Change Details

Checking https://gerrit.wikimedia.org/r/#/c/417316/ the [[ https://integration.wikimedia.org/ci/job/mwext-php70-phan-docker/3852/console | output ]] is as follows: ``` <?xml version="1.0" encoding="ISO-8859-15"?> 18:22:31 <checkstyle version="6.5"> 18:22:31 <file name="./includes/specials/SpecialCentralAuth.php"> 18:22:31 <error line="383" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialCentralAuth::showWikiLists that outputs using tainted argument $[arg #1]. (Caused by: ./includes/specials/SpecialCentralAuth.php +374; ./includes/specials/SpecialCentralAuth.php +118)" source="SecurityCheck-XSS"/> 18:22:31 <error line="385" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialCentralAuth::showWikiLists that outputs using tainted argument $[arg #1]. (Caused by: ./includes/specials/SpecialCentralAuth.php +375; ./includes/specials/SpecialCentralAuth.php +128)" source="SecurityCheck-XSS"/> 18:22:31 </file> 18:22:31 <file name="./includes/specials/SpecialCentralAutoLogin.php"> 18:22:31 <error line="158" severity="warning" message="Calling method \SpecialCentralAutoLogin::doFinalOutput() in \SpecialCentralAutoLogin::execute that outputs using tainted argument $json. (Caused by: ./includes/specials/SpecialCentralAutoLogin.php +643; ./includes/specials/SpecialCentralAutoLogin.php +646) (Caused by: ./includes/specials/SpecialCentralAutoLogin.php +151)" source="SecurityCheck-XSS"/> 18:22:31 </file> 18:22:31 <file name="./includes/specials/SpecialGlobalUsers.php"> 18:22:31 <error line="37" severity="warning" message="Calling Method \GlobalUsersPager::getNavigationBar in \SpecialGlobalUsers::execute that is always unsafe " source="SecurityCheck-XSS"/> 18:22:31 <error line="37" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialGlobalUsers::execute that outputs using tainted argument $[arg #1]." source="SecurityCheck-XSS"/> 18:22:31 <error line="38" severity="warning" message="Calling Method \GlobalUsersPager::getNavigationBar in \SpecialGlobalUsers::execute that is always unsafe " source="SecurityCheck-XSS"/> 18:22:31 <error line="39" severity="warning" message="Calling Method \GlobalUsersPager::getNavigationBar in \SpecialGlobalUsers::execute that is always unsafe " source="SecurityCheck-XSS"/> 18:22:31 <error line="41" severity="warning" message="Calling Method \GlobalUsersPager::getNavigationBar in \SpecialGlobalUsers::execute that is always unsafe " source="SecurityCheck-XSS"/> 18:22:31 </file> 18:22:31 <file name="./includes/specials/SpecialMergeAccount.php"> 18:22:31 <error line="245" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialMergeAccount::doDryRunMerge that outputs using tainted argument $[arg #1]. (Caused by: ./includes/specials/SpecialMergeAccount.php +611)" source="SecurityCheck-XSS"/> 18:22:31 <error line="267" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialMergeAccount::doDryRunMerge that outputs using tainted argument $[arg #1]. (Caused by: ./includes/specials/SpecialMergeAccount.php +599)" source="SecurityCheck-XSS"/> 18:22:31 <error line="358" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialMergeAccount::doAttachMerge that outputs using tainted argument $[arg #1]." source="SecurityCheck-XSS"/> 18:22:31 <error line="376" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialMergeAccount::showWelcomeForm that outputs using tainted argument $[arg #1]." source="SecurityCheck-XSS"/> 18:22:31 <error line="398" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialMergeAccount::showAttachForm that outputs using tainted argument $[arg #1]. (Caused by: ./includes/specials/SpecialMergeAccount.php +659)" source="SecurityCheck-XSS"/> 18:22:31 <error line="436" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialMergeAccount::showStatus that outputs using tainted argument $[arg #1]." source="SecurityCheck-XSS"/> 18:22:31 </file> 18:22:31 <file name="./maintenance/migrateStewards.php"> 18:22:31 <error line="52" severity="warning" message="Echoing expression that was not html escaped (Caused by: ./maintenance/migrateStewards.php +46)" source="SecurityCheck-XSS"/> 18:22:31 </file> 18:22:31 </checkstyle> 18:22:32 Build step 'Execute shell' marked build as failure 18:22:32 [CHECKSTYLE] Collecting checkstyle analysis files... 18:22:32 [CHECKSTYLE] Searching for all files in /srv/jenkins-workspace/workspace/mwext-php70-phan-seccheck-docker that match the pattern src/seccheck-issues 18:22:32 [CHECKSTYLE] Parsing 1 file in /srv/jenkins-workspace/workspace/mwext-php70-phan-seccheck-docker 18:22:32 [CHECKSTYLE] Successfully parsed file /srv/jenkins-workspace/workspace/mwext-php70-phan-seccheck-docker/src/seccheck-issues with 15 unique warnings and 0 duplicates. 18:22:32 [CHECKSTYLE] Computing warning deltas based on reference build #32 18:22:32 [CHECKSTYLE] Ignore new warnings since this is the first valid build 18:22:32 [CHECKSTYLE] Plug-in Result: Failed - <a href="checkstyleResult">15 warnings</a> exceed the threshold of 1 by 14 18:22:32 Finished: FAILURE ```

https://integration.wikimedia.org/ci/job/mwext-php70-phan-seccheck-docker/5799/console as of version 1.3.0 ``` <?xml version="1.0" encoding="ISO-8859-15"?> <checkstyle version="6.5"> <file name="./includes/CentralAuthGroupMembershipProxy.php"> <error line="22" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthGroupMembershipProxy::__construct that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/CentralAuthHooks.php"> <error line="383" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthHooks::onSpecialPasswordResetOnSubmit that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="571" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthHooks::doCentralLoginRedirect that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="572" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthHooks::doCentralLoginRedirect that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="573" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthHooks::doCentralLoginRedirect that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="620" severity="warning" message="Calling method \CentralAuthUser::getMasterInstanceByName() in \closure_a93be2a8a1b5 that outputs using tainted argument $username. (Caused by: ./includes/CentralAuthUser.php +160) (Caused by: ./includes/CentralAuthHooks.php +618)" source="SecurityCheck-XSS"/> <error line="1462" severity="warning" message="Calling method \CentralAuthUser::getInstanceByName() in \CentralAuthHooks::onSessionCheckInfo that outputs using tainted argument $name. (Caused by: ./includes/CentralAuthUser.php +132) (Caused by: ./includes/CentralAuthHooks.php +1460)" source="SecurityCheck-XSS"/> </file> <file name="./includes/CentralAuthIdLookup.php"> <error line="35" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthIdLookup::lookupCentralIds that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="72" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthIdLookup::lookupUserNames that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/CentralAuthUser.php"> <error line="120" severity="warning" message="Calling method \CentralAuthUser::getInstanceByName() in \CentralAuthUser::getInstance that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CentralAuthUser.php +132) (Caused by: ../../includes/user/User.php +2454; ../../includes/changes/RecentChange.php +349; ../../includes/user/User.php +401; ../../includes/changes/RecentChange.php +349; ../../includes/user/User.php +401)" source="SecurityCheck-XSS"/> <error line="146" severity="warning" message="Calling method \CentralAuthUser::getMasterInstanceByName() in \CentralAuthUser::getMasterInstance that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CentralAuthUser.php +160) (Caused by: ../../includes/user/User.php +2454; ../../includes/changes/RecentChange.php +349; ../../includes/user/User.php +401; ../../includes/changes/RecentChange.php +349; ../../includes/user/User.php +401)" source="SecurityCheck-XSS"/> <error line="288" severity="warning" message="Calling method \CentralAuthUser::getInstanceByName() in \CentralAuthUser::newFromId that outputs using tainted argument $name. (Caused by: ./includes/CentralAuthUser.php +132) (Caused by: ./includes/CentralAuthUser.php +280)" source="SecurityCheck-XSS"/> <error line="309" severity="warning" message="Calling method \CentralAuthUser::getMasterInstanceByName() in \CentralAuthUser::newMasterInstanceFromId that outputs using tainted argument $name. (Caused by: ./includes/CentralAuthUser.php +160) (Caused by: ./includes/CentralAuthUser.php +301)" source="SecurityCheck-XSS"/> <error line="324" severity="warning" message="Calling method \CentralAuthUser::__construct() in \CentralAuthUser::newFromRow that outputs using tainted argument $[arg #1]. (Caused by: ./maintenance/fixStuckGlobalRename.php +35)" source="SecurityCheck-XSS"/> <error line="1445" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::queueAdminUnattachJob that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="1447" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::queueAdminUnattachJob that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="1449" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::queueAdminUnattachJob that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="1472" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::adminDelete that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="1743" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::doCrosswikiSuppression that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="1744" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::doCrosswikiSuppression that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="1753" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::doCrosswikiSuppression that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="1755" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::doCrosswikiSuppression that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="1925" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::canAuthenticate that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="2464" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324; ./includes/CentralAuthUser.php +2464; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324; ../../inclu...)" source="SecurityCheck-XSS"/> </file> <file name="./includes/CentralAuthUtils.php"> <error line="265" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUtils::scheduleCreationJobs that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/GlobalRename/GlobalRenameUser.php"> <error line="219" severity="warning" message="Calling method \LocalRenameUserJob::__construct() in \GlobalRenameUser::getJob that outputs using tainted argument $params. (Caused by: ./includes/LocalRenameJob/LocalRenameUserJob.php +42) (Caused by: ./includes/GlobalRename/GlobalRenameUser.php +205; ./includes/GlobalRename/GlobalRenameUser.php +219)" source="SecurityCheck-XSS"/> </file> <file name="./includes/GlobalRename/GlobalUserMerge.php"> <error line="84" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::addLogEntry that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="86" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::addLogEntry that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="103" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::merge that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="114" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::merge that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="116" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::merge that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="159" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::setRenameStatuses that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="160" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::setRenameStatuses that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="162" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::setRenameStatuses that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="171" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::setRenameStatuses that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="195" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::getJob that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="195" severity="warning" message="Calling method \LocalUserMergeJob::__construct() in \GlobalUserMerge::getJob that outputs using tainted argument $[arg #2]. (Caused by: ./includes/LocalRenameJob/LocalUserMergeJob.php +13) (Caused by: ./includes/GlobalRename/GlobalUserMerge.php +195; ./includes/GlobalRename/GlobalUserMerge.php +195)" source="SecurityCheck-XSS"/> <error line="198" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::getJob that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/GlobalRename/GlobalUserMergeLogger.php"> <error line="37" severity="warning" message="Calling method \CentralAuthUser::getName in \closure_14cc18b5b7ff that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/LocalRenameJob/LocalRenameUserJob.php"> <error line="173" severity="warning" message="Calling method \LocalPageMoveJob::__construct() in \LocalRenameUserJob::movePages that outputs using tainted argument $[arg #2]. (Caused by: ./includes/LocalRenameJob/LocalPageMoveJob.php +29) (Caused by: ./includes/LocalRenameJob/LocalRenameUserJob.php +157; ./includes/LocalRenameJob/LocalRenameUserJob.php +173)" source="SecurityCheck-XSS"/> </file> <file name="./includes/api/ApiDeleteGlobalAccount.php"> <error line="42" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiDeleteGlobalAccount::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="48" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiDeleteGlobalAccount::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="49" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiDeleteGlobalAccount::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/api/ApiQueryGlobalUserInfo.php"> <error line="68" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiQueryGlobalUserInfo::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/api/ApiSetGlobalAccountStatus.php"> <error line="43" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiSetGlobalAccountStatus::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="44" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiSetGlobalAccountStatus::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="72" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiSetGlobalAccountStatus::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="73" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiSetGlobalAccountStatus::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="81" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiSetGlobalAccountStatus::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="82" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiSetGlobalAccountStatus::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/session/CentralAuthSessionProvider.php"> <error line="212" severity="warning" message="Calling method \CentralAuthUser::getInstanceByName() in \CentralAuthSessionProvider::refreshSessionInfo that outputs using tainted argument $name. (Caused by: ./includes/CentralAuthUser.php +132) (Caused by: ./includes/session/CentralAuthSessionProvider.php +207)" source="SecurityCheck-XSS"/> <error line="331" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthSessionProvider::persistSession that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="336" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthSessionProvider::persistSession that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="337" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthSessionProvider::persistSession that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/specials/RenameQueueTablePager.php"> <error line="176" severity="warning" message="Calling method \CentralAuthUser::getName in \RenameQueueTablePager::formatValue that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="177" severity="warning" message="Calling method \CentralAuthUser::getName in \RenameQueueTablePager::formatValue that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="179" severity="warning" message="Calling method \CentralAuthUser::getName in \RenameQueueTablePager::formatValue that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="180" severity="warning" message="Calling method \CentralAuthUser::getName in \RenameQueueTablePager::formatValue that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/specials/SpecialCentralAuth.php"> <error line="94" severity="warning" message="Calling method \CentralAuthUser::getInstanceByName() in \SpecialCentralAuth::execute that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CentralAuthUser.php +132) (Caused by: ./includes/specials/SpecialCentralAuth.php +50)" source="SecurityCheck-XSS"/> <error line="94" severity="warning" message="Calling method \CentralAuthUser::getMasterInstanceByName() in \SpecialCentralAuth::execute that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CentralAuthUser.php +160) (Caused by: ./includes/specials/SpecialCentralAuth.php +50)" source="SecurityCheck-XSS"/> <error line="95" severity="warning" message="Calling method \CentralAuthUser::getMasterInstanceByName() in \SpecialCentralAuth::execute that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CentralAuthUser.php +160) (Caused by: ./includes/specials/SpecialCentralAuth.php +50)" source="SecurityCheck-XSS"/> <error line="96" severity="warning" message="Calling method \CentralAuthUser::getInstanceByName() in \SpecialCentralAuth::execute that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CentralAuthUser.php +132) (Caused by: ./includes/specials/SpecialCentralAuth.php +50)" source="SecurityCheck-XSS"/> <error line="336" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAuth::getInfoFields that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="337" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAuth::getInfoFields that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="383" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialCentralAuth::showWikiLists that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: ./includes/specials/SpecialCentralAuth.php +374; ./includes/specials/SpecialCentralAuth.php +118)" source="SecurityCheck-XSS"/> <error line="385" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialCentralAuth::showWikiLists that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: ./includes/specials/SpecialCentralAuth.php +375; ./includes/specials/SpecialCentralAuth.php +128)" source="SecurityCheck-XSS"/> <error line="851" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAuth::showLogExtract that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/specials/SpecialCentralAutoLogin.php"> <error line="158" severity="warning" message="Calling method \SpecialCentralAutoLogin::doFinalOutput() in \SpecialCentralAutoLogin::execute that outputs using tainted argument $json. (Caused by: ./includes/specials/SpecialCentralAutoLogin.php +643) (Caused by: ./includes/specials/SpecialCentralAutoLogin.php +151)" source="SecurityCheck-XSS"/> <error line="399" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAutoLogin::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="400" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAutoLogin::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="478" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAutoLogin::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="501" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAutoLogin::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="503" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAutoLogin::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="515" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAutoLogin::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="591" severity="warning" message="Calling method \Xml::encodeJsCall() in \SpecialCentralAutoLogin::execute that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Xml::encodeJsCall)" source="SecurityCheck-DoubleEscaped"/> </file> <file name="./includes/specials/SpecialCentralLogin.php"> <error line="110" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralLogin::doLoginStart that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="120" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralLogin::doLoginStart that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="138" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralLogin::doLoginStart that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="139" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralLogin::doLoginStart that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="140" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralLogin::doLoginStart that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="242" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralLogin::doLoginComplete that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/specials/SpecialGlobalGroupPermissions.php"> <error line="702" severity="warning" message="Calling method \CentralAuthUser::getMasterInstanceByName() in \SpecialGlobalGroupPermissions::invalidateRightsCache that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CentralAuthUser.php +160)" source="SecurityCheck-XSS"/> </file> <file name="./includes/specials/SpecialGlobalRenameQueue.php"> <error line="278" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialGlobalRenameQueue::doViewRequest that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="280" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialGlobalRenameQueue::doViewRequest that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="281" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialGlobalRenameQueue::doViewRequest that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="288" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialGlobalRenameQueue::doViewRequest that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="300" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialGlobalRenameQueue::doViewRequest that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/specials/SpecialGlobalUserMerge.php"> <error line="204" severity="warning" message="Calling method \CentralAuthUser::getName in \closure_63834ceca99e that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/specials/SpecialMergeAccount.php"> <error line="109" severity="warning" message="Calling method \CentralAuthUser::getInstanceByName() in \SpecialMergeAccount::execute that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CentralAuthUser.php +132) (Caused by: ./includes/specials/SpecialMergeAccount.php +60)" source="SecurityCheck-XSS"/> </file> <file name="./includes/specials/SpecialMultiLock.php"> <error line="314" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialMultiLock::showUserTable that outputs using tainted argument $rowtext. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: ./includes/specials/SpecialMultiLock.php +304; ./includes/specials/SpecialMultiLock.php +306; ./includes/specials/SpecialMultiLock.php +313; ./includes/specials/SpecialMultiLock.php +314)" source="SecurityCheck-XSS"/> <error line="333" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialMultiLock::getUserTableRow that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./maintenance/migrateStewards.php"> <error line="55" severity="warning" message="Calling method \CentralAuthUser::__construct() in [no method] that outputs using tainted argument $user. (Caused by: ./maintenance/fixStuckGlobalRename.php +35) (Caused by: ./maintenance/migrateStewards.php +46)" source="SecurityCheck-XSS"/> </file> <file name="./tests/phpunit/CentralAuthUserTest.php"> <error line="23" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUserTest::testGetInstance that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="39" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUserTest::testNewUnattached that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./tests/phpunit/CentralAuthUserUsingDatabaseTest.php"> <error line="22" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUserUsingDatabaseTest::testBasicAttrs that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="89" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUserUsingDatabaseTest::testNewFromId that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> </checkstyle> ```

Checking https://gerritintegration.wikimedia.org/r/#/c/417316/ the [[ https://integration.wikimedia.org/ci/job/mwext-php70-phan-seccheck-docker/38525799/console | output ]] is as follows:as of version 1.3.0 ``` <?xml version="1.0" encoding="ISO-8859-15"?> 18:22:31 <checkstyle version="6.5"> 18:22:31 <file name="./includes/specials/SpecialCentralAuthCentralAuthGroupMembershipProxy.php"> 18:22:31 <error line="383" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialCentralAuth::showWikiLists that outputs using tainted argument $[arg #1]. <error line="22" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthGroupMembershipProxy::__construct that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; (Caused by: ./includes/specials/SpecialCentralAuth./maintenance/forceRenameUsers.php +374;144; ./includes/specials/SpecialCentralAuthUser.php +118324)" source="SecurityCheck-XSS"/> 18:22:31 <error line="385" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialCentralAuth::showWikiLists that outputs using tainted argument $[arg #1]. (Caused by: ./includes/specials/SpecialCentralAuth.php +375; ./includes/specials/SpecialCentralAuth.php +128)" source="SecurityCheck-XSS"/ </file> 18:22:31 </file <file name="./includes/CentralAuthHooks.php"> 18:22:31 <file name="./includes/specials/SpecialCentralAutoLogin.php" <error line="383" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthHooks::onSpecialPasswordResetOnSubmit that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> 18:22:31 <error line="158" severity="warning" message="Calling method \SpecialCentralAutoLogin::doFinalOutput() in \SpecialCentralAutoLogin::execute that outputs using tainted argument $json. <error line="571" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthHooks::doCentralLoginRedirect that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; (Caused by: ./includes/specials/SpecialCentralAutoLogin./maintenance/fixStuckGlobalRename.php +643;35; ./includes/specials/SpecialCentralAutoLogin/maintenance/forceRenameUsers.php +646) (Caused by:144; ./includes/specials/Speciales/CentralAutoLoginhUser.php +151324)" source="SecurityCheck-XSS"/> 18:22:31 </file <error line="572" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthHooks::doCentralLoginRedirect that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> 18:22:31 <file name="./includes/specials/SpecialGlobalUsers.php" <error line="573" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthHooks::doCentralLoginRedirect that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> 18:22:31 <error line="37" severity="warning" message="Calling Method \GlobalUsersPager::getNavigationBar in \SpecialGlobalUsers::execute that is always unsafe <error line="620" severity="warning" message="Calling method \CentralAuthUser::getMasterInstanceByName() in \closure_a93be2a8a1b5 that outputs using tainted argument $username. (Caused by: ./includes/CentralAuthUser.php +160) (Caused by: ./includes/CentralAuthHooks.php +618)" source="SecurityCheck-XSS"/> 18:22:31 <error line="37" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialGlobalUsers::execute <error line="1462" severity="warning" message="Calling method \CentralAuthUser::getInstanceByName() in \CentralAuthHooks::onSessionCheckInfo that outputs using tainted argument $[arg #1].$name. (Caused by: ./includes/CentralAuthUser.php +132) (Caused by: ./includes/CentralAuthHooks.php +1460)" source="SecurityCheck-XSS"/> 18:22:31 <error line="38" severity="warning" message="Calling Method \GlobalUsersPager::getNavigationBar in \SpecialGlobalUsers::execute that is always unsafe " source="SecurityCheck-XSS"/ </file> 18:22:31 <error line="39" severity="warning" message="Calling Method \GlobalUsersPager::getNavigationBar in \SpecialGlobalUsers::execute that is always unsafe " source="SecurityCheck-XSS"/ <file name="./includes/CentralAuthIdLookup.php"> 18:22:31 <error line="41" severity="warning" message="Calling Method \GlobalUsersPager::getNavigationBar in \SpecialGlobalUsers::execute that is always unsafe <error line="35" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthIdLookup::lookupCentralIds that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> 18:22:31 </file <error line="72" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthIdLookup::lookupUserNames that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> 18:22:31 <file name="./includes/specials/SpecialMergeAccount.php" </file> 18:22:31 <error line="245" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialMergeAccount::doDryRunMerge that outputs using tainted argument $[arg #1]. (Caused by: ./includes/specials/SpecialMergeAccount.php +611)" source="SecurityCheck-XSS"/ <file name="./includes/CentralAuthUser.php"> 18:22:31 <error line="267" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialMergeAccount::doDryRunMerg <error line="120" severity="warning" message="Calling method \CentralAuthUser::getInstanceByName() in \CentralAuthUser::getInstance that outputs using tainted argument $[arg #1]. (Caused by: ./includes/specials/SpecialMergeAccount.php +599CentralAuthUser.php +132) (Caused by: ../../includes/user/User.php +2454; ../../includes/changes/RecentChange.php +349; ../../includes/user/User.php +401; ../../includes/changes/RecentChange.php +349; ../../includes/user/User.php +401)" source="SecurityCheck-XSS"/> 18:22:31 <error line="358" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialMergeAccount::doAttachMerg <error line="146" severity="warning" message="Calling method \CentralAuthUser::getMasterInstanceByName() in \CentralAuthUser::getMasterInstance that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CentralAuthUser.php +160) (Caused by: ../../includes/user/User.php +2454; ../../includes/changes/RecentChange.php +349; ../../includes/user/User.php +401; ../../includes/changes/RecentChange.php +349; ../../includes/user/User.php +401)" source="SecurityCheck-XSS"/> 18:22:31 <error line="376" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialMergeAccount::showWelcomeForm <error line="288" severity="warning" message="Calling method \CentralAuthUser::getInstanceByName() in \CentralAuthUser::newFromId that outputs using tainted argument $[arg #1].$name. (Caused by: ./includes/CentralAuthUser.php +132) (Caused by: ./includes/CentralAuthUser.php +280)" source="SecurityCheck-XSS"/> 18:22:31 <error line="398" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialMergeAccount::showAttachForm <error line="309" severity="warning" message="Calling method \CentralAuthUser::getMasterInstanceByName() in \CentralAuthUser::newMasterInstanceFromId that outputs using tainted argument $[arg #1]$name. (Caused by: ./includes/specials/SpecialMergeAccountCentralAuthUser.php +160) (Caused by: ./includes/CentralAuthUser.php +659301)" source="SecurityCheck-XSS"/> 18:22:31 <error line="436" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialMergeAccount::showStatus <error line="324" severity="warning" message="Calling method \CentralAuthUser::__construct() in \CentralAuthUser::newFromRow that outputs using tainted argument $[arg #1]. (Caused by: ./maintenance/fixStuckGlobalRename.php +35)" source="SecurityCheck-XSS"/> 18:22:31 </file <error line="1445" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::queueAdminUnattachJob that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> 18:22:31 <file name="./maintenance/migrateStewards.php" <error line="1447" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::queueAdminUnattachJob that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> 18:22:31 <error line="52" severity="warning" message="Echoing expression that was not html escaped (Caused by: ./maintenance/migrateStewards.php +46 <error line="1449" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::queueAdminUnattachJob that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> 18:22:31 </file <error line="1472" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::adminDelete that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> 18:22:31 </checkstyle <error line="1743" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::doCrosswikiSuppression that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> 18:22:32 Build step 'Execute shell' marked build as failure <error line="1744" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::doCrosswikiSuppression that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> 18:22:32 [CHECKSTYLE] Collecting checkstyle analysis files... <error line="1753" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::doCrosswikiSuppression that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> 18:22:32 [CHECKSTYLE] Searching for all files in /srv/jenkins-workspace/workspace/mwext-php70-phan-seccheck-docker that match the pattern src/seccheck-issues <error line="1755" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::doCrosswikiSuppression that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> 18:22:32 [CHECKSTYLE] Parsing 1 file in /srv/jenkins-workspace/workspace/mwext-php70-phan-seccheck-docker <error line="1925" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUser::canAuthenticate that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> 18:22:32 [CHECKSTYLE] Successfully parsed file /srv/jenkins-workspace/workspace/mwext-php70-phan-seccheck-docker/src/seccheck-issues with 15 unique warnings and 0 duplicates. <error line="2464" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324; ./includes/CentralAuthUser.php +2464; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324; ../../inclu...)" source="SecurityCheck-XSS"/> 18:22:32 [CHECKSTYLE] Computing warning deltas based on reference build #32 </file> 18:22:32 [CHECKSTYLE] Ignore new warnings since this is the first valid build <file name="./includes/CentralAuthUtils.php"> 18:22:32 [CHECKSTYLE] Plug-in Result: Failed - <a href="checkstyleResult">15 warnings</a> exceed the threshold of 1 by 14 <error line="265" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUtils::scheduleCreationJobs that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> 18:22:32 Finished: FAILURE </file> <file name="./includes/GlobalRename/GlobalRenameUser.php"> <error line="219" severity="warning" message="Calling method \LocalRenameUserJob::__construct() in \GlobalRenameUser::getJob that outputs using tainted argument $params. (Caused by: ./includes/LocalRenameJob/LocalRenameUserJob.php +42) (Caused by: ./includes/GlobalRename/GlobalRenameUser.php +205; ./includes/GlobalRename/GlobalRenameUser.php +219)" source="SecurityCheck-XSS"/> </file> <file name="./includes/GlobalRename/GlobalUserMerge.php"> <error line="84" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::addLogEntry that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="86" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::addLogEntry that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="103" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::merge that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="114" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::merge that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="116" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::merge that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="159" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::setRenameStatuses that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="160" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::setRenameStatuses that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="162" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::setRenameStatuses that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="171" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::setRenameStatuses that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="195" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::getJob that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="195" severity="warning" message="Calling method \LocalUserMergeJob::__construct() in \GlobalUserMerge::getJob that outputs using tainted argument $[arg #2]. (Caused by: ./includes/LocalRenameJob/LocalUserMergeJob.php +13) (Caused by: ./includes/GlobalRename/GlobalUserMerge.php +195; ./includes/GlobalRename/GlobalUserMerge.php +195)" source="SecurityCheck-XSS"/> <error line="198" severity="warning" message="Calling method \CentralAuthUser::getName in \GlobalUserMerge::getJob that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/GlobalRename/GlobalUserMergeLogger.php"> <error line="37" severity="warning" message="Calling method \CentralAuthUser::getName in \closure_14cc18b5b7ff that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/LocalRenameJob/LocalRenameUserJob.php"> <error line="173" severity="warning" message="Calling method \LocalPageMoveJob::__construct() in \LocalRenameUserJob::movePages that outputs using tainted argument $[arg #2]. (Caused by: ./includes/LocalRenameJob/LocalPageMoveJob.php +29) (Caused by: ./includes/LocalRenameJob/LocalRenameUserJob.php +157; ./includes/LocalRenameJob/LocalRenameUserJob.php +173)" source="SecurityCheck-XSS"/> </file> <file name="./includes/api/ApiDeleteGlobalAccount.php"> <error line="42" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiDeleteGlobalAccount::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="48" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiDeleteGlobalAccount::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="49" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiDeleteGlobalAccount::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/api/ApiQueryGlobalUserInfo.php"> <error line="68" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiQueryGlobalUserInfo::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/api/ApiSetGlobalAccountStatus.php"> <error line="43" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiSetGlobalAccountStatus::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="44" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiSetGlobalAccountStatus::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="72" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiSetGlobalAccountStatus::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="73" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiSetGlobalAccountStatus::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="81" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiSetGlobalAccountStatus::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="82" severity="warning" message="Calling method \CentralAuthUser::getName in \ApiSetGlobalAccountStatus::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/session/CentralAuthSessionProvider.php"> <error line="212" severity="warning" message="Calling method \CentralAuthUser::getInstanceByName() in \CentralAuthSessionProvider::refreshSessionInfo that outputs using tainted argument $name. (Caused by: ./includes/CentralAuthUser.php +132) (Caused by: ./includes/session/CentralAuthSessionProvider.php +207)" source="SecurityCheck-XSS"/> <error line="331" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthSessionProvider::persistSession that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="336" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthSessionProvider::persistSession that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="337" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthSessionProvider::persistSession that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/specials/RenameQueueTablePager.php"> <error line="176" severity="warning" message="Calling method \CentralAuthUser::getName in \RenameQueueTablePager::formatValue that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="177" severity="warning" message="Calling method \CentralAuthUser::getName in \RenameQueueTablePager::formatValue that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="179" severity="warning" message="Calling method \CentralAuthUser::getName in \RenameQueueTablePager::formatValue that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="180" severity="warning" message="Calling method \CentralAuthUser::getName in \RenameQueueTablePager::formatValue that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/specials/SpecialCentralAuth.php"> <error line="94" severity="warning" message="Calling method \CentralAuthUser::getInstanceByName() in \SpecialCentralAuth::execute that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CentralAuthUser.php +132) (Caused by: ./includes/specials/SpecialCentralAuth.php +50)" source="SecurityCheck-XSS"/> <error line="94" severity="warning" message="Calling method \CentralAuthUser::getMasterInstanceByName() in \SpecialCentralAuth::execute that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CentralAuthUser.php +160) (Caused by: ./includes/specials/SpecialCentralAuth.php +50)" source="SecurityCheck-XSS"/> <error line="95" severity="warning" message="Calling method \CentralAuthUser::getMasterInstanceByName() in \SpecialCentralAuth::execute that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CentralAuthUser.php +160) (Caused by: ./includes/specials/SpecialCentralAuth.php +50)" source="SecurityCheck-XSS"/> <error line="96" severity="warning" message="Calling method \CentralAuthUser::getInstanceByName() in \SpecialCentralAuth::execute that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CentralAuthUser.php +132) (Caused by: ./includes/specials/SpecialCentralAuth.php +50)" source="SecurityCheck-XSS"/> <error line="336" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAuth::getInfoFields that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="337" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAuth::getInfoFields that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="383" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialCentralAuth::showWikiLists that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: ./includes/specials/SpecialCentralAuth.php +374; ./includes/specials/SpecialCentralAuth.php +118)" source="SecurityCheck-XSS"/> <error line="385" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialCentralAuth::showWikiLists that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: ./includes/specials/SpecialCentralAuth.php +375; ./includes/specials/SpecialCentralAuth.php +128)" source="SecurityCheck-XSS"/> <error line="851" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAuth::showLogExtract that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/specials/SpecialCentralAutoLogin.php"> <error line="158" severity="warning" message="Calling method \SpecialCentralAutoLogin::doFinalOutput() in \SpecialCentralAutoLogin::execute that outputs using tainted argument $json. (Caused by: ./includes/specials/SpecialCentralAutoLogin.php +643) (Caused by: ./includes/specials/SpecialCentralAutoLogin.php +151)" source="SecurityCheck-XSS"/> <error line="399" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAutoLogin::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="400" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAutoLogin::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="478" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAutoLogin::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="501" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAutoLogin::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="503" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAutoLogin::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="515" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralAutoLogin::execute that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="591" severity="warning" message="Calling method \Xml::encodeJsCall() in \SpecialCentralAutoLogin::execute that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Xml::encodeJsCall)" source="SecurityCheck-DoubleEscaped"/> </file> <file name="./includes/specials/SpecialCentralLogin.php"> <error line="110" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralLogin::doLoginStart that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="120" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralLogin::doLoginStart that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="138" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralLogin::doLoginStart that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="139" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralLogin::doLoginStart that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="140" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralLogin::doLoginStart that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="242" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialCentralLogin::doLoginComplete that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/specials/SpecialGlobalGroupPermissions.php"> <error line="702" severity="warning" message="Calling method \CentralAuthUser::getMasterInstanceByName() in \SpecialGlobalGroupPermissions::invalidateRightsCache that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CentralAuthUser.php +160)" source="SecurityCheck-XSS"/> </file> <file name="./includes/specials/SpecialGlobalRenameQueue.php"> <error line="278" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialGlobalRenameQueue::doViewRequest that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="280" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialGlobalRenameQueue::doViewRequest that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="281" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialGlobalRenameQueue::doViewRequest that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="288" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialGlobalRenameQueue::doViewRequest that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="300" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialGlobalRenameQueue::doViewRequest that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/specials/SpecialGlobalUserMerge.php"> <error line="204" severity="warning" message="Calling method \CentralAuthUser::getName in \closure_63834ceca99e that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./includes/specials/SpecialMergeAccount.php"> <error line="109" severity="warning" message="Calling method \CentralAuthUser::getInstanceByName() in \SpecialMergeAccount::execute that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CentralAuthUser.php +132) (Caused by: ./includes/specials/SpecialMergeAccount.php +60)" source="SecurityCheck-XSS"/> </file> <file name="./includes/specials/SpecialMultiLock.php"> <error line="314" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialMultiLock::showUserTable that outputs using tainted argument $rowtext. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: ./includes/specials/SpecialMultiLock.php +304; ./includes/specials/SpecialMultiLock.php +306; ./includes/specials/SpecialMultiLock.php +313; ./includes/specials/SpecialMultiLock.php +314)" source="SecurityCheck-XSS"/> <error line="333" severity="warning" message="Calling method \CentralAuthUser::getName in \SpecialMultiLock::getUserTableRow that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./maintenance/migrateStewards.php"> <error line="55" severity="warning" message="Calling method \CentralAuthUser::__construct() in [no method] that outputs using tainted argument $user. (Caused by: ./maintenance/fixStuckGlobalRename.php +35) (Caused by: ./maintenance/migrateStewards.php +46)" source="SecurityCheck-XSS"/> </file> <file name="./tests/phpunit/CentralAuthUserTest.php"> <error line="23" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUserTest::testGetInstance that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="39" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUserTest::testNewUnattached that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> <file name="./tests/phpunit/CentralAuthUserUsingDatabaseTest.php"> <error line="22" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUserUsingDatabaseTest::testBasicAttrs that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> <error line="89" severity="warning" message="Calling method \CentralAuthUser::getName in \CentralAuthUserUsingDatabaseTest::testNewFromId that is always unsafe (Caused by: ./includes/CentralAuthUser.php +590; ./maintenance/fixStuckGlobalRename.php +35; ./maintenance/forceRenameUsers.php +144; ./includes/CentralAuthUser.php +324)" source="SecurityCheck-XSS"/> </file> </checkstyle> ```