Page MenuHomePhabricator
Create Task
Maniphest T356824

Unsuppressable DoubleEscaped warnings
Closed, ResolvedPublic
Actions

Description

I'm getting a bunch of phan unneeded suppression errors on an unrelated patch:

15:56:59 includes/GlobalRename/GlobalRenameLogFormatter.php:23 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-DoubleEscaped on this line but this suppression is unused or suppressed elsewhere
15:56:59 includes/GlobalRename/GlobalRenameLogFormatter.php:27 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-DoubleEscaped on this line but this suppression is unused or suppressed elsewhere
15:56:59 includes/GlobalRename/GlobalRenameLogFormatter.php:30 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-DoubleEscaped on this line but this suppression is unused or suppressed elsewhere
15:56:59 includes/LogFormatter/GlobalUserMergeLogFormatter.php:19 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-XSS on this line but this suppression is unused or suppressed elsewhere
15:56:59 includes/LogFormatter/WikiSetLogFormatter.php:61 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-DoubleEscaped on this line but this suppression is unused or suppressed elsewhere
15:56:59 includes/LogFormatter/WikiSetLogFormatter.php:71 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-DoubleEscaped on this line but this suppression is unused or suppressed elsewhere
15:56:59 includes/LogFormatter/WikiSetLogFormatter.php:88 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-DoubleEscaped on this line but this suppression is unused or suppressed elsewhere
15:56:59 includes/LogFormatter/WikiSetLogFormatter.php:100 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-DoubleEscaped on this line but this suppression is unused or suppressed elsewhere
15:56:59 includes/LogFormatter/WikiSetLogFormatter.php:110 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-DoubleEscaped on this line but this suppression is unused or suppressed elsewhere

If I try to remove the suppressions, I get errors about them not being there:

15:23:08 includes/GlobalRename/GlobalRenameLogFormatter.php:23 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getLocalWikiLink() in \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getMessageParameters that outputs using tainted argument #1 (`$params[3]`). (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +58; ../../includes/WikiMap/WikiMap.php +140; ../../includes/WikiMap/WikiMap.php +161; ../../includes/WikiMap/WikiMap.php +153; ../../includes/linker/Linker.php +1146; includes/GlobalRename/GlobalRenameLogFormatter.php +53; ../../includes/WikiMap/WikiMap.php +140; ../../includes/WikiMap/WikiMap.php +161; ../../includes/WikiMap/WikiMap.php +153; ../../includes/linker/Linker.php +1146) (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +20; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097)
15:23:08 includes/GlobalRename/GlobalRenameLogFormatter.php:23 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getLocalWikiLink() in \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getMessageParameters that outputs using tainted argument #2 (`$params[5]`). (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +58; includes/GlobalRename/GlobalRenameLogFormatter.php +53; ../../includes/WikiMap/WikiMap.php +140; ../../includes/WikiMap/WikiMap.php +161; ../../includes/WikiMap/WikiMap.php +153; ../../includes/linker/Linker.php +1146) (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +20; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097)
15:23:08 includes/GlobalRename/GlobalRenameLogFormatter.php:23 SecurityCheck-XSS Calling method \Message::rawParam() in \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getMessageParameters that outputs using tainted argument #1. (Caused by: ../../includes/language/Message.php +1145) (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +20; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +647; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +650; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +657; ../../includes/user/User.php +1598; ../../includes/user/User.php +424; ../../includes/user/User.php +415; ../../includes/libs/rdbms/querybuilder/SelectQueryBuilder.php +769; ../../includes/user/User.php +1607; ../../includes/logging/LogFormatter.php +665; ../../includes/language/Message.php +1060; includes/GlobalRename/GlobalRenameLogFormatter.php +55; includes/GlobalRename/GlobalRenameLogFormatter.php +53)
15:23:08 includes/GlobalRename/GlobalRenameLogFormatter.php:26 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getCentralAuthLink() in \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getMessageParameters that outputs using tainted argument #1 (`$params[3]`). (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +44; ../../includes/linker/LinkRenderer.php +179) (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +20; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097)
15:23:08 includes/GlobalRename/GlobalRenameLogFormatter.php:28 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getCentralAuthLink() in \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getMessageParameters that outputs using tainted argument #1 (`$params[4]`). (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +44; ../../includes/linker/LinkRenderer.php +179) (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +20; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097)
15:23:08 includes/LogFormatter/GlobalUserMergeLogFormatter.php:19 SecurityCheck-XSS Calling method \Message::rawParam() in \MediaWiki\Extension\CentralAuth\LogFormatter\GlobalUserMergeLogFormatter::extractParameters that outputs using tainted argument #1. (Caused by: ../../includes/language/Message.php +1145) (Caused by: includes/LogFormatter/GlobalUserMergeLogFormatter.php +16; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +647; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +650; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +657; ../../includes/user/User.php +1598; ../../includes/user/User.php +424; ../../includes/user/User.php +415; ../../includes/libs/rdbms/querybuilder/SelectQueryBuilder.php +769; ../../includes/user/User.php +1607; ../../includes/logging/LogFormatter.php +665; ../../includes/language/Message.php +1060; ../../includes/language/Language.php +3310)
15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:61 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::formatWikiSetLink() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1 (`$params[3]`). (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +26) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097)
15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:61 SecurityCheck-XSS Calling method \Message::rawParam() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1. (Caused by: ../../includes/language/Message.php +1145) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +647; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +650; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +657; ../../includes/user/User.php +1598; ../../includes/user/User.php +424; ../../includes/user/User.php +415; ../../includes/libs/rdbms/querybuilder/SelectQueryBuilder.php +769; ../../includes/user/User.php +1607; ../../includes/logging/LogFormatter.php +665; ../../includes/language/Message.php +1060; includes/LogFormatter/WikiSetLogFormatter.php +28)
15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:70 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::formatWikiSetLink() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1 (`$params[3]`). (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +26) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097)
15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:70 SecurityCheck-XSS Calling method \Message::rawParam() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1. (Caused by: ../../includes/language/Message.php +1145) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +647; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +650; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +657; ../../includes/user/User.php +1598; ../../includes/user/User.php +424; ../../includes/user/User.php +415; ../../includes/libs/rdbms/querybuilder/SelectQueryBuilder.php +769; ../../includes/user/User.php +1607; ../../includes/logging/LogFormatter.php +665; ../../includes/language/Message.php +1060; includes/LogFormatter/WikiSetLogFormatter.php +28)
15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:86 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::formatWikiSetLink() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1 (`$params[3]`). (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +26) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097)
15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:86 SecurityCheck-XSS Calling method \Message::rawParam() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1. (Caused by: ../../includes/language/Message.php +1145) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +647; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +650; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +657; ../../includes/user/User.php +1598; ../../includes/user/User.php +424; ../../includes/user/User.php +415; ../../includes/libs/rdbms/querybuilder/SelectQueryBuilder.php +769; ../../includes/user/User.php +1607; ../../includes/logging/LogFormatter.php +665; ../../includes/language/Message.php +1060; includes/LogFormatter/WikiSetLogFormatter.php +28)
15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:97 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::formatWikiSetLink() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1 (`$params[3]`). (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +26) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097)
15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:97 SecurityCheck-XSS Calling method \Message::rawParam() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1. (Caused by: ../../includes/language/Message.php +1145) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +647; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +650; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +657; ../../includes/user/User.php +1598; ../../includes/user/User.php +424; ../../includes/user/User.php +415; ../../includes/libs/rdbms/querybuilder/SelectQueryBuilder.php +769; ../../includes/user/User.php +1607; ../../includes/logging/LogFormatter.php +665; ../../includes/language/Message.php +1060; includes/LogFormatter/WikiSetLogFormatter.php +28)
15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:106 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::formatWikiSetLink() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1 (`$params[3]`). (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +26) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097)
15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:106 SecurityCheck-XSS Calling method \Message::rawParam() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1. (Caused by: ../../includes/language/Message.php +1145) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +647; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +650; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +657; ../../includes/user/User.php +1598; ../../includes/user/User.php +424; ../../includes/user/User.php +415; ../../includes/libs/rdbms/querybuilder/SelectQueryBuilder.php +769; ../../includes/user/User.php +1607; ../../includes/logging/LogFormatter.php +665; ../../includes/language/Message.php +1060; includes/LogFormatter/WikiSetLogFormatter.php +28)

Details

SubjectRepoBranchLines +/-
Add more manual taint annotations in LogFormatter classesmediawiki/extensions/CentralAuthmaster+26 -18
Drop unneeded phan DoubleEscaped suppressionsmediawiki/extensions/CentralAuthmaster+6 -8
Customize query in gerrit

Event Timeline

Tgr created this task.Feb 7 2024, 12:08 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 7 2024, 12:08 AM
matmarex subscribed.Feb 7 2024, 12:41 PM

MediaWiki core has a different way to suppress the false positives caused by the $this->plaintext pattern, which seems to work better: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/444452

Daimona subscribed.Feb 7 2024, 3:09 PM

I downloaded that patch and was able to reproduce the unusedsuppression issues. Then I did something while trying to fix it, and at some point I was no longer able to reproduce. I redownloaded everything from gerrit and am still unable to reproduce the warnings in the first place. I've no idea what happened though...

sbassett subscribed.EditedFeb 7 2024, 10:27 PM

Like @Daimona, I played around with this locally and could not reproduce the issue, even when cloning all of the same extensions and mediawiki/vendor that mwext-php74-phan-docker does and running releng/mediawiki-phan-php74:0.2.3 against CentralAuth directly via docker run. But then I noticed in the jenkins console output for the first round of failing tests for c997980 that phan was only complaining about the missing SecurityCheck-XSS suppressions and not the SecurityCheck-DoubleEscaped suppressions. So I uploaded a new PS which seems to test fine.

Daimona added a comment.Feb 7 2024, 10:57 PM
In T356824#9522994, @sbassett wrote:

Like @Daimona, I played around with this locally and could not reproduce the issue

The weird thing is, I could apparently reproduced. As in, I downloaded the patches, run phan, and got unused suppression issues. Then I fiddled with the config a bit (mostly to avoid unwanted issues from having multiple composer directories), tried removing the suppressions, and got the (un?)expected phan issues. Around this point, I started suspecting something like what you observed:

phan was only complaining about the missing SecurityCheck-XSS suppressions and not the SecurityCheck-DoubleEscaped suppressions.

So I thought, well fine, let me see if I can just selectively suppress what's actually reported as unused. Here I messed up a bit and had a couple ctrl-z back-and-forths in both the extension code and the phan config. When I re-ran phan, I would get no issue at all -- neither the unusedsuppression ones, nor the "real" issues. I tried everything I could think of (re-downloading both patches, reinstalling all composer dependencies for both CA and core, etc.), but none of this worked, and I'm still not getting issues of any sort.

Nonetheless, since your patch is passing CI, it does confirm that only some suppressed issues have become redundant.

gerritbot added a comment.Feb 8 2024, 12:07 AM

Change 997980 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/CentralAuth@master] Drop unneeded phan DoubleEscaped suppressions

https://gerrit.wikimedia.org/r/997980

gerritbot added a project: Patch-For-Review.Feb 8 2024, 12:07 AM
Tgr added a comment.Feb 8 2024, 12:08 AM
In T356824#9522994, @sbassett wrote:

So I uploaded a new PS which seems to test fine.

It didn't make it through the gate test, and now it's failing again. Maybe it's nondeterministic (although that would be surprising for a phan test). Or maybe something relevant is being actively worked on in core.

Daimona added a comment.Feb 8 2024, 12:52 AM
In T356824#9523224, @Tgr wrote:
In T356824#9522994, @sbassett wrote:

So I uploaded a new PS which seems to test fine.

It didn't make it through the gate test, and now it's failing again. Maybe it's nondeterministic (although that would be surprising for a phan test). Or maybe something relevant is being actively worked on in core.

I think it is deterministic, but it needs the depends-on on r995184. CI seems green for CentralAuth master without that core patch.

As to why the core patch is needed: I don't really know, but something in the core patch changes the way that phan/taint-check analyze the LogFormatter subclasses. I don't know anything more (and nothing stands out in the core patch), but I wouldn't worry about it because most issues in LogFormatter subclasses are false positives caused by $this->plaintext.

Daimona added a comment.Feb 8 2024, 12:54 AM

Also interesting to note that the now-unneeded suppression have been added back in September in r960686, most probably as a consequence of another core change.

gerritbot added a comment.Feb 14 2024, 11:00 PM

Change 997980 abandoned by Bartosz Dziewoński:

[mediawiki/extensions/CentralAuth@master] Drop unneeded phan DoubleEscaped suppressions

Reason:

No longer needed?

https://gerrit.wikimedia.org/r/997980

matmarex added a comment.Feb 14 2024, 11:00 PM

It looks like the latest version of the core patch is no longer causing Phan errors about unused suppressions. Hopefully this wasn't some nondeterministic pixies, but just some change between patchsets causing Phan's analysis to change, and hopefully it stays that way.

In T356824#9523403, @Daimona wrote:

Also interesting to note that the now-unneeded suppression have been added back in September in r960686, most probably as a consequence of another core change.

Indeed, and if you look at the comments there, they were removed just a few months before that in https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/921591.

In T356824#9520765, @matmarex wrote:

MediaWiki core has a different way to suppress the false positives caused by the $this->plaintext pattern, which seems to work better: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/444452

I'll give it a try. Hopefully this one doesn't fluctuate twice a year.

Maintenance_bot removed a project: Patch-For-Review.Feb 14 2024, 11:30 PM
gerritbot added a comment.Feb 14 2024, 11:33 PM

Change 1003566 had a related patch set uploaded (by Bartosz Dziewoński; author: Bartosz Dziewoński):

[mediawiki/extensions/CentralAuth@master] Add more manual taint annotations in LogFormatter classes

https://gerrit.wikimedia.org/r/1003566

gerritbot added a project: Patch-For-Review.Feb 14 2024, 11:33 PM
gerritbot added a comment.Feb 15 2024, 1:17 PM

Change 1003566 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] Add more manual taint annotations in LogFormatter classes

https://gerrit.wikimedia.org/r/1003566

Maintenance_bot removed a project: Patch-For-Review.Feb 15 2024, 1:30 PM
matmarex closed this task as Resolved.Feb 15 2024, 1:55 PM
ReleaseTaggerBot added a project: MW-1.42-notes (1.42.0-wmf.19; 2024-02-20).Feb 15 2024, 2:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL