Array shapes not tracked when linking parameters to methods
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Daimona
	Dec 10 2020, 11:40 PM

Description

Not easy to fix because in foreach loops we just merge taint dependencies of the iterable and the key, without remembering that it's just the key and not the whole value.

General support for backpropagating shapes (base, dims, unknown)
Support for keys in shapes
Adjusting LoopVisitor (treat deps the same as Taintedness)

Details

Subject	Repo	Branch	Lines +/-
Handle unknown offsets in getRelevantLinksForTaintedness	mediawiki/tools/phan/SecurityCheckPlugin	master	+108 -28
Improve handling of key links	mediawiki/tools/phan/SecurityCheckPlugin	master	+27 -28
Implement backpropagation of key links	mediawiki/tools/phan/SecurityCheckPlugin	master	+180 -50
Track partial link dependencies in `return` statements	mediawiki/tools/phan/SecurityCheckPlugin	master	+219 -12
Implement partial parameter dependencies	mediawiki/tools/phan/SecurityCheckPlugin	master	+591 -40
Implement offset-wise backpropagation for the EXECed statement	mediawiki/tools/phan/SecurityCheckPlugin	master	+131 -27
[WIP] Shape dependencies	mediawiki/tools/phan/SecurityCheckPlugin	master	+74 -0

Customize query in gerrit

Related Objects

Mentioned In: rMTPS7136b598312a: Implement offset-wise backpropagation for the EXECed statement
rMTPS54cd03d6b561: Minor fixes re backpropagation
T274780: Correctly process argument links when backpropagating EXEC taintedness

Event Timeline

Daimona created this task.Dec 10 2020, 11:40 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 10 2020, 11:40 PM

Change 647839 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/tools/phan/SecurityCheckPlugin@master] [WIP] Keys dependencies

https://gerrit.wikimedia.org/r/647839

gerritbot added a project: Patch-For-Review.Dec 10 2020, 11:41 PM

Daimona renamed this task from False positives due to arraay keys and values being mixed together to False positives due to array keys and values being mixed together.Dec 11 2020, 12:27 AM

Note to self: array offsets might be affected by the same problem.

Daimona renamed this task from False positives due to array keys and values being mixed together to Array shapes not tracked when linking parameters to methods.Dec 11 2020, 4:30 PM

Daimona mentioned this in T274780: Correctly process argument links when backpropagating EXEC taintedness.Feb 15 2021, 12:44 PM

Change 671616 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/tools/phan/SecurityCheckPlugin@master] Implement offset-wise backpropagation in some cases

https://gerrit.wikimedia.org/r/671616

Change 647839 abandoned by Daimona Eaytoy:
[mediawiki/tools/phan/SecurityCheckPlugin@master] [WIP] Shape dependencies

Reason:
Mostly done at Ib563bf8ab381074fa8dbc3cf9aaf940d5bbc7e06

https://gerrit.wikimedia.org/r/647839

Change 673339 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/tools/phan/SecurityCheckPlugin@master] [WIP] Correctly backprop offset taintedness, part 2

https://gerrit.wikimedia.org/r/673339

Change 673551 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/tools/phan/SecurityCheckPlugin@master] Improve offset backpropagation in method calls

https://gerrit.wikimedia.org/r/673551

Daimona mentioned this in rMTPS54cd03d6b561: Minor fixes re backpropagation.Mar 19 2021, 7:50 PM

Change 671616 merged by jenkins-bot:

[mediawiki/tools/phan/SecurityCheckPlugin@master] Implement offset-wise backpropagation for the EXECed statement

https://gerrit.wikimedia.org/r/671616

Daimona mentioned this in rMTPS7136b598312a: Implement offset-wise backpropagation for the EXECed statement.Apr 17 2021, 3:07 PM

Change 673339 merged by jenkins-bot:

[mediawiki/tools/phan/SecurityCheckPlugin@master] Implement partial parameter dependencies

https://gerrit.wikimedia.org/r/673339

Change 673551 merged by jenkins-bot:

[mediawiki/tools/phan/SecurityCheckPlugin@master] Track partial link dependencies in `return` statements

https://gerrit.wikimedia.org/r/673551

Daimona updated the task description. (Show Details)Apr 17 2021, 5:39 PM

Daimona moved this task from Backlog to Plugin itself on the phan-taint-check-plugin board.Oct 15 2022, 5:20 PM

Change 736010 had a related patch set uploaded (by Daimona Eaytoy; author: Daimona Eaytoy):

[mediawiki/tools/phan/SecurityCheckPlugin@master] [WIP] Keys links

https://gerrit.wikimedia.org/r/736010

Daimona claimed this task.Oct 15 2022, 5:27 PM

Change 960752 had a related patch set uploaded (by Daimona Eaytoy; author: Daimona Eaytoy):

[mediawiki/tools/phan/SecurityCheckPlugin@master] Improve handling of key links

https://gerrit.wikimedia.org/r/960752

Change 736010 merged by jenkins-bot:

[mediawiki/tools/phan/SecurityCheckPlugin@master] Implement backpropagation of key links

https://gerrit.wikimedia.org/r/736010

Change 960752 merged by jenkins-bot:

[mediawiki/tools/phan/SecurityCheckPlugin@master] Improve handling of key links

https://gerrit.wikimedia.org/r/960752

Maintenance_bot removed a project: Patch-For-Review.Sep 26 2023, 2:33 PM

Change 961243 had a related patch set uploaded (by Daimona Eaytoy; author: Daimona Eaytoy):

[mediawiki/tools/phan/SecurityCheckPlugin@master] Handle unknown offsets in getRelevantLinksForTaintedness

https://gerrit.wikimedia.org/r/961243

gerritbot added a project: Patch-For-Review.Sep 26 2023, 9:30 PM

Change 961243 merged by jenkins-bot:

[mediawiki/tools/phan/SecurityCheckPlugin@master] Handle unknown offsets in getRelevantLinksForTaintedness

https://gerrit.wikimedia.org/r/961243

Maintenance_bot removed a project: Patch-For-Review.Sep 27 2023, 3:33 PM

Daimona closed this task as Resolved.Sep 27 2023, 4:02 PM

Daimona updated the task description. (Show Details)

Array shapes not tracked when linking parameters to methodsClosed, ResolvedPublicActions

Description

Details

Related Objects

Event Timeline

Array shapes not tracked when linking parameters to methods
Closed, ResolvedPublic
Actions