Methods that do actual shell-exec stuff should be annotated as SHELL_EXEC, methods that escape stuff should be annotated as such, etc. The existing annotations should be left in place for older versions of MediaWiki.
Description
Description
Details
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
Hardcode taintedness for new methods in Shellbox | mediawiki/tools/phan/SecurityCheckPlugin | master | +19 -11 |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Joe | T252745 Sandbox/limit child processes within a container runtime | |||
Resolved | tstarling | T260330 RFC: PHP microservice for containerized shell execution | |||
Resolved | Daimona | T273965 Add taintedness data for new methods in Shellbox |
Event Timeline
Comment Actions
Change 661906 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/tools/phan/SecurityCheckPlugin@master] Hardcode taintedness for new methods in Shellbox
Comment Actions
Change 661906 merged by jenkins-bot:
[mediawiki/tools/phan/SecurityCheckPlugin@master] Hardcode taintedness for new methods in Shellbox