Add taintedness data for new methods in Shellbox
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Daimona
	Feb 5 2021, 11:40 AM

Description

Methods that do actual shell-exec stuff should be annotated as SHELL_EXEC, methods that escape stuff should be annotated as such, etc. The existing annotations should be left in place for older versions of MediaWiki.

Details

	Subject	Repo	Branch	Lines +/-
	Hardcode taintedness for new methods in Shellbox	mediawiki/tools/phan/SecurityCheckPlugin	master	+19 -11

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Resolved	Joe	T252745 Sandbox/limit child processes within a container runtime
Resolved	tstarling	T260330 RFC: PHP microservice for containerized shell execution
Resolved	Daimona	T273965 Add taintedness data for new methods in Shellbox

Event Timeline

Daimona created this task.Feb 5 2021, 11:40 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 5 2021, 11:41 AM

Daimona added a parent task: T260330: RFC: PHP microservice for containerized shell execution.Feb 5 2021, 11:41 AM

Change 661906 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/tools/phan/SecurityCheckPlugin@master] Hardcode taintedness for new methods in Shellbox

https://gerrit.wikimedia.org/r/661906

gerritbot added a project: Patch-For-Review.Feb 5 2021, 11:51 AM

Daimona claimed this task.Feb 5 2021, 11:51 AM

Change 661906 merged by jenkins-bot:
[mediawiki/tools/phan/SecurityCheckPlugin@master] Hardcode taintedness for new methods in Shellbox

https://gerrit.wikimedia.org/r/661906

Daimona closed this task as Resolved.Mar 19 2021, 7:46 PM

Daimona removed a project: Patch-For-Review.

Jdforrester-WMF mentioned this in rMTPS3f820eb49d5a: Hardcode taintedness for new methods in Shellbox.Mar 19 2021, 7:50 PM

Daimona moved this task from Backlog to MediaWiki mode on the phan-taint-check-plugin board.Oct 15 2022, 4:56 PM