitorImplementation->visitMethodCall(Object(ast\Node))
#37 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(222): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#38 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\BlockAnalysisVisitor->visitStmtList(Object(ast\Node))
#39 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1490): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#40 /opt/phan/vendor/phan/phan/src/Phan/AST/Visitor/KindVisitorImplementation.php(32): Phan\BlockAnalysisVisitor->visitMethod(Object(ast\Node))
#41 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessBaseVisitor.php(582): Phan\AST\Visitor\KindVisitorImplementation->__invoke(Object(ast\Node))
#42 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessBaseVisitor.php(1283): TaintednessVisitor->analyzeFunc(Object(Phan\Language\Element\Method))
#43 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessBaseVisitor.php(2041): TaintednessVisitor->markAllDependentVarsYes(Object(Phan\Language\Element\Method), 0, 524288)
#44 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessVisitor.php(730): TaintednessVisitor->handleMethodCall(Object(Phan\Language\Element\Method), Object(Phan\Language\FQSEN\FullyQualifiedMethodName), Array, Array)
#45 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/MWVisitor.php(49): TaintednessVisitor->visitMethodCall(Object(ast\Node))
#46 /opt/phan/vendor/phan/phan/src/Phan/Plugin/ConfigPluginSet.php(1096): MWVisitor->visitMethodCall(Object(ast\Node))
#47 /opt/phan/vendor/phan/phan/src/Phan/Plugin/ConfigPluginSet.php(285): MWVisitor::Phan\Plugin\{closure}(Object(Phan\CodeBase), Object(Phan\Language\Context), Object(ast\Node), Array)
#48 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1595): Phan\Plugin\ConfigPluginSet->postAnalyzeNode(Object(Phan\CodeBase), Object(Phan\Language\Context), Object(ast\Node), Array)
#49 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(424): Phan\BlockAnalysisVisitor->postOrderAnalyze(Object(Phan\Language\Context), Object(ast\Node))
#50 /opt/phan/vendor/phan/phan/src/Phan/AST/Visitor/KindVisitorImplementation.php(236): Phan\BlockAnalysisVisitor->visit(Object(ast\Node))
#51 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\AST\Visitor\KindVisitorImplementation->visitMethodCall(Object(ast\Node))
#52 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(222): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#53 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\BlockAnalysisVisitor->visitStmtList(Object(ast\Node))
#54 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1490): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#55 /opt/phan/vendor/phan/phan/src/Phan/AST/Visitor/KindVisitorImplementation.php(32): Phan\BlockAnalysisVisitor->visitMethod(Object(ast\Node))
#56 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessBaseVisitor.php(582): Phan\AST\Visitor\KindVisitorImplementation->__invoke(Object(ast\Node))
#57 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessBaseVisitor.php(1283): TaintednessVisitor->analyzeFunc(Object(Phan\Language\Element\Method))
#58 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessBaseVisitor.php(2041): TaintednessVisitor->markAllDependentVarsYes(Object(Phan\Language\Element\Method), 0, 524288)
#59 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessVisitor.php(730): TaintednessVisitor->handleMethodCall(Object(Phan\Language\Element\Method), Object(Phan\Language\FQSEN\FullyQualifiedMethodName), Array, Array)
#60 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/MWVisitor.php(49): TaintednessVisitor->visitMethodCall(Object(ast\Node))
#61 /opt/phan/vendor/phan/phan/src/Phan/Plugin/ConfigPluginSet.php(1096): MWVisitor->visitMethodCall(Object(ast\Node))
#62 /opt/phan/vendor/phan/phan/src/Phan/Plugin/ConfigPluginSet.php(285): MWVisitor::Phan\Plugin\{closure}(Object(Phan\CodeBase), Object(Phan\Language\Context), Object(ast\Node), Array)
#63 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1595): Phan\Plugin\ConfigPluginSet->postAnalyzeNode(Object(Phan\CodeBase), Object(Phan\Language\Context), Object(ast\Node), Array)
#64 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(424): Phan\BlockAnalysisVisitor->postOrderAnalyze(Object(Phan\Language\Context), Object(ast\Node))
#65 /opt/phan/vendor/phan/phan/src/Phan/AST/Visitor/KindVisitorImplementation.php(236): Phan\BlockAnalysisVisitor->visit(Object(ast\Node))
#66 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\AST\Visitor\KindVisitorImplementation->visitMethodCall(Object(ast\Node))
#67 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(222): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#68 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\BlockAnalysisVisitor->visitStmtList(Object(ast\Node))
#69 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1490): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#70 /opt/phan/vendor/phan/phan/src/Phan/AST/Visitor/KindVisitorImplementation.php(32): Phan\BlockAnalysisVisitor->visitMethod(Object(ast\Node))
#71 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessBaseVisitor.php(582): Phan\AST\Visitor\KindVisitorImplementation->__invoke(Object(ast\Node))
#72 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessBaseVisitor.php(535): TaintednessVisitor->analyzeFunc(Object(Phan\Language\Element\Method))
#73 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessVisitor.php(715): TaintednessVisitor->getTaintOfFunction(Object(Phan\Language\Element\Method))
#74 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/MWVisitor.php(49): TaintednessVisitor->visitMethodCall(Object(ast\Node))
#75 /opt/phan/vendor/phan/phan/src/Phan/Plugin/ConfigPluginSet.php(1096): MWVisitor->visitMethodCall(Object(ast\Node))
#76 /opt/phan/vendor/phan/phan/src/Phan/Plugin/ConfigPluginSet.php(285): MWVisitor::Phan\Plugin\{closure}(Object(Phan\CodeBase), Object(Phan\Language\Context), Object(ast\Node), Array)
#77 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1595): Phan\Plugin\ConfigPluginSet->postAnalyzeNode(Object(Phan\CodeBase), Object(Phan\Language\Context), Object(ast\Node), Array)
#78 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(424): Phan\BlockAnalysisVisitor->postOrderAnalyze(Object(Phan\Language\Context), Object(ast\Node))
#79 /opt/phan/vendor/phan/phan/src/Phan/AST/Visitor/KindVisitorImplementation.php(236): Phan\BlockAnalysisVisitor->visit(Object(ast\Node))
#80 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\AST\Visitor\KindVisitorImplementation->visitMethodCall(Object(ast\Node))
#81 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(222): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#82 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\BlockAnalysisVisitor->visitStmtList(Object(ast\Node))
#83 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(711): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#84 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\BlockAnalysisVisitor->visitIfElem(Object(ast\Node))
#85 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1000): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#86 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\BlockAnalysisVisitor->visitIf(Object(ast\Node))
#87 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(222): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#88 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\BlockAnalysisVisitor->visitStmtList(Object(ast\Node))
#89 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1490): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#90 /opt/phan/vendor/phan/phan/src/Phan/AST/Visitor/KindVisitorImplementation.php(32): Phan\BlockAnalysisVisitor->visitMethod(Object(ast\Node))
#91 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessBaseVisitor.php(582): Phan\AST\Visitor\KindVisitorImplementation->__invoke(Object(ast\Node))
#92 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessBaseVisitor.php(535): TaintednessVisitor->analyzeFunc(Object(Phan\Language\Element\Method))
#93 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/TaintednessVisitor.php(715): TaintednessVisitor->getTaintOfFunction(Object(Phan\Language\Element\Method))
#94 /opt/phan/vendor/mediawiki/phan-taint-check-plugin/src/MWVisitor.php(49): TaintednessVisitor->visitMethodCall(Object(ast\Node))
#95 /opt/phan/vendor/phan/phan/src/Phan/Plugin/ConfigPluginSet.php(1096): MWVisitor->visitMethodCall(Object(ast\Node))
#96 /opt/phan/vendor/phan/phan/src/Phan/Plugin/ConfigPluginSet.php(285): MWVisitor::Phan\Plugin\{closure}(Object(Phan\CodeBase), Object(Phan\Language\Context), Object(ast\Node), Array)
#97 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1595): Phan\Plugin\ConfigPluginSet->postAnalyzeNode(Object(Phan\CodeBase), Object(Phan\Language\Context), Object(ast\Node), Array)
#98 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(424): Phan\BlockAnalysisVisitor->postOrderAnalyze(Object(Phan\Language\Context), Object(ast\Node))
#99 /opt/phan/vendor/phan/phan/src/Phan/AST/Visitor/KindVisitorImplementation.php(236): Phan\BlockAnalysisVisitor->visit(Object(ast\Node))
#100 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\AST\Visitor\KindVisitorImplementation->visitMethodCall(Object(ast\Node))
#101 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(222): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#102 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\BlockAnalysisVisitor->visitStmtList(Object(ast\Node))
#103 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1490): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#104 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\BlockAnalysisVisitor->visitMethod(Object(ast\Node))
#105 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(222): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#106 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\BlockAnalysisVisitor->visitStmtList(Object(ast\Node))
#107 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(776): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#108 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(1458): Phan\BlockAnalysisVisitor->visitClosedContext(Object(ast\Node))
#109 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(451): Phan\BlockAnalysisVisitor->visitClass(Object(ast\Node))
#110 /opt/phan/vendor/phan/phan/src/Phan/BlockAnalysisVisitor.php(222): Phan\BlockAnalysisVisitor->analyzeAndGetUpdatedContext(Object(Phan\Language\Context), Object(ast\Node), Object(ast\Node))
#111 /opt/phan/vendor/phan/phan/src/Phan/AST/Visitor/KindVisitorImplementation.php(32): Phan\BlockAnalysisVisitor->visitStmtList(Object(ast\Node))
#112 /opt/phan/vendor/phan/phan/src/Phan/Analysis.php(563): Phan\AST\Visitor\KindVisitorImplementation->__invoke(Object(ast\Node))
#113 /opt/phan/vendor/phan/phan/src/Phan/Phan.php(413): Phan\Analysis::analyzeFile(Object(Phan\CodeBase), 'includes/Specia...', NULL, NULL)
#114 /opt/phan/vendor/phan/phan/src/Phan/Phan.php(467): Phan\Phan::Phan\{closure}(5, 'includes/Specia...')
#115 /opt/phan/vendor/phan/phan/src/Phan/Phan.php(301): Phan\Phan::finishAnalyzingRemainingStatements(Object(Phan\CodeBase), NULL, Array, Array)
#116 /opt/phan/vendor/phan/phan/src/phan.php(34): Phan\Phan::analyzeFileList(Object(Phan\CodeBase), Object(Closure))
#117 /opt/phan/vendor/phan/phan/phan(2): require_once('/opt/phan/vendo...')
#118 {main}

(Phan 1.3.2 crashed due to an uncaught Throwable when parsing/analyzing 'includes/SpecialApiFeatureUsage.php')

Related Objects

Event Timeline

Restricted Application added a project: User-DannyS712. · View Herald TranscriptMay 30 2020, 7:51 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
DannyS712 moved this task from Unsorted to Reports on the User-DannyS712 board.May 30 2020, 7:51 PM
DannyS712 added a subscriber: Daimona.

Occurs on WMF-deployed extensions

Reedy triaged this task as High priority.May 31 2020, 1:43 AM
Reedy added a project: phan-taint-check-plugin.
Daimona claimed this task.May 31 2020, 9:42 AM
Daimona removed a project: phan.

I have seen this sometimes locally. Note that this issue was already fixed in taint-check 3.0.x (r542757); apparently, phan 2.2.9 only made it worse, but the problem already existed on phan 1.3.2.

The only thing we can do is bump taint-check everywhere (T248630). However, since this is causing shared build failures, I'm going to find where exactly the issue originates (likely in MW core), and put a stopgap in place.

It took me a long time to set up taint-check 2.0.1, fix incompatibilities etc., but I finally got it. The faulty method is HookRunner::onGetCacheVaryCookies, and the property being given to it is OutputPage::cacheVaryCookies.

Change 600803 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/core@master] OutputPage: Temporary hack to avoid taint-check crash

https://gerrit.wikimedia.org/r/600803

Change 600803 merged by jenkins-bot:
[mediawiki/core@master] OutputPage: Temporary hack to avoid taint-check crash

https://gerrit.wikimedia.org/r/600803

Daimona closed this task as Resolved.May 31 2020, 11:17 AM

I'm calling this resolved, but this issue may arise again. Upgrading taint-check is the only real solution.

Daimona reopened this task as Open.May 31 2020, 11:26 AM

...QED

\ImageGalleryBase::modeMapping passed to HookRunner::onGalleryGetModes

\ParserOptions::defaults passed to HookRunner::onParserOptionsRegister


The new calling style always triggers this bug in taint-check, so basically any HookRunner method being given a pass-by-ref property will produce a crash.

Found some others as well

Change 600822 had a related patch set uploaded (by DannyS712; owner: DannyS712):
[mediawiki/core@master] Hooks: Don't pass class properties by reference

https://gerrit.wikimedia.org/r/600822

Nikerabbit raised the priority of this task from High to Unbreak Now!.Jun 1 2020, 7:27 AM
Nikerabbit added a subscriber: Nikerabbit.
Restricted Application added a subscriber: Liuxinyu970226. · View Herald TranscriptJun 1 2020, 7:27 AM

Hmmmm can we have an emergency run of LibUp? Several repos were updated manually, and the upgrade seems fairly straightforward.

DannyS712 added a subscriber: Legoktm.

Hmmmm can we have an emergency run of LibUp? Several repos were updated manually, and the upgrade seems fairly straightforward.

@Legoktm ^^

Hmmmm can we have an emergency run of LibUp? Several repos were updated manually, and the upgrade seems fairly straightforward.

I was waiting on your "go" to do the mass upgrade; now configured.

Hmmmm can we have an emergency run of LibUp? Several repos were updated manually, and the upgrade seems fairly straightforward.

I was waiting on your "go" to do the mass upgrade; now configured.

Ah, sorry for the misunderstanding. Yeah, I think you're cleared for takeoff. Also adding the patch to remove taint-check would be great, but it's not necessary given the "emergency"; LibUp can do that next time.

Hmmmm can we have an emergency run of LibUp? Several repos were updated manually, and the upgrade seems fairly straightforward.

I was waiting on your "go" to do the mass upgrade; now configured.

Ah, sorry for the misunderstanding. Yeah, I think you're cleared for takeoff. Also adding the patch to remove taint-check would be great, but it's not necessary given the "emergency"; LibUp can do that next time.

Now underway: https://gerrit.wikimedia.org/r/q/hashtag:%22c%253Bmediawiki%252Fmediawiki-phan-config%253D0.10.2%22+(status:open%20OR%20status:merged)

Note that because phan currently bypasses the composer test checks, LibUp will blindly push patches to try to update this regardless of whether they pass. Oh well. :-)

It's fine, I'll check them manually tomorrow (especially XSSs)

Umherirrender closed this task as Resolved.Jun 4 2020, 8:32 PM
Umherirrender added a subscriber: Umherirrender.

extensions and skins are done, some libs are stalled because seccheck is failing, but there are not using the old seccheck

Change 600822 abandoned by Daimona Eaytoy:
Hooks: Don't pass class properties by reference

Reason:
Doesn't happen in newer taint-check

https://gerrit.wikimedia.org/r/600822