In T216348#6653147, @Umherirrender wrote:13:49:09 includes/jobqueue/utils/BacklinkJobUtils.php:102 SecurityCheck-SQLInjection Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument #1 (`$params['table']`). (Caused by: includes/cache/BacklinkCache.php +443) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)This could be a false positive: Variable $params has taintedness: YES
In T216348#6653391, @Umherirrender wrote:In T216348#6653388, @Daimona wrote:In T216348#6653147, @Umherirrender wrote:13:49:09 includes/jobqueue/utils/BacklinkJobUtils.php:102 SecurityCheck-SQLInjection Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument #1 (`$params['table']`). (Caused by: includes/cache/BacklinkCache.php +443) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)This could be a false positive: Variable $params has taintedness: YES
The annotation still doesn't print the whole taintedness object. Could you please tryapplying the following hack to vendor/mediawiki/phan-taint-check-plugin/src/SecurityCheckPlugin.php
$msg = "Variable {CODE} has taintedness: {DETAILS}"; // Line 246 echo "\n\n$taint\n\n"; // Add this lineand then re-running phan. It should print the whole shape.
$taint is equal to {DETAILS}, but what about var_export( $var->taintedness )?
SecurityCheckPlugin\Taintedness::__set_state(array( 'flags' => 43688, 'dimTaint' => array ( 'namespace' => SecurityCheckPlugin\Taintedness::__set_state(array( 'flags' => 0, 'dimTaint' => array ( ), 'unknownDimsTaint' => 0, )), 'title' => SecurityCheckPlugin\Taintedness::__set_state(array( 'flags' => 0, 'dimTaint' => array ( ), 'unknownDimsTaint' => 0, )), 'requestId' => SecurityCheckPlugin\Taintedness::__set_state(array( 'flags' => 43688, 'dimTaint' => array ( ), 'unknownDimsTaint' => 0, )), ), 'unknownDimsTaint' => 0, ))In Job.php:
$this->params = $params + [ 'requestId' => WebRequest::getRequestId() ];When comment out that line, everything is fine ...
In T216348#6653394, @Daimona wrote:In T216348#6653391, @Umherirrender wrote:$taint is equal to {DETAILS}, but what about var_export( $var->taintedness )?
Oh yes, I meant $var->taintedness. No need to var_export it though, it has a __toString() which pretty-prints the object.
[ object snip ]
Seems like it's picking up taintedness in an offset it can't resolve.
In Job.php:
$this->params = $params + [ 'requestId' => WebRequest::getRequestId() ];When comment out that line, everything is fine ...
I'd have to investigate, could you please copy these comments to a new task while I take a look?
pretty print:
{ Own taint: YES Unknown keys: NONE Keys: { namespace => { Own taint: NONE Unknown keys: NONE Keys: {} } title => { Own taint: NONE Unknown keys: NONE Keys: {} } requestId => { Own taint: YES Unknown keys: NONE Keys: {} } } }