Page MenuHomePhabricator

Make taint-check understand IDatabase::insert with multiple rows
Open, Needs TriagePublicBUG REPORT

Description

See code comment:

'\Wikimedia\Rdbms\IDatabase::insert' => [
	self::SQL_EXEC_TAINT, // table name
	// FIXME This doesn't correctly work
	// when inserting multiple things at once.
	self::SQL_NUMKEY_EXEC_TAINT,
	self::SQL_EXEC_TAINT, // method name
	self::SQL_EXEC_TAINT, // options. They are not escaped
	'overall' => self::NO_TAINT
],

It can cause false positives due to how NUMKEY works.

Event Timeline

See suppressions added in r719481 for a test case.

Change 719511 had a related patch set uploaded (by Daimona Eaytoy; author: Daimona Eaytoy):

[mediawiki/tools/phan/SecurityCheckPlugin@master] [WIP] Insert multiple rows

https://gerrit.wikimedia.org/r/719511