Page MenuHomePhabricator

Forbid exec_ taints in @return-taint
Open, Needs TriagePublicBUG REPORT

Description

As a follow-up to r682168 which removed support internally due to unclear semantic. EXEC bits are already ignored, we should avoid setting them and at least log a debug message (emitting a non-sec issue would be even better).

Event Timeline

Change 719155 had a related patch set uploaded (by Daimona Eaytoy; author: Daimona Eaytoy):

[mediawiki/tools/phan/SecurityCheckPlugin@master] Emit issues for invalid taint annotations

https://gerrit.wikimedia.org/r/719155

Change 719155 merged by jenkins-bot:

[mediawiki/tools/phan/SecurityCheckPlugin@master] Emit issues for invalid taint annotations

https://gerrit.wikimedia.org/r/719155

Change 719224 had a related patch set uploaded (by Daimona Eaytoy; author: Daimona Eaytoy):

[mediawiki/tools/phan/SecurityCheckPlugin@master] Add invalid annotations detection to changelog

https://gerrit.wikimedia.org/r/719224

Change 719224 merged by jenkins-bot:

[mediawiki/tools/phan/SecurityCheckPlugin@master] Add invalid annotations detection to changelog

https://gerrit.wikimedia.org/r/719224