Suppress or fix non-double escape phan-taint-check warnings for MW core
Closed, ResolvedPublic
Actions

Description

As the first step to getting phan-taint-check running on MW core, we need to get rid of the false (and true!) positives in MW core.

As first step, ignore the double escaping warnings, to make this task more manageable (We can exclude those warnings in initial deployment to build process)

Details

Subject	Repo	Branch	Lines /-
Various fixes to Block.php to make phan-taint-check happy	mediawiki/core	master	22 -11
[WIP] Add phan-taint-check-plugin	mediawiki/core	master	0 -1
build: Enable phan-taint-check-plugin and suppress issues	mediawiki/core	master	77 -60
Annotate File::getDescriptionText to return safe html for taint-check	mediawiki/core	master	2 -1
Suppress taint-check issues related to Linker functions	mediawiki/core	master	5 -0
Suppress taint-check issues in Parser	mediawiki/core	master	3 -0
Suppress taint-check issues in maintenance scripts/cli context	mediawiki/core	master	30 -8
Add taint hints for message creation method	mediawiki/core	master	4 -0
Don't leak global variables in global scope	mediawiki/tools/phan/SecurityCheckPlugin	master	57 -8
Document HttpError to help taint-check	mediawiki/core	master	12 -6
Improve code around internal queries in sqlite database class	mediawiki/core	master	12 -7
Suppress taint-check in UploadForm	mediawiki/core	master	6 -1
Suppress taint-check issues in LogFormatter/LogPage	mediawiki/core	master	2 -0
Suppress taint-check in DefaultPreferencesFactory	mediawiki/core	master	2 -0
Add some int casts for queries in maintenance scripts	mediawiki/core	master	7 -7
Improve some message escaping on special pages	mediawiki/core	master	26 -26
Use db abstraction layer in nukePage and nukeNS maintenance script	mediawiki/core	master	19 -26
Avoid reuse of local variable in RevisionStore	mediawiki/core	master	2 -2
maintenance: Add `@return-taint none` to getArg and getOption	mediawiki/core	master	2 -0
Make Special:Version escape extension names that aren't links	mediawiki/core	master	3 -1
Make addIdentifierQuotes part of IDatabase	mediawiki/core	master	15 -9
Various fixes to make phan-taint-check happier	mediawiki/core	master	14 -2
Various fixes for phan-taint-check	mediawiki/core	master	42 -25
Use htmlspecialchars() not htmlentities in xml export for validity	mediawiki/core	master	2 -2
Various fixes to make phan-taint-check happier	mediawiki/core	master	17 -6
Various fixes for phan-taint-check	mediawiki/core	master	5 -0
Do not use raw html for Special:ProtectedPages drop-down messages	mediawiki/core	master	4 -4
Avoid rawParams() in Special:Emailuser	mediawiki/core	master	1 -1

Related Objects
Search...

Status	Assigned	Task
Resolved	Daimona	T203630 Configure CI to run phan-taint-check-plugin for MediaWiki core
Resolved	Umherirrender	T231311 Enable seccheck for MW core
Resolved	None	T216348 Suppress or fix non-double escape phan-taint-check warnings for MW core
Resolved	Daimona	T268891 taint-check fails on array-plus and assumed int\|float type
Resolved	Daimona	T268905 taint-check has trouble for taintedness of unknown array keys and reports possible false positives
Resolved	Umherirrender	T268920 taint-check 3.1.0 showing more issues from type SecurityCheck-OTHER

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

Krinkle moved this task from Inbox to Checkers on the MediaWiki-Core-Tests board.Apr 8 2019, 6:02 PM

sbassett mentioned this in T218091: Security Team quarterly check in for April - June 2019.Apr 19 2019, 7:02 PM

I checked with 2.x, and we have 64 DoubleEscaped of a total of 512 warnings, so they're not really a problem. I'll sample a few warnings and check how many false positives I got. If there are too many, it may be worth fixing taint-check first (if the fix is easy), then start working on core as soon as a future version (not 2.0) is released.

EDIT: And apparently some of them are false positives. I'll check how we can fix those. ATM I cannot compare the results with seccheck master due to system incompatibility, so I'm wondering, is there an error count available for taint-check master?

In T216348#5185223, @Daimona wrote:

I checked with 2.x, and we have 64 DoubleEscaped of a total of 512 warnings

After having fixed some other regressions, running https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/ /507619/ on core yields 218 DoubleEscaped warnings and 249 total warnings. I'll look into the remaining issues.

@Daimona - with r/507619 being merged, do we need to keep this task open? If there are remaining issues, do we want to break those out into other tasks?

@sbassett Great question! I think we need the final error count with seccheck 2.x. Individual tasks will probably be the right choice once we get a limited amount of different errors.

Change 522419 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/core@master] [WIP] Add phan-taint-check-plugin

https://gerrit.wikimedia.org/r/522419

Let's see how many things we have to fix, and whether to open separate tasks.

Current warnings list is here:

P8746 taint-check on core

1	<?xml version="1.0" encoding="ISO-8859-15"?>
2	<checkstyle version="6.5">
3	<file name="includes/CategoryViewer.php">
4	<error line="184" severity="warning" message="Calling method \CategoryViewer::generateLink() in \CategoryViewer::addSubcategoryObject that outputs using tainted argument $[arg #4]. (Caused by: includes/CategoryViewer.php 203)" source="SecurityCheck-DoubleEscaped"/>
5	<error line="416" severity="warning" message="Calling method \CategoryViewer::formatList() in \CategoryViewer::getSubcategorySection that outputs using tainted argument $[arg #2]. (Caused by: includes/CategoryViewer.php 534) (Caused by: includes/CategoryViewer.php 191; includes/CategoryViewer.php 275)" source="SecurityCheck-DoubleEscaped"/>
6	<error line="446" severity="warning" message="Calling method \CategoryViewer::formatList() in \CategoryViewer::getPagesSection that outputs using tainted argument $[arg #2]. (Caused by: includes/CategoryViewer.php 534) (Caused by: includes/CategoryViewer.php 268; includes/CategoryViewer.php 279)" source="SecurityCheck-DoubleEscaped"/>
7	<error line="474" severity="warning" message="Calling method \CategoryViewer::formatList() in \CategoryViewer::getImageSection that outputs using tainted argument $[arg #2]. (Caused by: includes/CategoryViewer.php 534) (Caused by: includes/CategoryViewer.php 253; includes/CategoryViewer.php 283)" source="SecurityCheck-DoubleEscaped"/>
8	</file>
9	<file name="includes/Linker.php">
10	<error line="858" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/Linker.php 858)" source="SecurityCheck-DoubleEscaped"/>
11	<error line="1760" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/Linker.php 1760)" source="SecurityCheck-DoubleEscaped"/>
12	</file>
13	<file name="includes/OutputPage.php">
14	<error line="2561" severity="warning" message="Echoing expression that was not html escaped (Caused by: includes/OutputPage.php 1573; includes/OutputPage.php 1551; includes/OutputPage.php 1560; includes/OutputPage.php 1939; includes/OutputPage.php 2653; includes/OutputPage.php 3960; includes/OutputPage.php 2843; includes/OutputPage.php 2730; i...)" source="SecurityCheck-XSS"/>
15	<error line="3165" severity="warning" message="Calling method \ResourceLoader::makeConfigSetScript() in \OutputPage::getBottomScripts that outputs using tainted argument $[arg #1]. (Caused by: includes/resourceloader/ResourceLoader.php 1537) (Caused by: includes/OutputPage.php 1890)" source="SecurityCheck-DoubleEscaped"/>
16	<error line="3166" severity="warning" message="Calling method \ResourceLoader::makeConfigSetScript() in \OutputPage::getBottomScripts that outputs using tainted argument $[arg #1]. (Caused by: includes/resourceloader/ResourceLoader.php 1537) (Caused by: includes/OutputPage.php 1890)" source="SecurityCheck-DoubleEscaped"/>
17	<error line="3816" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/OutputPage.php 3812)" source="SecurityCheck-DoubleEscaped"/>
18	</file>
19	<file name="includes/Rest/ResponseFactory.php">
20	<error line="234" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/Rest/ResponseFactory.php 234)" source="SecurityCheck-DoubleEscaped"/>
21	</file>
22	<file name="includes/actions/HistoryAction.php">
23	<error line="415" severity="warning" message="Calling method \FeedItem::__construct() in \HistoryAction::feedEmpty that outputs using tainted argument $[arg #2]. (Caused by: includes/changes/FeedItem.php 145) (Caused by: Builtin-\Message::parseAsBlock; includes/language/Message.php 981)" source="SecurityCheck-DoubleEscaped"/>
24	<error line="457" severity="warning" message="Calling method \FeedItem::__construct() in \HistoryAction::feedItem that outputs using tainted argument $text. (Caused by: includes/changes/FeedItem.php 145) (Caused by: includes/actions/HistoryAction.php 436)" source="SecurityCheck-DoubleEscaped"/>
25	</file>
26	<file name="includes/actions/RawAction.php">
27	<error line="127" severity="warning" message="Calling method \HttpError::__construct() in \RawAction::onView that outputs using tainted argument $msg. (Caused by: includes/exception/HttpError.php 122) (Caused by: includes/actions/RawAction.php 126)" source="SecurityCheck-DoubleEscaped"/>
28	<error line="152" severity="warning" message="Calling method \HttpError::__construct() in \RawAction::onView that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php 122) (Caused by: includes/GlobalFunctions.php 1270)" source="SecurityCheck-DoubleEscaped"/>
29	</file>
30	<file name="includes/api/ApiCSPReport.php">
31	<error line="188" severity="warning" message="Calling method \ApiCSPReport::error() in \ApiCSPReport::getReport that outputs using tainted argument $msg. (Caused by: includes/api/ApiCSPReport.php 252) (Caused by: includes/api/ApiCSPReport.php 184)" source="SecurityCheck-DoubleEscaped"/>
32	</file>
33	<file name="includes/api/ApiFeedContributions.php">
34	<error line="148" severity="warning" message="Calling method \FeedItem::__construct() in \ApiFeedContributions::feedItem that outputs using tainted argument $[arg #2]. (Caused by: includes/changes/FeedItem.php 145) (Caused by: includes/api/ApiFeedContributions.php 197; includes/api/ApiFeedContributions.php 177)" source="SecurityCheck-DoubleEscaped"/>
35	</file>
36	<file name="includes/api/ApiFeedWatchlist.php">
37	<error line="157" severity="warning" message="Calling method \FeedItem::__construct() in \ApiFeedWatchlist::execute that outputs using tainted argument $errorTitle. (Caused by: includes/changes/FeedItem.php 119) (Caused by: includes/api/ApiFeedWatchlist.php 155)" source="SecurityCheck-DoubleEscaped"/>
38	<error line="164" severity="warning" message="Calling method \FeedItem::__construct() in \ApiFeedWatchlist::execute that outputs using tainted argument $errorTitle. (Caused by: includes/changes/FeedItem.php 119) (Caused by: includes/api/ApiFeedWatchlist.php 162)" source="SecurityCheck-DoubleEscaped"/>
39	</file>
40	<file name="includes/api/ApiFormatJson.php">
41	<error line="112" severity="warning" message="Calling method \ApiFormatJson::printText() in \ApiFormatJson::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/api/ApiFormatJson.php 112; includes/api/ApiFormatJson.php 109)" source="SecurityCheck-XSS"/>
42	</file>
43	<file name="includes/api/ApiHelp.php">
44	<error line="293" severity="warning" message="Calling method \Html::element() in \ApiHelp::getHelpInternal that outputs using tainted argument $headerContent. (Caused by: Builtin-\Html::element) (Caused by: includes/api/ApiHelp.php 269; includes/api/ApiHelp.php 293)" source="SecurityCheck-DoubleEscaped"/>
45	<error line="571" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/api/ApiHelp.php 571)" source="SecurityCheck-DoubleEscaped"/>
46	<error line="807" severity="warning" message="Calling method \Html::element() in \ApiHelp::getHelpInternal that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::element) (Caused by: includes/api/ApiHelp.php 317; includes/api/ApiHelp.php 808; includes/api/ApiHelp.php 807)" source="SecurityCheck-DoubleEscaped"/>
47	<error line="808" severity="warning" message="Calling method \Html::element() in \ApiHelp::getHelpInternal that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::element) (Caused by: includes/api/ApiHelp.php 317; includes/api/ApiHelp.php 808)" source="SecurityCheck-DoubleEscaped"/>
48	</file>
49	<file name="includes/api/ApiQueryBacklinks.php">
50	<error line="450" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/api/ApiQueryBacklinks.php 173; includes/api/ApiQueryBacklinks.php 295; includes/api/ApiQueryBacklinks.php 250; includes/api/ApiQueryBacklinks.php 294; includes/api/ApiQueryBacklinks.php 287)" source="SecurityCheck-DoubleEscaped"/>
51	</file>
52	<file name="includes/block/DatabaseBlock.php">
53	<error line="321" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \MediaWiki\Block\DatabaseBlock::newLoad that outputs using tainted argument $conds. (Caused by: Builtin-\Wikimedia\Rdbms\Database::select) (Caused by: includes/block/DatabaseBlock.php 299; includes/block/DatabaseBlock.php 295; includes/block/DatabaseBlock.php 303; includes/block/DatabaseBlock.php 305; includes/block/DatabaseBlock.php 310; includes/block/DatabaseBlock.php 312)" source="SecurityCheck-SQLInjection"/>
54	</file>
55	<file name="includes/changes/ChangesFeed.php">
56	<error line="115" severity="warning" message="Calling method \FeedItem::__construct() in \ChangesFeed::buildItems that outputs using tainted argument $[arg #5]. (Caused by: includes/changes/FeedItem.php 182) (Caused by: Builtin-\Message::escaped; includes/language/Message.php 994)" source="SecurityCheck-DoubleEscaped"/>
57	</file>
58	<file name="includes/changes/EnhancedChangesList.php">
59	<error line="756" severity="warning" message="Calling method \Html::rawElement() in \EnhancedChangesList::recentChangesBlockLine that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::rawElement) (Caused by: includes/changes/EnhancedChangesList.php 755)" source="SecurityCheck-DoubleEscaped"/>
60	</file>
61	<file name="includes/changes/FeedItem.php">
62	<error line="119" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getTitle that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php 78) (Caused by: includes/changes/FeedItem.php 119; includes/api/ApiFeedContributions.php 148; includes/changes/ChangesFeed.php 115; includes/api/ApiFeedWatchlist.php 157)" source="SecurityCheck-DoubleEscaped"/>
63	<error line="119" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getTitle that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php 78) (Caused by: includes/changes/FeedItem.php 119; includes/api/ApiFeedContributions.php 148; includes/changes/ChangesFeed.php 115; includes/api/ApiFeedWatchlist.php 157; includes/api/ApiFeedWatchlist.php 164; includes/actions/HistoryAction.php 457)" source="SecurityCheck-DoubleEscaped"/>
64	<error line="119" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getTitle that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php 78) (Caused by: includes/changes/FeedItem.php 119; includes/api/ApiFeedContributions.php 148; includes/changes/ChangesFeed.php 115; includes/api/ApiFeedWatchlist.php 157; includes/api/ApiFeedWatchlist.php 164; includes/actions/HistoryAction.php 457; includes/...)" source="SecurityCheck-DoubleEscaped"/>
65	<error line="145" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getDescription that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php 78) (Caused by: includes/api/ApiFeedContributions.php 148; includes/changes/FeedItem.php 145)" source="SecurityCheck-DoubleEscaped"/>
66	<error line="145" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getDescription that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php 78) (Caused by: includes/api/ApiFeedContributions.php 148; includes/changes/FeedItem.php 145; includes/actions/HistoryAction.php 457)" source="SecurityCheck-DoubleEscaped"/>
67	<error line="145" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getDescription that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php 78) (Caused by: includes/api/ApiFeedContributions.php 148; includes/changes/FeedItem.php 145; includes/actions/HistoryAction.php 457; includes/actions/HistoryAction.php 415)" source="SecurityCheck-DoubleEscaped"/>
68	<error line="145" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getDescription that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php 78) (Caused by: includes/api/ApiFeedContributions.php 148; includes/changes/FeedItem.php 145; includes/actions/HistoryAction.php 457; includes/actions/HistoryAction.php 415; includes/specials/SpecialNewpages.php 490)" source="SecurityCheck-DoubleEscaped"/>
69	<error line="182" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getAuthor that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php 78) (Caused by: includes/changes/FeedItem.php 182; includes/changes/ChangesFeed.php 115)" source="SecurityCheck-DoubleEscaped"/>
70	<error line="182" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getAuthor that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php 78) (Caused by: includes/changes/FeedItem.php 182; includes/changes/ChangesFeed.php 115; includes/specials/SpecialNewpages.php 490)" source="SecurityCheck-DoubleEscaped"/>
71	</file>
72	<file name="includes/exception/HttpError.php">
73	<error line="122" severity="warning" message="Calling method \htmlspecialchars() in \HttpError::getHTML that outputs using tainted argument $[arg #1]. (Caused by: includes/exception/HttpError.php 122; includes/actions/RawAction.php 127)" source="SecurityCheck-DoubleEscaped"/>
74	<error line="122" severity="warning" message="Calling method \htmlspecialchars() in \HttpError::getHTML that outputs using tainted argument $[arg #1]. (Caused by: includes/exception/HttpError.php 122; includes/actions/RawAction.php 127; includes/actions/RawAction.php 152; includes/linkeddata/PageDataRequestHandler.php 75; includes/linkeddata/PageDataRequestHandler.php 92; includes/linkeddata/PageDataRequ...)" source="SecurityCheck-DoubleEscaped"/>
75	</file>
76	<file name="includes/htmlform/fields/HTMLFormFieldCloner.php">
77	<error line="391" severity="warning" message="Calling method \Html::rawElement() in \HTMLFormFieldCloner::getInputHTML that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::rawElement) (Caused by: includes/htmlform/fields/HTMLFormFieldCloner.php 390)" source="SecurityCheck-DoubleEscaped"/>
78	<error line="471" severity="warning" message="Calling method \Html::rawElement() in \HTMLFormFieldCloner::getInputOOUI that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::rawElement) (Caused by: includes/htmlform/fields/HTMLFormFieldCloner.php 470)" source="SecurityCheck-DoubleEscaped"/>
79	</file>
80	<file name="includes/installer/DatabaseInstaller.php">
81	<error line="643" severity="warning" message="Calling method \DatabaseInstaller::getPasswordBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php 545) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
82	<error line="643" severity="warning" message="Calling method \DatabaseInstaller::getTextBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php 518) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
83	<error line="645" severity="warning" message="Calling method \DatabaseInstaller::getTextBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php 518) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
84	<error line="651" severity="warning" message="Calling method \DatabaseInstaller::getPasswordBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php 545) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
85	</file>
86	<file name="includes/installer/DatabaseUpdater.php">
87	<error line="227" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/installer/DatabaseUpdater.php 227)" source="SecurityCheck-DoubleEscaped"/>
88	</file>
89	<file name="includes/installer/MssqlInstaller.php">
90	<error line="92" severity="warning" message="Calling method \MssqlInstaller::getPasswordBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
91	<error line="92" severity="warning" message="Calling method \MssqlInstaller::getRadioSet() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
92	<error line="92" severity="warning" message="Calling method \MssqlInstaller::getTextBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
93	<error line="100" severity="warning" message="Calling method \MssqlInstaller::getTextBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
94	<error line="102" severity="warning" message="Calling method \MssqlInstaller::getTextBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
95	<error line="104" severity="warning" message="Calling method \MssqlInstaller::getTextBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
96	<error line="109" severity="warning" message="Calling method \MssqlInstaller::getRadioSet() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
97	<error line="127" severity="warning" message="Calling method \MssqlInstaller::getTextBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
98	<error line="133" severity="warning" message="Calling method \MssqlInstaller::getPasswordBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
99	<error line="325" severity="error" message="Calling method \Wikimedia\Rdbms\Database::query() in \MssqlInstaller::canCreateAccounts that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query)" source="SecurityCheck-SQLInjection"/>
100	<error line="368" severity="warning" message="Calling method \MssqlInstaller::getRadioSet() in \MssqlInstaller::getSettingsForm that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
101	<error line="375" severity="warning" message="Calling method \MssqlInstaller::getRadioSet() in \MssqlInstaller::getSettingsForm that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
102	</file>
103	<file name="includes/installer/MysqlInstaller.php">
104	<error line="82" severity="warning" message="Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
105	<error line="90" severity="warning" message="Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
106	<error line="92" severity="warning" message="Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
107	</file>
108	<file name="includes/installer/OracleInstaller.php">
109	<error line="67" severity="warning" message="Calling method \OracleInstaller::getTextBox() in \OracleInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
110	<error line="77" severity="warning" message="Calling method \OracleInstaller::getTextBox() in \OracleInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
111	</file>
112	<file name="includes/installer/PostgresInstaller.php">
113	<error line="64" severity="warning" message="Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
114	<error line="73" severity="warning" message="Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
115	<error line="79" severity="warning" message="Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
116	</file>
117	<file name="includes/installer/PostgresUpdater.php">
118	<error line="1071" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \PostgresUpdater::dropFkey that outputs using tainted argument $command. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/installer/PostgresUpdater.php 1070; includes/installer/PostgresUpdater.php 1066; includes/installer/PostgresUpdater.php 1062; includes/installer/PostgresUpdater.php 1068)" source="SecurityCheck-SQLInjection"/>
119	<error line="1093" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \PostgresUpdater::changeFkeyDeferrable that outputs using tainted argument $command. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/installer/PostgresUpdater.php 1092; includes/installer/PostgresUpdater.php 1089; includes/installer/PostgresUpdater.php 1080; includes/installer/PostgresUpdater.php 1088)" source="SecurityCheck-SQLInjection"/>
120	</file>
121	<file name="includes/installer/SqliteInstaller.php">
122	<error line="88" severity="warning" message="Calling method \SqliteInstaller::getTextBox() in \SqliteInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php 518) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
123	<error line="93" severity="warning" message="Calling method \SqliteInstaller::getTextBox() in \SqliteInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php 518) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
124	</file>
125	<file name="includes/installer/WebInstallerName.php">
126	<error line="58" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 934; includes/installer/WebInstaller.php 932) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
127	<error line="58" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 934; includes/installer/WebInstaller.php 932) (Caused by: includes/installer/WebInstaller.php 692; includes/installer/WebInstallerName.php 56)" source="SecurityCheck-DoubleEscaped"/>
128	<error line="58" severity="warning" message="Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 970) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
129	<error line="58" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 805) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
130	<error line="59" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 934; includes/installer/WebInstaller.php 932) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
131	<error line="59" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 934; includes/installer/WebInstaller.php 932) (Caused by: includes/installer/WebInstaller.php 692; includes/installer/WebInstallerName.php 56)" source="SecurityCheck-DoubleEscaped"/>
132	<error line="59" severity="warning" message="Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 970) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
133	<error line="59" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 805) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
134	<error line="67" severity="warning" message="Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 970) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
135	<error line="82" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 805) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
136	<error line="95" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 805) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
137	<error line="103" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 934; includes/installer/WebInstaller.php 932) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
138	<error line="108" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 934; includes/installer/WebInstaller.php 932) (Caused by: includes/installer/WebInstaller.php 692; includes/installer/WebInstallerName.php 56)" source="SecurityCheck-DoubleEscaped"/>
139	</file>
140	<file name="includes/installer/WebInstallerOptions.php">
141	<error line="127" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 934; includes/installer/WebInstaller.php 932; includes/installer/WebInstallerName.php 58) (Caused by: includes/installer/WebInstallerOptions.php 125; includes/installer/WebInstallerOptions.php 121) (1092280 &lt;- 567976)" source="SecurityCheckMulti"/>
142	<error line="128" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 934; includes/installer/WebInstaller.php 932; includes/installer/WebInstallerName.php 58) (Caused by: includes/installer/WebInstallerOptions.php 125; includes/installer/WebInstallerOptions.php 121) (1092280 &lt;- 567976)" source="SecurityCheckMulti"/>
143	<error line="129" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 934; includes/installer/WebInstaller.php 932; includes/installer/WebInstallerName.php 58) (Caused by: includes/installer/WebInstallerOptions.php 125; includes/installer/WebInstallerOptions.php 121) (1092280 &lt;- 567976)" source="SecurityCheckMulti"/>
144	<error line="145" severity="warning" message="Calling method \WebInstallerOptions::addHTML() in \WebInstallerOptions::execute that outputs using tainted argument $skinHtml. (Caused by: includes/installer/WebInstallerOptions.php 108; includes/installer/WebInstallerOptions.php 127; includes/installer/WebInstallerOptions.php 114; includes/installer/WebInstallerOptions.php 138; includes/installer/WebInstallerOptions.php 143; incl...)" source="SecurityCheck-XSS"/>
145	<error line="246" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 934; includes/installer/WebInstaller.php 932; includes/installer/WebInstallerName.php 58) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
146	<error line="246" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 805) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
147	<error line="248" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 934; includes/installer/WebInstaller.php 932; includes/installer/WebInstallerName.php 58) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
148	<error line="248" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 805) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
149	<error line="249" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 934; includes/installer/WebInstaller.php 932; includes/installer/WebInstallerName.php 58) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
150	<error line="256" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 805) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
151	<error line="263" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 805) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
152	<error line="270" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 934; includes/installer/WebInstaller.php 932; includes/installer/WebInstallerName.php 58) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
153	<error line="271" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 934; includes/installer/WebInstaller.php 932; includes/installer/WebInstallerName.php 58) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
154	<error line="298" severity="warning" message="Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 852) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
155	<error line="300" severity="warning" message="Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 852) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
156	<error line="314" severity="warning" message="Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php 852) (Caused by: includes/installer/WebInstaller.php 692)" source="SecurityCheck-DoubleEscaped"/>
157	</file>
158	<file name="includes/jobqueue/utils/BacklinkJobUtils.php">
159	<error line="102" severity="error" message="Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument $[arg #1]. (Caused by: includes/cache/BacklinkCache.php 441) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php 90)" source="SecurityCheck-SQLInjection"/>
160	<error line="112" severity="error" message="Calling method \BacklinkCache::getLinks() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument $[arg #1]. (Caused by: includes/cache/BacklinkCache.php 172) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php 90)" source="SecurityCheck-SQLInjection"/>
161	</file>
162	<file name="includes/language/Message.php">
163	<error line="1396" severity="warning" message="Calling method \Message::extractParam() in \Message::formatListParam that outputs using tainted argument $[arg #1]. (Caused by: includes/language/Message.php 1204)" source="SecurityCheck-DoubleEscaped"/>
164	<error line="1396" severity="warning" message="Calling method \Message::extractParam() in \Message::formatListParam that outputs using tainted argument $[arg #1]. (Caused by: includes/language/Message.php 1204; includes/language/Message.php 1245)" source="SecurityCheck-DoubleEscaped"/>
165	</file>
166	<file name="includes/libs/rdbms/database/DatabasePostgres.php">
167	<error line="874" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \Wikimedia\Rdbms\DatabasePostgres::resetSequenceForTable that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query)" source="SecurityCheck-SQLInjection"/>
168	</file>
169	<file name="includes/linkeddata/PageDataRequestHandler.php">
170	<error line="75" severity="warning" message="Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php 122) (Caused by: includes/GlobalFunctions.php 1270)" source="SecurityCheck-DoubleEscaped"/>
171	<error line="92" severity="warning" message="Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php 122) (Caused by: includes/GlobalFunctions.php 1270; includes/linkeddata/PageDataRequestHandler.php 84)" source="SecurityCheck-DoubleEscaped"/>
172	<error line="98" severity="warning" message="Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php 122) (Caused by: includes/GlobalFunctions.php 1270; includes/linkeddata/PageDataRequestHandler.php 84; includes/linkeddata/PageDataRequestHandler.php 96)" source="SecurityCheck-DoubleEscaped"/>
173	<error line="147" severity="warning" message="Calling method \HttpError::__construct() in \PageDataRequestHandler::httpContentNegotiation that outputs using tainted argument $msg. (Caused by: includes/exception/HttpError.php 122) (Caused by: includes/linkeddata/PageDataRequestHandler.php 146)" source="SecurityCheck-DoubleEscaped"/>
174	</file>
175	<file name="includes/logging/BlockLogFormatter.php">
176	<error line="74" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/logging/BlockLogFormatter.php 32; includes/logging/BlockLogFormatter.php 59)" source="SecurityCheck-DoubleEscaped"/>
177	</file>
178	<file name="includes/media/ExifBitmapHandler.php">
179	<error line="66" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/media/ExifBitmapHandler.php 44; includes/media/ExifBitmapHandler.php 58; includes/media/ExifBitmapHandler.php 67; includes/media/ExifBitmapHandler.php 66) (1049600 &lt;- 567976)" source="SecurityCheckMulti"/>
180	</file>
181	<file name="includes/media/FormatMetadata.php">
182	<error line="164" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/media/FormatMetadata.php 164)" source="SecurityCheck-DoubleEscaped"/>
183	<error line="941" severity="warning" message="Calling method \htmlspecialchars() in \FormatMetadata::makeFormattedData that outputs using tainted argument $val. (Caused by: includes/media/FormatMetadata.php 168; includes/media/FormatMetadata.php 183; includes/media/FormatMetadata.php 205; includes/media/FormatMetadata.php 223; includes/media/FormatMetadata.php 235; includes/media/FormatMetadata.php 248; includes/...)" source="SecurityCheck-DoubleEscaped"/>
184	<error line="952" severity="warning" message="Calling method \htmlspecialchars() in \FormatMetadata::makeFormattedData that outputs using tainted argument $val. (Caused by: includes/media/FormatMetadata.php 168; includes/media/FormatMetadata.php 183; includes/media/FormatMetadata.php 205; includes/media/FormatMetadata.php 223; includes/media/FormatMetadata.php 235; includes/media/FormatMetadata.php 248; includes/...)" source="SecurityCheck-DoubleEscaped"/>
185	<error line="974" severity="warning" message="Calling method \htmlspecialchars() in \FormatMetadata::makeFormattedData that outputs using tainted argument $[arg #1]. (Caused by: includes/media/FormatMetadata.php 168; includes/media/FormatMetadata.php 183; includes/media/FormatMetadata.php 205; includes/media/FormatMetadata.php 223; includes/media/FormatMetadata.php 235; includes/media/FormatMetadata.php 248; includes/...)" source="SecurityCheck-DoubleEscaped"/>
186	</file>
187	<file name="includes/page/ImagePage.php">
188	<error line="165" severity="warning" message="Calling method \OutputPage::addHTML() in \ImagePage::view that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/page/ImagePage.php 725; includes/page/ImagePage.php 701)" source="SecurityCheck-XSS"/>
189	</file>
190	<file name="includes/parser/PPFrame_DOM.php">
191	<error line="127" severity="warning" message="Calling method \wfEscapeWikiText() in \PPFrame_DOM::newChild that outputs using tainted argument $name. (Caused by: includes/GlobalFunctions.php 1549) (Caused by: includes/parser/PPFrame_DOM.php 125)" source="SecurityCheck-DoubleEscaped"/>
192	<error line="130" severity="warning" message="Calling method \wfEscapeWikiText() in \PPFrame_DOM::newChild that outputs using tainted argument $name. (Caused by: includes/GlobalFunctions.php 1549) (Caused by: includes/parser/PPFrame_DOM.php 125)" source="SecurityCheck-DoubleEscaped"/>
193	</file>
194	<file name="includes/parser/PPFrame_Hash.php">
195	<error line="119" severity="warning" message="Calling method \wfEscapeWikiText() in \PPFrame_Hash::newChild that outputs using tainted argument $name. (Caused by: includes/GlobalFunctions.php 1549) (Caused by: includes/parser/PPFrame_Hash.php 117)" source="SecurityCheck-DoubleEscaped"/>
196	<error line="122" severity="warning" message="Calling method \wfEscapeWikiText() in \PPFrame_Hash::newChild that outputs using tainted argument $name. (Caused by: includes/GlobalFunctions.php 1549) (Caused by: includes/parser/PPFrame_Hash.php 117)" source="SecurityCheck-DoubleEscaped"/>
197	</file>
198	<file name="includes/parser/Parser.php">
199	<error line="555" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php 555)" source="SecurityCheck-DoubleEscaped"/>
200	<error line="762" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php 762)" source="SecurityCheck-DoubleEscaped"/>
201	<error line="1428" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php 1428)" source="SecurityCheck-DoubleEscaped"/>
202	<error line="1442" severity="warning" message="Calling method \Parser::doTableStuff() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 1449) (Caused by: includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1442)" source="SecurityCheck-DoubleEscaped"/>
203	<error line="1442" severity="warning" message="Calling method \Parser::doTableStuff() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 1449) (Caused by: includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1442)" source="SecurityCheck-DoubleEscaped"/>
204	<error line="1442" severity="warning" message="Calling method \Parser::doTableStuff() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 1449) (Caused by: includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1442)" source="SecurityCheck-DoubleEscaped"/>
205	<error line="1442" severity="warning" message="Calling method \Parser::doTableStuff() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 1449) (Caused by: includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1442)" source="SecurityCheck-DoubleEscaped"/>
206	<error line="1449" severity="warning" message="Calling method \Parser::replaceInternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 2239) (Caused by: includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1442; includes/parser/Parser.php 1444; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
207	<error line="1449" severity="warning" message="Calling method \Parser::replaceInternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 2239) (Caused by: includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1442; includes/parser/Parser.php 1444; includes/parser/Parser.php 1449)" source="SecurityCheck-DoubleEscaped"/>
208	<error line="1449" severity="warning" message="Calling method \Parser::replaceInternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 2239) (Caused by: includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1442; includes/parser/Parser.php 1444; includes/parser/Parser.php 1449)" source="SecurityCheck-DoubleEscaped"/>
209	<error line="1449" severity="warning" message="Calling method \Parser::replaceInternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 2239) (Caused by: includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1442; includes/parser/Parser.php 1444; includes/parser/Parser.php 1449)" source="SecurityCheck-DoubleEscaped"/>
210	<error line="1449" severity="warning" message="Calling method \Parser::replaceInternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 2239) (Caused by: includes/parser/Parser.php 1428; includes/parser/Parser.php 1442; includes/parser/Parser.php 1444; includes/parser/Parser.php 1449)" source="SecurityCheck-DoubleEscaped"/>
211	<error line="1451" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 1994) (Caused by: includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1442; includes/parser/Parser.php 1444; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
212	<error line="1451" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 1994) (Caused by: includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1442; includes/parser/Parser.php 1444; includes/parser/Parser.php 1449; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
213	<error line="1451" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 1994) (Caused by: includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1442; includes/parser/Parser.php 1444; includes/parser/Parser.php 1449; includes/parser/Parser.php 1451)" source="SecurityCheck-DoubleEscaped"/>
214	<error line="1451" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 1994) (Caused by: includes/parser/Parser.php 1428; includes/parser/Parser.php 1428; includes/parser/Parser.php 1442; includes/parser/Parser.php 1444; includes/parser/Parser.php 1449; includes/parser/Parser.php 1451)" source="SecurityCheck-DoubleEscaped"/>
215	<error line="1451" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 1994) (Caused by: includes/parser/Parser.php 1428; includes/parser/Parser.php 1442; includes/parser/Parser.php 1444; includes/parser/Parser.php 1449; includes/parser/Parser.php 1451)" source="SecurityCheck-DoubleEscaped"/>
216	<error line="1996" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php 1994)" source="SecurityCheck-DoubleEscaped"/>
217	<error line="2018" severity="warning" message="Calling method \LanguageConverter::markNoConversion() in \Parser::replaceExternalLinks that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 1728) (Caused by: includes/parser/Parser.php 1994; includes/parser/Parser.php 1996; includes/parser/Parser.php 2018)" source="SecurityCheck-DoubleEscaped"/>
218	<error line="2027" severity="warning" message="Calling method \Linker::makeExternalLink() in \Parser::replaceExternalLinks that outputs using tainted argument $text. (Caused by: includes/Linker.php 844) (Caused by: includes/parser/Parser.php 1994; includes/parser/Parser.php 1996; includes/parser/Parser.php 2018; includes/parser/Parser.php 2027)" source="SecurityCheck-DoubleEscaped"/>
219	<error line="2027" severity="warning" message="Calling method \Linker::makeExternalLink() in \Parser::replaceExternalLinks that outputs using tainted argument $text. (Caused by: includes/Linker.php 844) (Caused by: includes/parser/Parser.php 1994; includes/parser/Parser.php 1996; includes/parser/Parser.php 2027)" source="SecurityCheck-DoubleEscaped"/>
220	<error line="2238" severity="warning" message="Calling method \Parser::replaceInternalLinks2() in \Parser::replaceInternalLinks that outputs using tainted argument $s. (Caused by: includes/parser/Parser.php 2482) (Caused by: includes/parser/Parser.php 2482; includes/parser/Parser.php 2483; includes/parser/Parser.php 2482; includes/parser/Parser.php 2483; includes/parser/Parser.php 2482; includes/parser/Parser.php 2483; includes/parser/Parser.php 2482; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
221	<error line="2369" severity="warning" message="Calling method \Parser::maybeDoSubpageLink() in \Parser::replaceInternalLinks2 that outputs using tainted argument $text. (Caused by: includes/Linker.php 1384) (Caused by: includes/parser/Parser.php 2482; includes/parser/Parser.php 2483; includes/parser/Parser.php 2482; includes/parser/Parser.php 2483; includes/parser/Parser.php 2482; includes/parser/Parser.php 2483; includes/parser/Parser.php 2482; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
222	<error line="2421" severity="warning" message="Calling method \Parser::replaceInternalLinks2() in \Parser::replaceInternalLinks2 that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 2482) (Caused by: includes/parser/Parser.php 2482; includes/parser/Parser.php 2483; includes/parser/Parser.php 2482; includes/parser/Parser.php 2483; includes/parser/Parser.php 2482; includes/parser/Parser.php 2483; includes/parser/Parser.php 2482; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
223	<error line="2482" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php 2482)" source="SecurityCheck-DoubleEscaped"/>
224	<error line="2482" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php 2609; includes/parser/Parser.php 2609; includes/parser/Parser.php 2609; includes/parser/Parser.php 2609; includes/parser/Parser.php 2609; includes/parser/Parser.php 2609; includes/parser/Parser.php 2609; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
225	<error line="2482" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php 3338; includes/parser/Parser.php 3338; includes/parser/Parser.php 3338; includes/parser/Parser.php 3338; includes/parser/Parser.php 2369; includes/parser/Parser.php 3338; includes/parser/Parser.php 3338; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
226	<error line="2482" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::replaceInternalLinks2 that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 1994) (Caused by: includes/parser/Parser.php 2482; includes/parser/Parser.php 2483; includes/parser/Parser.php 2482; includes/parser/Parser.php 2483; includes/parser/Parser.php 2482; includes/parser/Parser.php 2483; includes/parser/Parser.php 2482; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
227	<error line="2483" severity="warning" message="Calling method \Parser::replaceInternalLinks2() in \Parser::replaceInternalLinks2 that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php 2482) (Caused by: includes/parser/Parser.php 2482; includes/parser/Parser.php 2483; includes/parser/Parser.php 2482; includes/parser/Parser.php 2483; includes/parser/Parser.php 2482; includes/parser/Parser.php 2483; includes/parser/Parser.php 2482; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
228	<error line="3492" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php 3489; includes/parser/Parser.php 3492)" source="SecurityCheck-DoubleEscaped"/>
229	<error line="3507" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php 3489; includes/parser/Parser.php 3492; includes/parser/Parser.php 3500)" source="SecurityCheck-XSS"/>
230	<error line="6187" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php 6187)" source="SecurityCheck-DoubleEscaped"/>
231	</file>
232	<file name="includes/parser/Preprocessor_DOM.php">
233	<error line="99" severity="warning" message="Calling method \UtfNormal\Validator::cleanUp() in \Preprocessor_DOM::newPartNodeArray that outputs using tainted argument $xml. (Caused by: includes/media/DjVuImage.php 302) (Caused by: includes/parser/Preprocessor_DOM.php 83; includes/parser/Preprocessor_DOM.php 86; includes/parser/Preprocessor_DOM.php 91; includes/parser/Preprocessor_DOM.php 99)" source="SecurityCheck-DoubleEscaped"/>
234	<error line="176" severity="warning" message="Calling method \UtfNormal\Validator::cleanUp() in \Preprocessor_DOM::preprocessToObj that outputs using tainted argument $xml. (Caused by: includes/media/DjVuImage.php 302) (Caused by: includes/parser/Preprocessor_DOM.php 155)" source="SecurityCheck-DoubleEscaped"/>
235	</file>
236	<file name="includes/parser/Sanitizer.php">
237	<error line="1438" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Sanitizer.php 1438)" source="SecurityCheck-DoubleEscaped"/>
238	</file>
239	<file name="includes/preferences/DefaultPreferencesFactory.php">
240	<error line="351" severity="warning" message="HTMLForm label key escapes its input (Caused by: Builtin-\Message::parse; includes/language/Message.php 945)" source="SecurityCheck-DoubleEscaped"/>
241	<error line="707" severity="warning" message="HTMLForm option label needs escaping (Maybe false positive as could not determine if it was key or value that is unescaped) (Caused by: includes/preferences/DefaultPreferencesFactory.php 704)" source="SecurityCheck-XSS"/>
242	</file>
243	<file name="includes/specials/SpecialExpandTemplates.php">
244	<error line="130" severity="warning" message="Calling method \SpecialExpandTemplates::makeOutput() in \SpecialExpandTemplates::execute that outputs using tainted argument $rawhtml. (Caused by: includes/specials/SpecialExpandTemplates.php 227) (Caused by: includes/specials/SpecialExpandTemplates.php 128)" source="SecurityCheck-DoubleEscaped"/>
245	</file>
246	<file name="includes/specials/SpecialNewpages.php">
247	<error line="490" severity="warning" message="Calling method \FeedItem::__construct() in \SpecialNewpages::feedItem that outputs using tainted argument $[arg #2]. (Caused by: includes/changes/FeedItem.php 145) (Caused by: includes/specials/SpecialNewpages.php 519)" source="SecurityCheck-DoubleEscaped"/>
248	</file>
249	<file name="includes/specials/SpecialRecentChanges.php">
250	<error line="476" severity="warning" message="Calling method \Xml::tags() in \SpecialRecentChanges::doHeader that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Xml::tags) (Caused by: includes/specials/SpecialRecentChanges.php 469)" source="SecurityCheck-DoubleEscaped"/>
251	<error line="819" severity="warning" message="Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php 785)" source="SecurityCheck-DoubleEscaped"/>
252	<error line="916" severity="warning" message="Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php 785) (Caused by: Builtin-\Message::parse; includes/language/Message.php 945)" source="SecurityCheck-DoubleEscaped"/>
253	<error line="919" severity="warning" message="Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php 785) (Caused by: Builtin-\Message::parse; includes/language/Message.php 945)" source="SecurityCheck-DoubleEscaped"/>
254	</file>
255	<file name="includes/specials/SpecialStatistics.php">
256	<error line="277" severity="warning" message="Calling method \Language::formatNum() in \SpecialStatistics::getOtherStats that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstallerOptions.php 333)" source="SecurityCheck-DoubleEscaped"/>
257	<error line="279" severity="warning" message="Calling method \Language::formatNum() in \SpecialStatistics::getOtherStats that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstallerOptions.php 333)" source="SecurityCheck-DoubleEscaped"/>
258	</file>
259	<file name="includes/specials/SpecialVersion.php">
260	<error line="100" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/specials/SpecialVersion.php 100)" source="SecurityCheck-DoubleEscaped"/>
261	<error line="124" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/specials/SpecialVersion.php 124)" source="SecurityCheck-DoubleEscaped"/>
262	<error line="578" severity="warning" message="Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserTags that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php 844) (Caused by: Builtin-\Message::parse; includes/language/Message.php 945)" source="SecurityCheck-DoubleEscaped"/>
263	<error line="584" severity="warning" message="Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserTags that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php 844) (Caused by: Builtin-\Message::parse; includes/language/Message.php 945)" source="SecurityCheck-DoubleEscaped"/>
264	<error line="593" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/specials/SpecialVersion.php 593)" source="SecurityCheck-DoubleEscaped"/>
265	<error line="619" severity="warning" message="Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserFunctionHooks that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php 844) (Caused by: Builtin-\Message::parse; includes/language/Message.php 945)" source="SecurityCheck-DoubleEscaped"/>
266	<error line="625" severity="warning" message="Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserFunctionHooks that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php 844) (Caused by: Builtin-\Message::parse; includes/language/Message.php 945)" source="SecurityCheck-DoubleEscaped"/>
267	<error line="776" severity="warning" message="Calling method \Linker::makeExternalLink() in \SpecialVersion::getCreditsForExtension that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php 844)" source="SecurityCheck-DoubleEscaped"/>
268	</file>
269	<file name="includes/specials/SpecialWhatLinksHere.php">
270	<error line="460" severity="warning" message="Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $prev. (Caused by: includes/specials/SpecialWhatLinksHere.php 442) (Caused by: includes/specials/SpecialWhatLinksHere.php 452)" source="SecurityCheck-DoubleEscaped"/>
271	<error line="464" severity="warning" message="Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $next. (Caused by: includes/specials/SpecialWhatLinksHere.php 442) (Caused by: includes/specials/SpecialWhatLinksHere.php 453)" source="SecurityCheck-DoubleEscaped"/>
272	<error line="472" severity="warning" message="Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $prettyLimit. (Caused by: includes/specials/SpecialWhatLinksHere.php 442) (Caused by: includes/specials/SpecialWhatLinksHere.php 470)" source="SecurityCheck-DoubleEscaped"/>
273	<error line="566" severity="warning" message="Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getFilterPanel that outputs using tainted argument $msg. (Caused by: includes/specials/SpecialWhatLinksHere.php 442) (Caused by: includes/specials/SpecialWhatLinksHere.php 564; includes/specials/SpecialWhatLinksHere.php 547; includes/specials/SpecialWhatLinksHere.php 548)" source="SecurityCheck-DoubleEscaped"/>
274	<error line="567" severity="warning" message="Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getFilterPanel that outputs using tainted argument $msg. (Caused by: includes/specials/SpecialWhatLinksHere.php 442) (Caused by: includes/specials/SpecialWhatLinksHere.php 564; includes/specials/SpecialWhatLinksHere.php 547; includes/specials/SpecialWhatLinksHere.php 548)" source="SecurityCheck-DoubleEscaped"/>
275	</file>
276	<file name="includes/specials/forms/UploadForm.php">
277	<error line="135" severity="warning" message="HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php 253)" source="SecurityCheck-XSS"/>
278	<error line="301" severity="warning" message="HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php 253)" source="SecurityCheck-XSS"/>
279	</file>
280	<file name="includes/specials/pagers/AllMessagesTablePager.php">
281	<error line="264" severity="warning" message="Calling method \MediaWiki\Linker\LinkRenderer::makeKnownLink() in \AllMessagesTablePager::formatValue that outputs using tainted argument $talkLink. (Caused by: Builtin-\MediaWiki\Linker\LinkRenderer::makeKnownLink) (Caused by: includes/specials/pagers/AllMessagesTablePager.php 253)" source="SecurityCheck-DoubleEscaped"/>
282	<error line="266" severity="warning" message="Calling method \MediaWiki\Linker\LinkRenderer::makeBrokenLink() in \AllMessagesTablePager::formatValue that outputs using tainted argument $talkLink. (Caused by: includes/linker/LinkRenderer.php 357) (Caused by: includes/specials/pagers/AllMessagesTablePager.php 253)" source="SecurityCheck-DoubleEscaped"/>
283	<error line="302" severity="warning" message="Calling method \Html::element() in \AllMessagesTablePager::formatRow that outputs using tainted argument $formatted. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/pagers/AllMessagesTablePager.php 296)" source="SecurityCheck-DoubleEscaped"/>
284	</file>
285	<file name="includes/specials/pagers/UsersPager.php">
286	<error line="177" severity="warning" message="Calling method \Linker::userLink() in \UsersPager::formatRow that outputs using tainted argument $userName. (Caused by: includes/Linker.php 918) (Caused by: includes/specials/pagers/UsersPager.php 175; includes/EditPage.php 3851; includes/EditPage.php 3878; includes/user/UserRightsProxy.php 130)" source="SecurityCheck-DoubleEscaped"/>
287	</file>
288	<file name="includes/user/User.php">
289	<error line="4519" severity="warning" message="Calling method \User::sendMail() in \User::sendConfirmationMail that outputs using tainted argument $[arg #4]. (Caused by: includes/user/User.php 4544) (Caused by: includes/user/User.php 4497)" source="SecurityCheck-XSS"/>
290	<error line="4776" severity="error" message="Calling method \Wikimedia\Rdbms\Database::selectField() in \User::getEditTimestamp that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::selectField) (Caused by: includes/user/User.php 4772)" source="SecurityCheck-SQLInjection"/>
291	<error line="5047" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::selectField() in \User::initEditCountInternal that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::selectField) (Caused by: includes/user/User.php 5046)" source="SecurityCheck-SQLInjection"/>
292	</file>
293	<file name="languages/Language.php">
294	<error line="4240" severity="warning" message="Calling method \htmlspecialchars() in \Language::convertHtml that outputs using tainted argument $[arg #1]. (Caused by: languages/Language.php 4185; languages/Language.php 4185; languages/Language.php 4240)" source="SecurityCheck-DoubleEscaped"/>
295	</file>
296	<file name="maintenance/convertLinks.php">
297	<error line="221" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \ConvertLinks::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/convertLinks.php 209; maintenance/convertLinks.php 205; maintenance/convertLinks.php 204; maintenance/convertLinks.php 158)" source="SecurityCheck-SQLInjection"/>
298	</file>
299	<file name="maintenance/populateContentTables.php">
300	<error line="219" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::select() in \PopulateContentTables::populateTable that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::select) (Caused by: maintenance/populateContentTables.php 218; maintenance/populateContentTables.php 217; maintenance/populateContentTables.php 201)" source="SecurityCheck-SQLInjection"/>
301	</file>
302	<file name="maintenance/refreshExternallinksIndex.php">
303	<error line="73" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RefreshExternallinksIndex::doDBUpdates that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance/refreshExternallinksIndex.php 71; maintenance/populateContentTables.php 201; maintenance/refreshExternallinksIndex.php 59)" source="SecurityCheck-SQLInjection"/>
304	</file>
305	<file name="maintenance/storage/compressOld.php">
306	<error line="331" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \CompressOld::compressWithConcat that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: includes/Title.php 3562; includes/Title.php 3562)" source="SecurityCheck-SQLInjection"/>
307	</file>
308	</checkstyle>

It has 187 warnings, of which 165 are DoubleEscaped. This is way less than T216348#5185224.

Some of those are actual issues. However, I'd like to wait for seccheck 3.0 before starting to fix them.

Daimona mentioned this in T230234: Sanitizer::stripAllTags() causing double-escape false positive from phan-taint-check.Aug 13 2019, 11:51 AM

Daimona mentioned this in T231311: Enable seccheck for MW core.Aug 27 2019, 12:48 PM

Daimona added a parent task: T231311: Enable seccheck for MW core.

• chasemp moved this task from Incoming to Back Orders on the Security-Team board.Dec 2 2019, 8:52 PM

Latest result with taint-check 3.0.1 (excluding roughly 120 DoubleEscaped warnings):

<checkstyle version="6.5">
  <file name="includes/OutputPage.php">
    <error line="2559" severity="warning" message="Echoing expression that was not html escaped (Caused by: includes/OutputPage.php  1611; includes/OutputPage.php  1589; includes/OutputPage.php  1598; includes/OutputPage.php  1970; includes/OutputPage.php  2559; includes/OutputPage.php  2653; includes/OutputPage.php  3981; includes/OutputPage.php  2843; i...)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/Revision/RevisionStore.php">
    <error line="2452" severity="error" message="Calling method \Wikimedia\Rdbms\DBConnRef::selectField() in \MediaWiki\Revision\RevisionStore::getRelativeRevision that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\DBConnRef::selectField)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="includes/export/WikiExporter.php">
    <error line="529" severity="warning" message="Calling method \DumpOutput::writeOpenPage() in \WikiExporter::outputPageStreamBatch that outputs using tainted argument $output. (Caused by: includes/export/DumpOutput.php  50) (Caused by: includes/export/WikiExporter.php  528)" source="SecurityCheck-XSS"/>
    <error line="532" severity="warning" message="Calling method \DumpOutput::writeRevision() in \WikiExporter::outputPageStreamBatch that outputs using tainted argument $output. (Caused by: includes/export/DumpOutput.php  65) (Caused by: includes/export/WikiExporter.php  531)" source="SecurityCheck-XSS"/>
    <error line="596" severity="warning" message="Calling method \DumpOutput::writeLogItem() in \WikiExporter::outputLogStream that outputs using tainted argument $output. (Caused by: includes/export/DumpOutput.php  73) (Caused by: includes/export/WikiExporter.php  595)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/installer/CliInstaller.php">
    <error line="233" severity="warning" message="Echoing expression that was not html escaped (Caused by: includes/installer/CliInstaller.php  253)" source="SecurityCheck-XSS"/>
    <error line="238" severity="warning" message="Echoing expression that was not html escaped (Caused by: includes/installer/CliInstaller.php  253)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/installer/PostgresUpdater.php">
    <error line="1113" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \PostgresUpdater::dropFkey that outputs using tainted argument $command. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/installer/PostgresUpdater.php  1112; includes/installer/PostgresUpdater.php  1108)" source="SecurityCheck-SQLInjection"/>
    <error line="1135" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \PostgresUpdater::changeFkeyDeferrable that outputs using tainted argument $command. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/installer/PostgresUpdater.php  1134; includes/installer/PostgresUpdater.php  1131)" source="SecurityCheck-SQLInjection"/>
    <error line="1144" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \PostgresUpdater::changeFkeyDeferrable that outputs using tainted argument $command. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/installer/PostgresUpdater.php  1134; includes/installer/PostgresUpdater.php  1131; includes/installer/PostgresUpdater.php  1141; includes/installer/PostgresUpdater.php  1133; includes/installer/PostgresUpdater.php  1131)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="includes/installer/WebInstallerOptions.php">
    <error line="217" severity="warning" message="Calling method \Message::rawParams() in \WebInstallerOptions::execute that outputs using tainted argument $ext. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/installer/WebInstallerOptions.php  160; includes/installer/WebInstallerOptions.php  175) (Param is raw)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/jobqueue/utils/BacklinkJobUtils.php">
    <error line="102" severity="error" message="Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument $[arg #1]. (Caused by: includes/cache/BacklinkCache.php  441) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php  90)" source="SecurityCheck-SQLInjection"/>
    <error line="112" severity="error" message="Calling method \BacklinkCache::getLinks() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument $[arg #1]. (Caused by: includes/cache/BacklinkCache.php  172) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php  90)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="includes/libs/rdbms/database/DatabasePostgres.php">
    <error line="835" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \Wikimedia\Rdbms\DatabasePostgres::resetSequencesForTable that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/libs/rdbms/database/DatabasePostgres.php  831)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="includes/libs/rdbms/database/DatabaseSqlite.php">
    <error line="1026" severity="error" message="Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Wikimedia\Rdbms\DatabaseSqlite::duplicateTableStructure that outputs using tainted argument $sql. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/libs/rdbms/database/DatabaseSqlite.php  1009; includes/libs/rdbms/database/DatabaseSqlite.php  1022)" source="SecurityCheck-SQLInjection"/>
    <error line="1052" severity="error" message="Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Wikimedia\Rdbms\DatabaseSqlite::duplicateTableStructure that outputs using tainted argument $sql. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/libs/rdbms/database/DatabaseSqlite.php  1042; includes/libs/rdbms/database/DatabaseSqlite.php  1041; includes/Storage/NameTableStore.php  384; includes/libs/rdbms/database/DatabaseSqlite.php  607; includes/libs/rdbms/database/DatabaseSqlite...)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="includes/logging/LogFormatter.php">
    <error line="255" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="260" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="273" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="277" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="304" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="310" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="314" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="320" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="335" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="348" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="353" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="372" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="376" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="383" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="406" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $duration. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  400) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="406" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="410" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="421" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $duration. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  414) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="421" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="430" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="434" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/logging/LogPage.php">
    <error line="250" severity="warning" message="Calling method \Message::rawParams() in \LogPage::actionText that outputs using tainted argument $titleLink. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogPage.php  247) (Param is raw)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/page/ImagePage.php">
    <error line="165" severity="warning" message="Calling method \OutputPage::addHTML() in \ImagePage::view that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/page/ImagePage.php  733; includes/page/ImagePage.php  709)" source="SecurityCheck-XSS"/>
    <error line="510" severity="warning" message="Calling method \Message::rawParams() in \ImagePage::openShowImage that outputs using tainted argument $select. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/page/ImagePage.php  502) (Param is raw)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/parser/Parser.php">
    <error line="3511" severity="warning" message="Calling method \Parser::insertStripItem() in \Parser::braceSubstitution that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php  1230)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/preferences/DefaultPreferencesFactory.php">
    <error line="379" severity="warning" message="Calling method \Message::rawParams() in \MediaWiki\Preferences\DefaultPreferencesFactory::profilePreferences that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/preferences/DefaultPreferencesFactory.php  364; includes/preferences/DefaultPreferencesFactory.php  350; includes/preferences/DefaultPreferencesFactory.php  372) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="379" severity="warning" message="Calling method \Message::rawParams() in \MediaWiki\Preferences\DefaultPreferencesFactory::profilePreferences that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/preferences/DefaultPreferencesFactory.php  365; includes/preferences/DefaultPreferencesFactory.php  351; includes/preferences/DefaultPreferencesFactory.php  373) (Param is raw)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/resourceloader/ResourceLoader.php">
    <error line="917" severity="warning" message="Echoing expression that was not html escaped (Caused by: includes/resourceloader/ResourceLoader.php  870; includes/resourceloader/ResourceLoader.php  902)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/specials/SpecialContributions.php">
    <error line="579" severity="warning" message="HTMLForm option label needs escaping (for value 'associated') (Caused by: Builtin-\Message::text; includes/language/Message.php  952)" source="SecurityCheck-XSS"/>
    <error line="579" severity="warning" message="HTMLForm option label needs escaping (for value 'nsInvert') (Caused by: Builtin-\Message::text; includes/language/Message.php  952)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/specials/SpecialUserrights.php">
    <error line="677" severity="warning" message="Calling method \Message::rawParams() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/specials/SpecialUserrights.php  654; includes/specials/SpecialUserrights.php  650; includes/specials/SpecialUserrights.php  657; includes/specials/SpecialUserrights.php  650) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="677" severity="warning" message="Calling method \Message::rawParams() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/specials/SpecialUserrights.php  655; includes/specials/SpecialUserrights.php  651; includes/specials/SpecialUserrights.php  658; includes/specials/SpecialUserrights.php  651) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="682" severity="warning" message="Calling method \Message::rawParams() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/specials/SpecialUserrights.php  670) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="682" severity="warning" message="Calling method \Message::rawParams() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/specials/SpecialUserrights.php  671) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="757" severity="warning" message="Calling method \OutputPage::addHTML() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialUserrights.php  691; includes/specials/SpecialUserrights.php  695; includes/specials/SpecialUserrights.php  677; includes/specials/SpecialUserrights.php  704; includes/specials/SpecialUserrights.php  700; includes/specials/S...  includes/specials/SpecialUserrights.php  724)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/specials/SpecialVersion.php">
    <error line="153" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialVersion::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialVersion.php  495; includes/specials/SpecialVersion.php  483; includes/specials/SpecialVersion.php  491; includes/specials/SpecialVersion.php  493; includes/specials/SpecialVersion.php  469; includes/specials/SpecialVersion.php  436; includes/specials/SpecialVersion.php  460; includes/specials/SpecialVersion.php  465; includes/specials/SpecialVersion.php  467; includes/specials/SpecialVersion.php  600; includes/specials/SpecialVersion.php  642; includes/specials/SpecialVersion.php  671)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/specials/forms/UploadForm.php">
    <error line="139" severity="warning" message="HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php  263)" source="SecurityCheck-XSS"/>
    <error line="306" severity="warning" message="HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php  263)" source="SecurityCheck-XSS"/>
  </file>
  <file name="maintenance/convertExtensionToRegistration.php">
    <error line="87" severity="warning" message="Argument to require, include or eval is user controlled (Caused by: maintenance/convertExtensionToRegistration.php  83)" source="SecurityCheck-OTHER"/>
  </file>
  <file name="maintenance/convertLinks.php">
    <error line="226" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \ConvertLinks::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/convertLinks.php  214; maintenance/convertLinks.php  210; maintenance/convertLinks.php  157; maintenance/convertLinks.php  206; maintenance/convertLinks.php  209; maintenance/convertLinks.php  162; includes/installer/MysqlUpdater.php  61...)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/fixTimestamps.php">
    <error line="54" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \FixTimestamps::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/fixTimestamps.php  48; maintenance/fixTimestamps.php  47)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/generateJsonI18n.php">
    <error line="71" severity="warning" message="Calling method \GenerateJsonI18n::transformI18nFile() in \GenerateJsonI18n::execute that outputs using tainted argument $phpfile. (Caused by: maintenance/generateJsonI18n.php  113) (Caused by: maintenance/generateJsonI18n.php  51; maintenance/generateJsonI18n.php  60; maintenance/generateJsonI18n.php  53)" source="SecurityCheck-OTHER"/>
    <error line="91" severity="warning" message="Calling method \GenerateJsonI18n::transformI18nFile() in \GenerateJsonI18n::execute that outputs using tainted argument $phpfile. (Caused by: maintenance/generateJsonI18n.php  113) (Caused by: maintenance/generateJsonI18n.php  51; maintenance/generateJsonI18n.php  60; maintenance/generateJsonI18n.php  53)" source="SecurityCheck-OTHER"/>
  </file>
  <file name="maintenance/includes/MigrateActors.php">
    <error line="316" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::update() in \MigrateActors::migrate that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::update) (Caused by: maintenance/includes/MigrateActors.php  306)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/mergeMessageFileList.php">
    <error line="170" severity="warning" message="Argument to require, include or eval is user controlled (Caused by: maintenance/mergeMessageFileList.php  159)" source="SecurityCheck-OTHER"/>
  </file>
  <file name="maintenance/migrateComments.php">
    <error line="105" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::insert() in \MigrateComments::loadCommentIDs that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::insert) (Caused by: maintenance/migrateComments.php  73)" source="SecurityCheck-SQLInjection"/>
    <error line="105" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::insert() in \MigrateComments::loadCommentIDs that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::insert) (Caused by: maintenance/migrateComments.php  73; maintenance/migrateComments.php  169; maintenance/migrateComments.php  97; maintenance/migrateComments.php  263; maintenance/migrateComments.php  97; maintenance/migrateComments.php  265; maintenance/migrateComme...)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/nukeNS.php">
    <error line="62" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukeNS::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukeNS.php  54)" source="SecurityCheck-SQLInjection"/>
    <error line="72" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukeNS::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukeNS.php  69)" source="SecurityCheck-SQLInjection"/>
    <error line="88" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukeNS::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukeNS.php  69)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/nukePage.php">
    <error line="63" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukePage::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukePage.php  56)" source="SecurityCheck-SQLInjection"/>
    <error line="74" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukePage::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukePage.php  56)" source="SecurityCheck-SQLInjection"/>
    <error line="77" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukePage::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukePage.php  56)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/populateContentModel.php">
    <error line="61" severity="error" message="Calling method \PopulateContentModel::populateRevisionOrArchive() in \PopulateContentModel::execute that outputs using tainted argument $table. (Caused by: maintenance/populateContentModel.php  229) (Caused by: maintenance/populateContentModel.php  57)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/populateContentTables.php">
    <error line="217" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::select() in \PopulateContentTables::populateTable that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::select) (Caused by: maintenance/populateContentTables.php  216; maintenance/populateContentTables.php  215; maintenance/populateContentTables.php  199)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/recountCategories.php">
    <error line="126" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues() in \RecountCategories::doWork that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues) (Caused by: maintenance/recountCategories.php  117; maintenance/recountCategories.php  82)" source="SecurityCheck-SQLInjection"/>
    <error line="126" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues() in \RecountCategories::doWork that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues) (Caused by: maintenance/recountCategories.php  117; maintenance/recountCategories.php  82; maintenance/recountCategories.php  145)" source="SecurityCheck-SQLInjection"/>
    <error line="161" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::update() in \RecountCategories::doWork that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::update) (Caused by: includes/jobqueue/JobQueueDB.php  643; maintenance/recountCategories.php  160; maintenance/recountCategories.php  82)" source="SecurityCheck-SQLInjection"/>
    <error line="161" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::update() in \RecountCategories::doWork that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::update) (Caused by: maintenance/recountCategories.php  82; includes/jobqueue/JobQueueDB.php  643; maintenance/recountCategories.php  160; maintenance/recountCategories.php  160)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/refreshExternallinksIndex.php">
    <error line="73" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RefreshExternallinksIndex::doDBUpdates that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance/refreshExternallinksIndex.php  71; maintenance/populateContentTables.php  199; maintenance/refreshExternallinksIndex.php  59)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/runBatchedQuery.php">
    <error line="80" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RunBatchedQuery::execute that outputs using tainted argument $key. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance/runBatchedQuery.php  51)" source="SecurityCheck-SQLInjection"/>
    <error line="80" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RunBatchedQuery::execute that outputs using tainted argument $table. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance/runBatchedQuery.php  50)" source="SecurityCheck-SQLInjection"/>
    <error line="81" severity="error" message="ORDER BY clause is user controlled (Caused by: maintenance/runBatchedQuery.php  51) (Originally at: maintenance/runBatchedQuery.php:80)" source="SecurityCheck-SQLInjection"/>
    <error line="97" severity="error" message="IDatabase::makeList with LIST_AND, LIST_OR or LIST_SET must sql escape string key names and values of numeric keys (Caused by: maintenance/runBatchedQuery.php  87; maintenance/runBatchedQuery.php  92)" source="SecurityCheck-SQLInjection"/>
    <error line="99" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \RunBatchedQuery::execute that outputs using tainted argument $query. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/runBatchedQuery.php  95; maintenance/runBatchedQuery.php  52)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/runScript.php">
    <error line="64" severity="warning" message="Argument to require, include or eval is user controlled (Caused by: maintenance/runScript.php  57)" source="SecurityCheck-OTHER"/>
  </file>
  <file name="maintenance/sql.php">
    <error line="112" severity="error" message="Calling method \MwSql::sqlDoQuery() in \MwSql::execute that outputs using tainted argument $query. (Caused by: maintenance/sql.php  174) (Caused by: maintenance/sql.php  111)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/sqlite.inc">
    <error line="80" severity="error" message="Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Sqlite::checkSqlSyntax that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/Storage/NameTableStore.php  384; includes/libs/rdbms/database/DatabaseSqlite.php  607; includes/libs/rdbms/database/DatabaseSqlite.php  783; includes/libs/rdbms/database/DatabaseSqlite.php  1030; includes/libs/rdbms/database/DatabaseSqlite....)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/storage/compressOld.php">
    <error line="328" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \CompressOld::compressWithConcat that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: includes/resourceloader/ResourceLoaderWikiModule.php  440; maintenance/checkBadRedirects.php  49; maintenance/deleteOldRevisions.php  64; maintenance/orphans.php  160; includes/CategoryFinder.php  216; includes/CategoryFinder.php  248; includes/api/ApiQueryInfo.php  755; includes/api/ApiQueryAllPages.php  217; includes/api/ApiQueryAllPages.php  226; includes/api/ApiQueryBacklinks.php  182; includes/api/ApiQueryBac...)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/uppercaseTitlesForUnicodeTransition.php">
    <error line="153" severity="warning" message="Argument to require, include or eval is user controlled (Caused by: maintenance/uppercaseTitlesForUnicodeTransition.php  146)" source="SecurityCheck-OTHER"/>
  </file>
</checkstyle>

Change 589891 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/core@master] maintenance: Add @return-taint none to getArg and getOption

https://gerrit.wikimedia.org/r/589891

Change 589891 merged by jenkins-bot:
[mediawiki/core@master] maintenance: Add @return-taint none to getArg and getOption

https://gerrit.wikimedia.org/r/589891

ReleaseTaggerBot added a project: MW-1.35-notes (1.35.0-wmf.30; 2020-04-28).Apr 18 2020, 8:00 PM

It is possible that the new version of taint check taking mixed different as before? I seeing some false positive where mixed return type of functions seems to be involved.

<file name="maintenance\refreshExternallinksIndex.php">
  <error line="76" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RefreshExternallinksIndex::doDBUpdates that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance\refreshExternallinksIndex.php  74; maintenance\populateContentTables.php  199; maintenance\refreshExternallinksIndex.php  61)" source="SecurityCheck-SQLInjection"/>
</file>

		$start = $minmax->min - 1;
		$last = $minmax->max;
		$lbFactory = MediaWikiServices::getInstance()->getDBLoadBalancerFactory();
		while ( $start < $last ) {
			$end = min( $start   $this->mBatchSize, $last );      // <!-- php.net document min() as mixed return type - I hope that phan can see that this would return always an int as real type
			$this->output( "el_id $start - $end of $last\n" );
			$res = $dbw->select( 'externallinks', [ 'el_id', 'el_to', 'el_index' ],
				[
					"el_id > $start",
					"el_id <= $end",
				],
				__METHOD__,
				[ 'ORDER BY' => 'el_id' ]
			);

Or it is a issue with objects as $minmax is a object with two int fields.

<file name="includes\specials\pagers\ImageListPager.php">
  <error line="503" severity="warning" message="Calling method \MediaWiki\Linker\LinkRenderer::makeLink() in \ImageListPager::formatValue that outputs using tainted argument $name. (Caused by: Builtin-\MediaWiki\Linker\LinkRenderer::makeLink) (Caused by: includes\specials\pagers\ImageListPager.php  502)" source="SecurityCheck-DoubleEscaped"/>
</file>

					$name = User::whoIs( $this->mCurrentRow->img_user );
					$link = $linkRenderer->makeLink(
						Title::makeTitle( NS_USER, $name ),
						$name
					);

The $name seems save and correct as there is no escaping involved. User::whoIs takes it data from UserCache::getProp which is documented as mixed

Change 595234 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Avoid reuse of local variable in RevisionStore

https://gerrit.wikimedia.org/r/595234

Change 595237 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Use db abstraction layer in nukePage and nukeNS maintenance script

https://gerrit.wikimedia.org/r/595237

In T216348#6120083, @Umherirrender wrote:

It is possible that the new version of taint check taking mixed different as before? I seeing some false positive where mixed return type of functions seems to be involved.

Not in taint-check directly, as it doesn't care about types, except for a very small part.

The call to min() isn't clearing the taint from its arguments, and that's indeed because the function returns mixed. Taint-check handles internal funcs that return min as if they just preserve the taint of the arguments, and that's what it does here. However, it's always been like this AFAIK.

The $name seems save and correct as there is no escaping involved.

I can't tell for sure. Taint-check does have several false positives, but it also analyzes things very deeply, and lots of times I have found it to be right even when it didn't seem so at first.

User::whoIs takes it data from UserCache::getProp which is documented as mixed

It might or might not be related. Unlike built-in PHP functions, method are analyzed thoroughly, and the return type only plays a tiny part.

As a side note, I suggest not to worry about taint-check issues for core. Many of those are false positives, and I'm focusing on them for the next release.

In T216348#6120274, @Daimona wrote:

In T216348#6120083, @Umherirrender wrote:

It is possible that the new version of taint check taking mixed different as before? I seeing some false positive where mixed return type of functions seems to be involved.

Not in taint-check directly, as it doesn't care about types, except for a very small part.

The call to min() isn't clearing the taint from its arguments, and that's indeed because the function returns mixed. Taint-check handles internal funcs that return min as if they just preserve the taint of the arguments, and that's what it does here. However, it's always been like this AFAIK.

But than it takes the taint of the arguments of min() different as in release before, but that looks all like int for me. Maybe needs a deeper check.

The $name seems save and correct as there is no escaping involved.

I can't tell for sure. Taint-check does have several false positives, but it also analyzes things very deeply, and lots of times I have found it to be right even when it didn't seem so at first.

User::whoIs takes it data from UserCache::getProp which is documented as mixed

It might or might not be related. Unlike built-in PHP functions, method are analyzed thoroughly, and the return type only plays a tiny part.

It seems that all user names are unsafe as seeing many places with users from the UserCache or from User::getName, very confusing. Seems also needs a deeper check.

As a side note, I suggest not to worry about taint-check issues for core. Many of those are false positives, and I'm focusing on them for the next release.

Not all, I just looking around and try to fix some of them.

In T216348#6120317, @Umherirrender wrote:

In T216348#6120274, @Daimona wrote:

In T216348#6120083, @Umherirrender wrote:

It is possible that the new version of taint check taking mixed different as before? I seeing some false positive where mixed return type of functions seems to be involved.

Not in taint-check directly, as it doesn't care about types, except for a very small part.

The call to min() isn't clearing the taint from its arguments, and that's indeed because the function returns mixed. Taint-check handles internal funcs that return min as if they just preserve the taint of the arguments, and that's what it does here. However, it's always been like this AFAIK.

But than it takes the taint of the arguments of min() different as in release before

This is possible, but the current is intended behaviour.

, but that looks all like int for me. Maybe needs a deeper check.

Phan hardcodes min() as returning mixed, there's nothing we can do about that -- except add a special case, like "if all arguments to min() are integers, then the return value is an integer", but that should really live inside phan, not taint-check. There's no other "deeper check" that would work, take the following:

$min = min( ['<script>alert()</script>'], [42]);
echo $min[0];

It seems that all user names are unsafe as seeing many places with users from the UserCache or from User::getName, very confusing. Seems also needs a deeper check.

User names *are* unsafe, so nothing wrong here.

As a side note, I suggest not to worry about taint-check issues for core. Many of those are false positives, and I'm focusing on them for the next release.

Not all, I just looking around and try to fix some of them.

Yeah, I was just suggesting to wait for a release or two, because many issues are false positives, and there are many other false negatives that still don't show up.

In T216348#6120345, @Daimona wrote:

It seems that all user names are unsafe as seeing many places with users from the UserCache or from User::getName, very confusing. Seems also needs a deeper check.

User names *are* unsafe, so nothing wrong here.

It seems is the other way round. User names are treated as safe and using it in places where escaping is known (as LinkRenderer::makeLink as second argument) it is reported as DoubleEscaped.
Also pass an user name to wfEscapeWikiText reports DoubleEscaped

In T216348#6120497, @Umherirrender wrote:

In T216348#6120345, @Daimona wrote:

It seems that all user names are unsafe as seeing many places with users from the UserCache or from User::getName, very confusing. Seems also needs a deeper check.

User names *are* unsafe, so nothing wrong here.

It seems is the other way round. User names are treated as safe and using it in places where escaping is known (as LinkRenderer::makeLink as second argument) it is reported as DoubleEscaped.
Also pass an user name to wfEscapeWikiText reports DoubleEscaped

Taint for User::mName is polluted by Wikimedia\IPUtils::sanitizeIP.
When comment out that statement in User::getName then many issues go away (including the one listed above from ImageListPager)

Change 595255 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Improve some message escaping on special pages

https://gerrit.wikimedia.org/r/595255

Change 595234 merged by jenkins-bot:
[mediawiki/core@master] Avoid reuse of local variable in RevisionStore

https://gerrit.wikimedia.org/r/595234

ReleaseTaggerBot edited projects, added MW-1.35-notes (1.35.0-wmf.32; 2020-05-12); removed MW-1.35-notes (1.35.0-wmf.30; 2020-04-28).May 9 2020, 8:00 PM

Change 595237 merged by jenkins-bot:
[mediawiki/core@master] Use db abstraction layer in nukePage and nukeNS maintenance script

https://gerrit.wikimedia.org/r/595237

Change 595255 abandoned by Umherirrender:
[mediawiki/core@master] Improve some message escaping on special pages

Reason:
Outdated and seems unneeded/unwanted

https://gerrit.wikimedia.org/r/595255

With mw-phan 0.10.4 we have 157 errors, 100 of which are DoubleEscaped:

phan 0.10.4

13:49:09 includes/AjaxDispatcher.php:112 UnusedSuppression Element \AjaxDispatcher::performAction suppresses issue SecurityCheck-XSS but does not use it
13:49:09 includes/CategoryViewer.php:193 SecurityCheck-DoubleEscaped Calling method \CategoryViewer::generateLink() in \CategoryViewer::addSubcategoryObject that outputs using tainted argument $[arg #4]. (Caused by: includes/CategoryViewer.php  212)
13:49:09 includes/GlobalFunctions.php:913 PhanRedundantCondition Redundant attempt to cast $wgDebugRawPage of type true to truthy
13:49:09 includes/GlobalFunctions.php:1310 PhanRedundantCondition Redundant attempt to cast $wgShowHostnames of type true to truthy
13:49:09 includes/OutputPage.php:2607 SecurityCheck-XSS Echoing expression that was not html escaped (Caused by: includes/OutputPage.php  1631; includes/OutputPage.php  1609; includes/OutputPage.php  1618; includes/OutputPage.php  2607; includes/OutputPage.php  2699; includes/OutputPage.php  4063; includes/OutputPage.php  2889; includes/OutputPage.php  2777; i...)
13:49:09 includes/actions/RawAction.php:127 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \RawAction::onView that outputs using tainted argument $msg. (Caused by: includes/exception/HttpError.php  125) (Caused by: includes/actions/RawAction.php  126)
13:49:09 includes/actions/RawAction.php:152 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \RawAction::onView that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php  125) (Caused by: includes/GlobalFunctions.php  1228)
13:49:09 includes/api/ApiCSPReport.php:190 SecurityCheck-DoubleEscaped Calling method \ApiCSPReport::error() in \ApiCSPReport::getReport that outputs using tainted argument $msg. (Caused by: includes/api/ApiCSPReport.php  254) (Caused by: includes/api/ApiCSPReport.php  186)
13:49:09 includes/api/ApiFormatPhp.php:36 UnusedSuppression Element \ApiFormatPhp::execute suppresses issue SecurityCheck-XSS but does not use it
13:49:09 includes/api/ApiHelp.php:311 SecurityCheck-DoubleEscaped Calling method \Html::element() in \ApiHelp::getHelpInternal that outputs using tainted argument $headerContent. (Caused by: Builtin-\Html::element) (Caused by: includes/api/ApiHelp.php  278; includes/api/ApiHelp.php  287)
13:49:09 includes/api/ApiTokens.php:42 PhanParamTooManyCallable Call with 1 arg(s) to Closure() (As a provided callable) which only takes 0 arg(s) defined at includes/api/ApiTokens.php:78
13:49:09 includes/config/EtcdConfig.php:110 PhanTypeArraySuspiciousNullable Suspicious array access to $this->procCache of nullable type array|null
13:49:09 includes/config/EtcdConfig.php:116 PhanTypeArraySuspiciousNullable Suspicious array access to $this->procCache of nullable type array|null
13:49:09 includes/config/EtcdConfig.php:125 PhanTypeArraySuspiciousNullable Suspicious array access to $this->procCache of nullable type array|array<string,non-empty-mixed>|null
13:49:09 includes/exception/HttpError.php:125 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \HttpError::getHTML that outputs using tainted argument $[arg #1]. (Caused by: includes/exception/HttpError.php  125; includes/actions/RawAction.php  127)
13:49:09 includes/exception/HttpError.php:125 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \HttpError::getHTML that outputs using tainted argument $[arg #1]. (Caused by: includes/exception/HttpError.php  125; includes/actions/RawAction.php  127; includes/actions/RawAction.php  152; includes/linkeddata/PageDataRequestHandler.php  76; includes/linkeddata/PageDataRequestHandler.php  93; includes/linkeddata/PageDataRequ...)
13:49:09 includes/exception/MWException.php:115 PhanRedundantCondition Redundant attempt to cast $wgShowExceptionDetails of type true to truthy
13:49:09 includes/exception/MWException.php:152 PhanRedundantCondition Redundant attempt to cast $wgShowExceptionDetails of type true to truthy
13:49:09 includes/export/WikiExporter.php:601 SecurityCheck-XSS Calling method \DumpOutput::writeLogItem() in \WikiExporter::outputLogStream that outputs using tainted argument $output. (Caused by: includes/export/DumpOutput.php  73) (Caused by: includes/export/WikiExporter.php  600)
13:49:09 includes/htmlform/fields/HTMLFormFieldCloner.php:400 SecurityCheck-DoubleEscaped Calling method \Html::rawElement() in \HTMLFormFieldCloner::getInputHTML that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::rawElement) (Caused by: includes/htmlform/fields/HTMLFormFieldCloner.php  399)
13:49:09 includes/htmlform/fields/HTMLFormFieldCloner.php:472 SecurityCheck-DoubleEscaped Calling method \Html::rawElement() in \HTMLFormFieldCloner::getInputOOUI that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::rawElement) (Caused by: includes/htmlform/fields/HTMLFormFieldCloner.php  471)
13:49:09 includes/installer/CliInstaller.php:246 SecurityCheck-XSS Echoing expression that was not html escaped (Caused by: includes/installer/CliInstaller.php  266)
13:49:09 includes/installer/CliInstaller.php:251 SecurityCheck-XSS Echoing expression that was not html escaped (Caused by: includes/installer/CliInstaller.php  266)
13:49:09 includes/installer/DatabaseInstaller.php:688 SecurityCheck-DoubleEscaped Calling method \DatabaseInstaller::getPasswordBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php  589) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/DatabaseInstaller.php:688 SecurityCheck-DoubleEscaped Calling method \DatabaseInstaller::getTextBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php  562) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/DatabaseInstaller.php:690 SecurityCheck-DoubleEscaped Calling method \DatabaseInstaller::getTextBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php  562) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/DatabaseInstaller.php:696 SecurityCheck-DoubleEscaped Calling method \DatabaseInstaller::getPasswordBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php  589) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/Installer.php:1534 UnusedSuppression Element \Installer::includeExtensions suppresses issue SecurityCheck-OTHER but does not use it
13:49:09 includes/installer/Installer.php:1566 UnusedSuppression Element \Installer::getAutoExtensionLegacyHooks suppresses issue SecurityCheck-OTHER but does not use it
13:49:09 includes/installer/MysqlInstaller.php:82 SecurityCheck-DoubleEscaped Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/MysqlInstaller.php:90 SecurityCheck-DoubleEscaped Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/MysqlInstaller.php:92 SecurityCheck-DoubleEscaped Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/PostgresInstaller.php:65 SecurityCheck-DoubleEscaped Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/PostgresInstaller.php:74 SecurityCheck-DoubleEscaped Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/PostgresInstaller.php:80 SecurityCheck-DoubleEscaped Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/SqliteInstaller.php:90 SecurityCheck-DoubleEscaped Calling method \SqliteInstaller::getTextBox() in \SqliteInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/SqliteInstaller.php:95 SecurityCheck-DoubleEscaped Calling method \SqliteInstaller::getTextBox() in \SqliteInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerName.php:58 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  922; includes/installer/WebInstaller.php  920) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerName.php:58 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  922; includes/installer/WebInstaller.php  920) (Caused by: includes/installer/WebInstaller.php  680; includes/installer/WebInstallerName.php  53; includes/installer/WebInstallerName.php  56)
13:49:09 includes/installer/WebInstallerName.php:58 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  958) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerName.php:58 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  793) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerName.php:59 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  922; includes/installer/WebInstaller.php  920) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerName.php:59 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  922; includes/installer/WebInstaller.php  920) (Caused by: includes/installer/WebInstaller.php  680; includes/installer/WebInstallerName.php  53; includes/installer/WebInstallerName.php  56)
13:49:09 includes/installer/WebInstallerName.php:59 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  958) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerName.php:59 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  793) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerName.php:67 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  958) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerName.php:82 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  793) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerName.php:95 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  793) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerName.php:103 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  922; includes/installer/WebInstaller.php  920) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerName.php:108 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  922; includes/installer/WebInstaller.php  920) (Caused by: includes/installer/WebInstaller.php  680; includes/installer/WebInstallerName.php  53; includes/installer/WebInstallerName.php  56)
13:49:09 includes/installer/WebInstallerOptions.php:117 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getRadioElements() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  1015) (Caused by: includes/installer/WebInstallerOptions.php  114; includes/installer/WebInstallerOptions.php  113)
13:49:09 includes/installer/WebInstallerOptions.php:126 SecurityCheck-DoubleEscaped Calling method \WebInstallerOptions::makeScreenshotsLink() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #2]. (Caused by: includes/installer/WebInstallerOptions.php  353) (Caused by: includes/installer/WebInstallerOptions.php  124)
13:49:09 includes/installer/WebInstallerOptions.php:128 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \WebInstallerOptions::execute that outputs using tainted argument $skin. (Caused by: includes/installer/WebInstallerOptions.php  124)
13:49:09 includes/installer/WebInstallerOptions.php:130 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  922; includes/installer/WebInstaller.php  920) (Caused by: includes/installer/WebInstallerOptions.php  126; includes/installer/WebInstallerOptions.php  128; includes/installer/WebInstallerOptions.php  124)
13:49:09 includes/installer/WebInstallerOptions.php:131 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  922; includes/installer/WebInstaller.php  920) (Caused by: includes/installer/WebInstallerOptions.php  126; includes/installer/WebInstallerOptions.php  128; includes/installer/WebInstallerOptions.php  124)
13:49:09 includes/installer/WebInstallerOptions.php:132 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  922; includes/installer/WebInstaller.php  920) (Caused by: includes/installer/WebInstallerOptions.php  126; includes/installer/WebInstallerOptions.php  128; includes/installer/WebInstallerOptions.php  124)
13:49:09 includes/installer/WebInstallerOptions.php:178 SecurityCheck-DoubleEscaped Calling method \Html::element() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::element) (Caused by: includes/installer/WebInstallerOptions.php  124; includes/installer/WebInstallerOptions.php  124; includes/installer/WebInstallerOptions.php  160; includes/installer/WebInstallerOptions.php  175)
13:49:09 includes/installer/WebInstallerOptions.php:200 SecurityCheck-DoubleEscaped Calling method \Html::element() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::element) (Caused by: includes/installer/WebInstallerOptions.php  199)
13:49:09 includes/installer/WebInstallerOptions.php:200 SecurityCheck-DoubleEscaped Calling method \Html::element() in \WebInstallerOptions::execute that outputs using tainted argument $name. (Caused by: Builtin-\Html::element) (Caused by: includes/installer/WebInstallerOptions.php  199)
13:49:09 includes/installer/WebInstallerOptions.php:209 SecurityCheck-DoubleEscaped Calling method \Html::element() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::element) (Caused by: includes/installer/WebInstallerOptions.php  199; includes/installer/WebInstallerOptions.php  208)
13:49:09 includes/installer/WebInstallerOptions.php:209 SecurityCheck-DoubleEscaped Calling method \Html::element() in \WebInstallerOptions::execute that outputs using tainted argument $name. (Caused by: Builtin-\Html::element) (Caused by: includes/installer/WebInstallerOptions.php  199; includes/installer/WebInstallerOptions.php  208)
13:49:09 includes/installer/WebInstallerOptions.php:217 SecurityCheck-XSS Calling method \Message::rawParams() in \WebInstallerOptions::execute that outputs using tainted argument $ext. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/installer/WebInstallerOptions.php  160; includes/installer/WebInstallerOptions.php  175) (Param is raw)
13:49:09 includes/installer/WebInstallerOptions.php:223 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  922; includes/installer/WebInstaller.php  920) (Caused by: includes/installer/WebInstallerOptions.php  180; includes/installer/WebInstallerOptions.php  160; includes/installer/WebInstallerOptions.php  175; includes/installer/WebInstallerOptions.php  217; includes/installer/WebInstallerOptions.php  221; includes/installer/WebInstallerOptions.php  160; includes/installer/WebInstallerOptions.php  175; includes/installer/WebInstallerOptions.php  160; includes/installer/WebInstallerOptions.php  175)
13:49:09 includes/installer/WebInstallerOptions.php:236 SecurityCheck-DoubleEscaped Calling method \Xml::encodeJsVar() in \WebInstallerOptions::execute that outputs using tainted argument $dependencyMap. (Caused by: Builtin-\Xml::encodeJsVar) (Caused by: includes/installer/WebInstallerOptions.php  187; includes/installer/WebInstallerOptions.php  124; includes/installer/WebInstallerOptions.php  124; includes/installer/WebInstallerOptions.php  160; includes/installer/WebInstallerOptions.php  175; incl...)
13:49:09 includes/installer/WebInstallerOptions.php:237 SecurityCheck-DoubleEscaped Calling method \Xml::encodeJsVar() in \WebInstallerOptions::execute that outputs using tainted argument $dependencyMap. (Caused by: Builtin-\Xml::encodeJsVar) (Caused by: includes/installer/WebInstallerOptions.php  187; includes/installer/WebInstallerOptions.php  124; includes/installer/WebInstallerOptions.php  124; includes/installer/WebInstallerOptions.php  160; includes/installer/WebInstallerOptions.php  175; incl...)
13:49:09 includes/installer/WebInstallerOptions.php:250 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  922; includes/installer/WebInstaller.php  920) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerOptions.php:250 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  793) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerOptions.php:252 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  922; includes/installer/WebInstaller.php  920) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerOptions.php:252 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  793) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerOptions.php:253 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  922; includes/installer/WebInstaller.php  920) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerOptions.php:260 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  793) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerOptions.php:267 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  793) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerOptions.php:274 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  922; includes/installer/WebInstaller.php  920) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerOptions.php:275 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  922; includes/installer/WebInstaller.php  920) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerOptions.php:302 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  840) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerOptions.php:304 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  840) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/installer/WebInstallerOptions.php:318 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php  840) (Caused by: includes/installer/WebInstaller.php  680)
13:49:09 includes/jobqueue/utils/BacklinkJobUtils.php:102 SecurityCheck-SQLInjection Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument $[arg #1]. (Caused by: includes/cache/BacklinkCache.php  443) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php  90)
13:49:09 includes/language/Message.php:916 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \Message::__toString that outputs using tainted argument $[arg #1]. (Caused by: includes/language/Message.php  272)
13:49:09 includes/language/Message.php:916 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \Message::__toString that outputs using tainted argument $[arg #1]. (Caused by: includes/language/Message.php  272; includes/language/Message.php  1299; includes/language/Message.php  1290)
13:49:09 includes/language/Message.php:1377 SecurityCheck-DoubleEscaped Calling method \Message::extractParam() in \Message::formatListParam that outputs using tainted argument $[arg #1]. (Caused by: includes/language/Message.php  1190; includes/language/Message.php  1226)
13:49:09 includes/libs/rdbms/database/DatabaseSqlite.php:1030 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Wikimedia\Rdbms\DatabaseSqlite::duplicateTableStructure that outputs using tainted argument $sql. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/libs/rdbms/database/DatabaseSqlite.php  1013; includes/libs/rdbms/database/DatabaseSqlite.php  1026)
13:49:09 includes/libs/rdbms/database/DatabaseSqlite.php:1064 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Wikimedia\Rdbms\DatabaseSqlite::duplicateTableStructure that outputs using tainted argument $sql. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/libs/rdbms/database/DatabaseSqlite.php  1050; includes/libs/rdbms/database/DatabaseSqlite.php  1049; includes/Storage/NameTableStore.php  384; includes/libs/rdbms/database/DatabaseSqlite.php  606; includes/libs/rdbms/database/DatabaseSqlite...)
13:49:09 includes/libs/rdbms/database/resultwrapper/FakeResultWrapper.php:42 PhanTypeArraySuspiciousNullable Suspicious array access to $this->result of nullable type \stdClass[]|array[]|null
13:49:09 includes/libs/rdbms/lbfactory/LBFactory.php:455 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleConditionInLoop on this line but this suppression is unused or suppressed elsewhere
13:49:09 includes/libs/stats/BufferingStatsdDataFactory.php:79 PhanUndeclaredMethod Call to undeclared method \Liuggio\StatsdClient\Entity\StatsdDataInterface::setKey (Did you mean expr->getKey())
13:49:09 includes/libs/stats/BufferingStatsdDataFactory.php:82 PhanUndeclaredMethod Call to undeclared method \Liuggio\StatsdClient\Entity\StatsdDataInterface::setValue (Did you mean expr->getValue())
13:49:09 includes/libs/stats/BufferingStatsdDataFactory.php:85 PhanUndeclaredMethod Call to undeclared method \Liuggio\StatsdClient\Entity\StatsdDataInterface::setMetric (Did you mean expr->getMetric())
13:49:09 includes/linkeddata/PageDataRequestHandler.php:76 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php  125) (Caused by: includes/GlobalFunctions.php  1228)
13:49:09 includes/linkeddata/PageDataRequestHandler.php:93 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php  125) (Caused by: includes/GlobalFunctions.php  1228; includes/linkeddata/PageDataRequestHandler.php  85)
13:49:09 includes/linkeddata/PageDataRequestHandler.php:99 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php  125) (Caused by: includes/GlobalFunctions.php  1228; includes/linkeddata/PageDataRequestHandler.php  97)
13:49:09 includes/linkeddata/PageDataRequestHandler.php:150 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \PageDataRequestHandler::httpContentNegotiation that outputs using tainted argument $msg. (Caused by: includes/exception/HttpError.php  125) (Caused by: includes/linkeddata/PageDataRequestHandler.php  149)
13:49:09 includes/logging/BlockLogFormatter.php:98 SecurityCheck-XSS Calling method \Message::rawParams() in \BlockLogFormatter::getMessageParameters that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/BlockLogFormatter.php  82) (Param is raw)
13:49:09 includes/logging/BlockLogFormatter.php:104 SecurityCheck-XSS Calling method \Message::rawParams() in \BlockLogFormatter::getMessageParameters that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/BlockLogFormatter.php  87) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:263 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:268 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:281 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:285 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:308 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:314 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:318 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:324 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:339 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:352 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:357 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:376 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:380 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:387 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:410 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $duration. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  404) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:410 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:414 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:425 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $duration. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  418) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:425 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:434 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:438 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php  255) (Param is raw)
13:49:09 includes/logging/LogPage.php:255 SecurityCheck-XSS Calling method \Message::rawParams() in \LogPage::actionText that outputs using tainted argument $titleLink. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogPage.php  252) (Param is raw)
13:49:09 includes/media/ExifBitmapHandler.php:75 SecurityCheck-DoubleEscaped Calling method \FormatMetadata::flattenArrayReal() in \ExifBitmapHandler::convertMetadataVersion that outputs using tainted argument $val. (Caused by: includes/media/FormatMetadata.php  1205) (Caused by: includes/media/ExifBitmapHandler.php  73)
13:49:09 includes/page/ImagePage.php:172 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \ImagePage::view that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/page/ImagePage.php  724; includes/page/ImagePage.php  700)
13:49:09 includes/page/ImagePage.php:449 SecurityCheck-DoubleEscaped Calling method \Linker::makeThumbLinkObj() in \ImagePage::openShowImage that outputs using tainted argument $link. (Caused by: includes/Linker.php  504) (Caused by: includes/page/ImagePage.php  443)
13:49:09 includes/page/ImagePage.php:469 SecurityCheck-DoubleEscaped Calling method \Linker::makeThumbLinkObj() in \ImagePage::openShowImage that outputs using tainted argument $link. (Caused by: includes/Linker.php  504) (Caused by: includes/page/ImagePage.php  463)
13:49:09 includes/parser/CoreTagHooks.php:58 UnusedSuppression Element \CoreTagHooks::pre suppresses issue SecurityCheck-XSS but does not use it
13:49:09 includes/parser/PPTemplateFrame_Hash.php:65 PhanTypeMismatchForeach float|int passed to foreach instead of array
13:49:09 includes/parser/Parser.php:3246 SecurityCheck-XSS Calling method \Parser::insertStripItem() in \Parser::braceSubstitution that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php  1304) (Caused by: includes/parser/Parser.php  2995; includes/parser/Parser.php  3089; includes/parser/Parser.php  2995; includes/parser/Parser.php  3191; includes/parser/Parser.php  3170; includes/parser/Parser.php  3080; includes/parser/Parser.php  3133; includes/pa...)
13:49:09 includes/parser/Parser.php:3249 SecurityCheck-DoubleEscaped Calling method \wfEscapeWikiText() in \Parser::braceSubstitution that outputs using tainted argument $text. (Caused by: includes/GlobalFunctions.php  1494) (Caused by: includes/parser/Parser.php  2995; includes/parser/Parser.php  3089; includes/parser/Parser.php  2995; includes/parser/Parser.php  3191; includes/parser/Parser.php  3170; includes/parser/Parser.php  3080; includes/parser/Parser.php  3133; includes/pa...)
13:49:09 includes/preferences/DefaultPreferencesFactory.php:806 SecurityCheck-XSS HTMLForm option label needs escaping (Maybe false positive as could not determine if it was key or value that is unescaped) (Caused by: includes/preferences/DefaultPreferencesFactory.php  803)
13:49:09 includes/resourceloader/ResourceLoader.php:1137 PhanRedundantCondition Redundant attempt to cast $wgShowExceptionDetails of type true to truthy
13:49:09 includes/skins/Skin.php:2028 UnusedSuppression Element \Skin::doEditSectionLink suppresses issue SecurityCheck-XSS but does not use it
13:49:09 includes/specials/SpecialChangeCredentials.php:179 SecurityCheck-DoubleEscaped Calling method \Html::element() in \SpecialChangeCredentials::getAuthForm that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/SpecialChangeCredentials.php  177)
13:49:09 includes/specials/SpecialChangeCredentials.php:180 SecurityCheck-DoubleEscaped Calling method \Html::element() in \SpecialChangeCredentials::getAuthForm that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/SpecialChangeCredentials.php  177)
13:49:09 includes/specials/SpecialChangeCredentials.php:182 SecurityCheck-DoubleEscaped Calling method \Html::element() in \SpecialChangeCredentials::getAuthForm that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/SpecialChangeCredentials.php  177)
13:49:09 includes/specials/SpecialChangeCredentials.php:184 SecurityCheck-DoubleEscaped Calling method \Html::element() in \SpecialChangeCredentials::getAuthForm that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/SpecialChangeCredentials.php  177)
13:49:09 includes/specials/SpecialChangeCredentials.php:237 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Linker\LinkRenderer::makeLink() in \SpecialChangeCredentials::showSubpageList that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\MediaWiki\Linker\LinkRenderer::makeLink) (Caused by: includes/specials/SpecialChangeCredentials.php  236)
13:49:09 includes/specials/SpecialChangeCredentials.php:238 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Linker\LinkRenderer::makeLink() in \SpecialChangeCredentials::showSubpageList that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\MediaWiki\Linker\LinkRenderer::makeLink) (Caused by: includes/specials/SpecialChangeCredentials.php  236)
13:49:09 includes/specials/SpecialExpandTemplates.php:149 SecurityCheck-DoubleEscaped Calling method \SpecialExpandTemplates::makeOutput() in \SpecialExpandTemplates::execute that outputs using tainted argument $rawhtml. (Caused by: includes/specials/SpecialExpandTemplates.php  246) (Caused by: includes/specials/SpecialExpandTemplates.php  147)
13:49:09 includes/specials/SpecialRecentChanges.php:502 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \SpecialRecentChanges::outputChangesList that outputs using tainted argument $rclistOutput. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialRecentChanges.php  443; includes/specials/SpecialRecentChanges.php  443; includes/specials/SpecialRecentChanges.php  443; includes/specials/SpecialRecentChanges.php  490; includes/specials/SpecialRecentChanges.php  494)
13:49:09 includes/specials/SpecialRecentChanges.php:538 SecurityCheck-DoubleEscaped Calling method \Xml::tags() in \SpecialRecentChanges::doHeader that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Xml::tags) (Caused by: includes/specials/SpecialRecentChanges.php  531)
13:49:09 includes/specials/SpecialRecentChanges.php:814 SecurityCheck-DoubleEscaped Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php  780)
13:49:09 includes/specials/SpecialRecentChanges.php:911 SecurityCheck-DoubleEscaped Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php  780) (Caused by: Builtin-\Message::parse; includes/language/Message.php  929)
13:49:09 includes/specials/SpecialRecentChanges.php:914 SecurityCheck-DoubleEscaped Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php  780) (Caused by: Builtin-\Message::parse; includes/language/Message.php  929)
13:49:09 includes/specials/SpecialUndelete.php:1137 SecurityCheck-XSS Calling method \Message::rawParams() in \SpecialUndelete::formatRevisionRow that outputs using tainted argument $pageLink. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/specials/SpecialUndelete.php  1088; includes/specials/SpecialUndelete.php  1091; includes/specials/SpecialUndelete.php  1103; includes/specials/SpecialUndelete.php  1107) (Param is raw)
13:49:09 includes/specials/SpecialUserrights.php:776 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialUserrights.php  710; includes/specials/SpecialUserrights.php  714; includes/specials/SpecialUserrights.php  696; includes/specials/SpecialUserrights.php  723; includes/specials/SpecialUserrights.php  719; includes/specials/S...  includes/specials/SpecialUserrights.php  743)
13:49:09 includes/specials/SpecialVersion.php:642 SecurityCheck-DoubleEscaped Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserTags that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php  846) (Caused by: Builtin-\Message::parse; includes/language/Message.php  929)
13:49:09 includes/specials/SpecialVersion.php:648 SecurityCheck-DoubleEscaped Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserTags that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php  846) (Caused by: Builtin-\Message::parse; includes/language/Message.php  929)
13:49:09 includes/specials/SpecialVersion.php:683 SecurityCheck-DoubleEscaped Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserFunctionHooks that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php  846) (Caused by: Builtin-\Message::parse; includes/language/Message.php  929)
13:49:09 includes/specials/SpecialVersion.php:689 SecurityCheck-DoubleEscaped Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserFunctionHooks that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php  846) (Caused by: Builtin-\Message::parse; includes/language/Message.php  929)
13:49:09 includes/specials/SpecialVersion.php:839 SecurityCheck-DoubleEscaped Calling method \Linker::makeExternalLink() in \SpecialVersion::getCreditsForExtension that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php  846)
13:49:09 includes/specials/SpecialWatchlist.php:603 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \SpecialWatchlist::outputChangesList that outputs using tainted argument $s. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialWatchlist.php  558; includes/specials/SpecialWatchlist.php  558; includes/specials/SpecialWatchlist.php  558; includes/specials/SpecialWatchlist.php  598; includes/specials/SpecialWatchlist.php  601)
13:49:09 includes/specials/SpecialWatchlist.php:764 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \SpecialWatchlist::doHeader that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: Builtin-\Html::rawElement; Builtin-\Html::rawElement; Builtin-\Html::rawElement; Builtin-\Html::rawElement; includes/api/ApiFormatBase.php  276; includes/api/ApiFormatBase.php  283; includes/EditPage.php  3660; includes/EditPage.php  3020; includes/EditPage.php  3170; includes/EditPage.php  3173; includes/page/ImagePage.php  932...  includes/specials/SpecialWatchlist.php  748; includes/specials/SpecialWatchlist.php  628; includes/specials/SpecialWatchlist.php  633; includes/specials/SpecialWatchlist.php  634; includes/specials/SpecialWatchlist.php  638; includes/specials/SpecialWatchlist.php  628; includes/specials/Specia...)
13:49:09 includes/specials/SpecialWatchlist.php:776 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \SpecialWatchlist::doHeader that outputs using tainted argument $form. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialWatchlist.php  628; includes/specials/SpecialWatchlist.php  633; includes/specials/SpecialWatchlist.php  634; includes/specials/SpecialWatchlist.php  638; includes/specials/SpecialWatchlist.php  628; includes/specials/Specia...)
13:49:09 includes/specials/SpecialWhatLinksHere.php:444 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::wlhLink() in \SpecialWhatLinksHere::listItem that outputs using tainted argument $[arg #2]. (Caused by: includes/specials/SpecialWhatLinksHere.php  473) (Caused by: includes/specials/SpecialWhatLinksHere.php  400)
13:49:09 includes/specials/SpecialWhatLinksHere.php:444 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::wlhLink() in \SpecialWhatLinksHere::listItem that outputs using tainted argument $[arg #3]. (Caused by: includes/specials/SpecialWhatLinksHere.php  493) (Caused by: includes/specials/SpecialWhatLinksHere.php  400)
13:49:09 includes/specials/SpecialWhatLinksHere.php:528 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $prev. (Caused by: includes/specials/SpecialWhatLinksHere.php  510) (Caused by: includes/specials/SpecialWhatLinksHere.php  520)
13:49:09 includes/specials/SpecialWhatLinksHere.php:532 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $next. (Caused by: includes/specials/SpecialWhatLinksHere.php  510) (Caused by: includes/specials/SpecialWhatLinksHere.php  521)
13:49:09 includes/specials/SpecialWhatLinksHere.php:540 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $prettyLimit. (Caused by: includes/specials/SpecialWhatLinksHere.php  510) (Caused by: includes/specials/SpecialWhatLinksHere.php  538)
13:49:09 includes/specials/SpecialWhatLinksHere.php:634 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getFilterPanel that outputs using tainted argument $msg. (Caused by: includes/specials/SpecialWhatLinksHere.php  510) (Caused by: includes/specials/SpecialWhatLinksHere.php  632; includes/specials/SpecialWhatLinksHere.php  615; includes/specials/SpecialWhatLinksHere.php  616)
13:49:09 includes/specials/SpecialWhatLinksHere.php:635 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getFilterPanel that outputs using tainted argument $msg. (Caused by: includes/specials/SpecialWhatLinksHere.php  510) (Caused by: includes/specials/SpecialWhatLinksHere.php  632; includes/specials/SpecialWhatLinksHere.php  615; includes/specials/SpecialWhatLinksHere.php  616)
13:49:09 includes/specials/forms/UploadForm.php:177 SecurityCheck-XSS HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php  290)
13:49:09 includes/specials/forms/UploadForm.php:344 SecurityCheck-XSS HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php  290)
13:49:09 includes/specials/pagers/AllMessagesTablePager.php:301 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Linker\LinkRenderer::makeKnownLink() in \AllMessagesTablePager::formatValue that outputs using tainted argument $talkLink. (Caused by: Builtin-\MediaWiki\Linker\LinkRenderer::makeKnownLink) (Caused by: includes/specials/pagers/AllMessagesTablePager.php  291)
13:49:09 includes/specials/pagers/AllMessagesTablePager.php:303 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Linker\LinkRenderer::makeBrokenLink() in \AllMessagesTablePager::formatValue that outputs using tainted argument $talkLink. (Caused by: includes/linker/LinkRenderer.php  293) (Caused by: includes/specials/pagers/AllMessagesTablePager.php  291)
13:49:09 includes/specials/pagers/AllMessagesTablePager.php:339 SecurityCheck-DoubleEscaped Calling method \Html::element() in \AllMessagesTablePager::formatRow that outputs using tainted argument $formatted. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/pagers/AllMessagesTablePager.php  333)
13:49:09 includes/user/User.php:316 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:338 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:494 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:775 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleCondition on this line but this suppression is unused or suppressed elsewhere
13:49:09 includes/user/User.php:824 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue PhanRedundantCondition on this line but this suppression is unused or suppressed elsewhere
13:49:09 includes/user/User.php:1489 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 languages/Language.php:4130 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \Language::translateBlockExpiry that outputs using tainted argument $[arg #1]. (Caused by: languages/Language.php  4128)
13:49:09 languages/Language.php:4137 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \Language::translateBlockExpiry that outputs using tainted argument $[arg #1]. (Caused by: languages/Language.php  4128; languages/Language.php  4135)
13:49:09 languages/LanguageConverter.php:1289 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \LanguageConverter::convertHtml that outputs using tainted argument $[arg #1]. (Caused by: languages/LanguageConverter.php  710; languages/LanguageConverter.php  710)
13:49:09 maintenance/Sqlite.php:81 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Sqlite::checkSqlSyntax that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/Storage/NameTableStore.php  384; includes/libs/rdbms/database/DatabaseSqlite.php  606; includes/libs/rdbms/database/DatabaseSqlite.php  782; includes/libs/rdbms/database/DatabaseSqlite.php  1038; includes/libs/rdbms/database/DatabaseSqlite....)
13:49:09 maintenance/convertLinks.php:227 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \ConvertLinks::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/convertLinks.php  215; maintenance/convertLinks.php  211; maintenance/convertLinks.php  158; maintenance/convertLinks.php  207; maintenance/convertLinks.php  210; maintenance/convertLinks.php  163; includes/installer/MysqlUpdater.php  68...)
13:49:09 maintenance/eval.php:78 SecurityCheck-OTHER Argument to require, include or eval is user controlled (Caused by: maintenance/eval.php  64)
13:49:09 maintenance/populateContentTables.php:217 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\IDatabase::select() in \PopulateContentTables::populateTable that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::select) (Caused by: maintenance/populateContentTables.php  216; maintenance/populateContentTables.php  215; maintenance/populateContentTables.php  199)
13:49:09 maintenance/recountCategories.php:126 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues() in \RecountCategories::doWork that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues) (Caused by: maintenance/recountCategories.php  117; maintenance/recountCategories.php  145)
13:49:09 maintenance/refreshExternallinksIndex.php:76 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RefreshExternallinksIndex::doDBUpdates that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance/refreshExternallinksIndex.php  74; maintenance/populateContentTables.php  199; maintenance/refreshExternallinksIndex.php  61)
13:49:09 maintenance/runScript.php:64 SecurityCheck-OTHER Argument to require, include or eval is user controlled (Caused by: maintenance/runScript.php  57)
13:49:09 maintenance/storage/compressOld.php:330 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \CompressOld::compressWithConcat that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: includes/resourceloader/ResourceLoaderWikiModule.php  443; includes/page/PageArchive.php  569; includes/cache/MessageCache.php  535; includes/cache/MessageCache.php  535; includes/cache/MessageCache.php  580; maintenance/checkBadRedirects.php  55; m...  includes/cache/LinkCache.php  278; includes/cache/LinkCache.php  297; includes/Title.php  3460; includes/api/ApiQueryInfo.php  740; includes/api/ApiQueryAllPages.php  221; includes/api/ApiQueryAllPages.php  230; includes/api/ApiQueryBacklinks.php  1...)

Instead, if I use taint-check master, I get 218 errors, 125 of which are double-escaped. This is more similar to T216348#6007521, but I don't really know what caused it.

Guess we'll have to wait another bit.

Umherirrender added a subtask: T268891: taint-check fails on array-plus and assumed int|float type.Nov 27 2020, 4:32 PM

13:49:09 includes/GlobalFunctions.php:913 PhanRedundantCondition Redundant attempt to cast $wgDebugRawPage of type true to truthy
13:49:09 includes/GlobalFunctions.php:1310 PhanRedundantCondition Redundant attempt to cast $wgShowHostnames of type true to truthy
13:49:09 includes/user/User.php:316 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:338 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:494 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:775 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleCondition on this line but this suppression is unused or suppressed elsewhere
13:49:09 includes/user/User.php:824 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue PhanRedundantCondition on this line but this suppression is unused or suppressed elsewhere
13:49:09 includes/user/User.php:1489 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy

The globals are set by Installer and Maintenance and Setup, that seems to "leak" into the type check for all classes/files and results in the issues reports. Seems odd to suppress.

Is there a way to not leak types from one class to another?
Without taint phan does not have a problem with it.

Change 643978 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Add some int casts for queries in maintenance scripts

https://gerrit.wikimedia.org/r/643978

Change 643981 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Improve code around internal queries in sqlite database class

https://gerrit.wikimedia.org/r/643981

13:49:09 includes/jobqueue/utils/BacklinkJobUtils.php:102 SecurityCheck-SQLInjection Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument #1 (`$params['table']`). (Caused by: includes/cache/BacklinkCache.php  443) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php  90)

This could be a false positive: Variable $params has taintedness: YES

Umherirrender mentioned this in T268894: Message recentchanges-legend-watchlistexpiry can contain raw html (CVE-2020-35474).Nov 27 2020, 7:03 PM

Change 643978 merged by jenkins-bot:
[mediawiki/core@master] Add some int casts for queries in maintenance scripts

https://gerrit.wikimedia.org/r/643978

ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.20; 2020-12-01).Nov 28 2020, 12:00 AM

In T216348#6653147, @Umherirrender wrote:

13:49:09 includes/jobqueue/utils/BacklinkJobUtils.php:102 SecurityCheck-SQLInjection Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument #1 (`$params['table']`). (Caused by: includes/cache/BacklinkCache.php  443) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php  90)

This could be a false positive: Variable $params has taintedness: YES

The annotation still doesn't print the whole taintedness object. Could you please tryapplying the following hack to vendor/mediawiki/phan-taint-check-plugin/src/SecurityCheckPlugin.php

$msg = "Variable {CODE} has taintedness: {DETAILS}"; // Line 246
echo "\n\n$taint\n\n"; // Add this line

and then re-running phan. It should print the whole shape.

Change 643993 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/tools/phan/SecurityCheckPlugin@master] Don't leak global variables in global scope

https://gerrit.wikimedia.org/r/643993

In T216348#6653388, @Daimona wrote:
In T216348#6653147, @Umherirrender wrote:
13:49:09 includes/jobqueue/utils/BacklinkJobUtils.php:102 SecurityCheck-SQLInjection Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument #1 (`$params['table']`). (Caused by: includes/cache/BacklinkCache.php  443) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php  90)
This could be a false positive: Variable $params has taintedness: YES
The annotation still doesn't print the whole taintedness object. Could you please tryapplying the following hack to vendor/mediawiki/phan-taint-check-plugin/src/SecurityCheckPlugin.php
$msg = "Variable {CODE} has taintedness: {DETAILS}"; // Line 246
echo "\n\n$taint\n\n"; // Add this line
and then re-running phan. It should print the whole shape.

$taint is equal to {DETAILS}, but what about var_export( $var->taintedness )?

SecurityCheckPlugin\Taintedness::__set_state(array(
   'flags' => 43688,
   'dimTaint' =>
  array (
    'namespace' =>
    SecurityCheckPlugin\Taintedness::__set_state(array(
       'flags' => 0,
       'dimTaint' =>
      array (
      ),
       'unknownDimsTaint' => 0,
    )),
    'title' =>
    SecurityCheckPlugin\Taintedness::__set_state(array(
       'flags' => 0,
       'dimTaint' =>
      array (
      ),
       'unknownDimsTaint' => 0,
    )),
    'requestId' =>
    SecurityCheckPlugin\Taintedness::__set_state(array(
       'flags' => 43688,
       'dimTaint' =>
      array (
      ),
       'unknownDimsTaint' => 0,
    )),
  ),
   'unknownDimsTaint' => 0,
))

In Job.php:

$this->params = $params   [ 'requestId' => WebRequest::getRequestId() ];

When comment out that line, everything is fine ...

In T216348#6653391, @Umherirrender wrote:

$taint is equal to {DETAILS}, but what about var_export( $var->taintedness )?

Oh yes, I meant $var->taintedness. No need to var_export it though, it has a __toString() which pretty-prints the object.

[ object snip ]

Seems like it's picking up taintedness in an offset it can't resolve.

In Job.php:
$this->params = $params   [ 'requestId' => WebRequest::getRequestId() ];
When comment out that line, everything is fine ...

I'd have to investigate, could you please copy these comments to a new task while I take a look?

In T216348#6653394, @Daimona wrote:

I'd have to investigate, could you please copy these comments to a new task while I take a look?

T268905: taint-check has trouble for taintedness of unknown array keys and reports possible false positives

Umherirrender added a subtask: T268905: taint-check has trouble for taintedness of unknown array keys and reports possible false positives.Nov 28 2020, 1:22 AM

Change 643996 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Add int casts/htmlspecialchars for prints in maintenance scripts

https://gerrit.wikimedia.org/r/643996

Change 644005 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Suppress taint-check in UploadForm

https://gerrit.wikimedia.org/r/644005

Change 644006 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Suppress taint-check in DefaultPreferencesFactory

https://gerrit.wikimedia.org/r/644006

Umherirrender mentioned this in T268917: Messages userrights-expiry-current and userrights-expiry-none can contain raw html (CVE-2020-35475).Nov 28 2020, 2:18 PM

Umherirrender added a subtask: T268920: taint-check 3.1.0 showing more issues from type SecurityCheck-OTHER.Nov 28 2020, 5:48 PM

Change 644017 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Annotate File::getDescriptionText to return safe html for taint-check

https://gerrit.wikimedia.org/r/644017

Change 644019 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Suppress taint-check issues in Parser

https://gerrit.wikimedia.org/r/644019

Change 644020 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Suppress taint-check issues in LogFormatter/LogPage

https://gerrit.wikimedia.org/r/644020

False positive:

13:49:09 includes/export/WikiExporter.php:601 SecurityCheck-XSS Calling method \DumpOutput::writeLogItem() in \WikiExporter::outputLogStream that outputs using tainted argument $output. (Caused by: includes/export/DumpOutput.php  73) (Caused by: includes/export/WikiExporter.php  600)

\Xml::elementClean needs to be part of taint-check similar to \Xml::element to fix this

Umherirrender mentioned this in T268938: BlockLogFormatter can output raw html (CVE-2020-35478, CVE-2020-35479).Nov 29 2020, 11:17 AM

The static Message::rawParam is not part of the taint-check. It is possible to rewrite ->rawParams() with ->params( Message:rawParam() ) to bypass the checks.

In T216348#6653875, @Umherirrender wrote:

\Xml::elementClean needs to be part of taint-check similar to \Xml::element to fix this

! In T216348#6654152, @Umherirrender wrote:
The static Message::rawParam is not part of the taint-check. It is possible to rewrite ->rawParams() with ->params( Message:rawParam() ) to bypass the checks.

These can, and probably should, be annotated directly in MW core. I think we were moving away from hardcoded taint data.

Change 644006 merged by jenkins-bot:
[mediawiki/core@master] Suppress taint-check in DefaultPreferencesFactory

https://gerrit.wikimedia.org/r/644006

Change 644020 merged by jenkins-bot:
[mediawiki/core@master] Suppress taint-check issues in LogFormatter/LogPage

https://gerrit.wikimedia.org/r/644020

Change 644005 merged by jenkins-bot:
[mediawiki/core@master] Suppress taint-check in UploadForm

https://gerrit.wikimedia.org/r/644005

ReleaseTaggerBot edited projects, added MW-1.36-notes (1.36.0-wmf.21; 2020-12-08); removed MW-1.36-notes (1.36.0-wmf.20; 2020-12-01).Dec 7 2020, 6:00 PM

Change 643981 merged by jenkins-bot:
[mediawiki/core@master] Improve code around internal queries in sqlite database class

https://gerrit.wikimedia.org/r/643981

ReleaseTaggerBot edited projects, added MW-1.36-notes (1.36.0-wmf.22; 2020-12-15); removed MW-1.36-notes (1.36.0-wmf.21; 2020-12-08).Dec 10 2020, 10:00 AM

Change 647804 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Add taint hints for message creation method

https://gerrit.wikimedia.org/r/647804

Daimona closed subtask T268905: taint-check has trouble for taintedness of unknown array keys and reports possible false positives as Resolved.Dec 11 2020, 8:59 PM

Daimona changed the status of subtask T268891: taint-check fails on array-plus and assumed int|float type from Open to Stalled.Dec 11 2020, 9:37 PM

Change 648368 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Document HttpError to help taint-check

https://gerrit.wikimedia.org/r/648368

Change 648379 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Suppress taint-check issues related to Linker functions

https://gerrit.wikimedia.org/r/648379

Change 648368 merged by jenkins-bot:
[mediawiki/core@master] Document HttpError to help taint-check

https://gerrit.wikimedia.org/r/648368

Change 643993 merged by jenkins-bot:
[mediawiki/tools/phan/SecurityCheckPlugin@master] Don't leak global variables in global scope

https://gerrit.wikimedia.org/r/643993

Daimona mentioned this in rMTPSfec9dafe95de: Don't leak global variables in global scope.Dec 12 2020, 1:17 AM

FTR, current taint-check master yields 159 total issues on a slightly oudated clone of mw core, whereas taint-check 3.1.0 has 182.

In T216348#6686170, @Daimona wrote:

FTR, current taint-check master yields 159 total issues on a slightly oudated clone of mw core, whereas taint-check 3.1.0 has 182.

Correction, it wasn't the current master. The *real* current master, which includes a fix for T269895, finds 151 issues.

Change 647804 merged by jenkins-bot:
[mediawiki/core@master] Add taint hints for message creation method

https://gerrit.wikimedia.org/r/647804

Change 643996 merged by jenkins-bot:
[mediawiki/core@master] Suppress taint-check issues in maintenance scripts/cli context

https://gerrit.wikimedia.org/r/643996

Running core with taint-check gives also many

Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleCondition on this line but this suppression is unused or suppressed elsewhere

It seems that taint-check deeper analyze as phan and allows other decision. But I am not sure if that could be a bug in taint-check or just in phan itself

In T216348#6686350, @Umherirrender wrote:

Running core with taint-check gives also many

Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleCondition on this line but this suppression is unused or suppressed elsewhere

It seems that taint-check deeper analyze as phan and allows other decision. But I am not sure if that could be a bug in taint-check or just in phan itself

It seems I have mixed it with the update to newer phan - fixed with https://gerrit.wikimedia.org/r/c/mediawiki/core/ /648544

In T216348#6686350, @Umherirrender wrote:

Running core with taint-check gives also many

Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleCondition on this line but this suppression is unused or suppressed elsewhere

It seems that taint-check deeper analyze as phan and allows other decision. But I am not sure if that could be a bug in taint-check or just in phan itself

There are three places:

includes\libs\rdbms\lbfactory\LBFactory.php line 458

UnusedPluginSuppression: Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleConditionInLoop on this line but this suppression is unused or suppressed elsewhere

for this code:

				// No writes since the last replication wait
				(
					// @phan-suppress-next-line PhanImpossibleConditionInLoop
					$opts['ifWritesSince'] &&
					$lb->lastMasterChangeTimestamp() < $opts['ifWritesSince']
				)

It seems taint-check analyze the array plus better than phan itself (phan seems not to assume that this can change by the existing array on the left side of the array plus):

		$opts  = [
			'domain' => false,
			'cluster' => false,
			'timeout' => $this->replicationWaitTimeout,
			'ifWritesSince' => null
		];

Same on includes\user\User.php for line 800 and 849

			// @phan-suppress-next-line PhanImpossibleCondition
			if ( !$options['create'] ) {
				// No.
				return null;
			}

[...]

			// @phan-suppress-next-line PhanRedundantCondition
			if ( !$options['steal'] ) {
				return null;
			}

for this array

		$options  = [
			'validate' => UserNameUtils::RIGOR_VALID,
			'create' => true,
			'steal' => false,
		];

Some PhanTypeArraySuspiciousNullable also showing up.

One in FakeResultWrapper line 42, but there is a similiar suppression for the same variable in that file, seems okay for me

Three in EtcdConfig with lazy inited procCache class property. It is seems always set after the load(), thats also okay for me

Change 644019 abandoned by Umherirrender:
[mediawiki/core@master] Suppress taint-check issues in Parser

Reason:
It seems better to set the suppression together with enabling the feature

https://gerrit.wikimedia.org/r/644019

Change 648379 abandoned by Umherirrender:
[mediawiki/core@master] Suppress taint-check issues related to Linker functions

Reason:
It seems better to set the suppression together with enabling the feature

https://gerrit.wikimedia.org/r/648379

Change 644017 abandoned by Umherirrender:
[mediawiki/core@master] Annotate File::getDescriptionText to return safe html for taint-check

Reason:
It seems better to set the taint annotation together with enabling the feature

https://gerrit.wikimedia.org/r/644017

Change 652553 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] build: Enable phan-taint-check-plugin and suppress issues

https://gerrit.wikimedia.org/r/652553

Change 652553 merged by jenkins-bot:
[mediawiki/core@master] build: Enable phan-taint-check-plugin and suppress issues

https://gerrit.wikimedia.org/r/652553

Daimona closed subtask T268920: taint-check 3.1.0 showing more issues from type SecurityCheck-OTHER as Resolved.Dec 31 2020, 10:03 AM

Umherirrender closed this task as Resolved.Dec 31 2020, 10:14 AM

Change 522419 abandoned by Daimona Eaytoy:
[mediawiki/core@master] [WIP] Add phan-taint-check-plugin

Reason:
Already done

https://gerrit.wikimedia.org/r/522419

Daimona removed a project: Patch-For-Review.Jan 21 2021, 12:38 PM

Change 491039 abandoned by Umherirrender:
[mediawiki/core@master] Various fixes to Block.php to make phan-taint-check happy

Reason:
Code is now in DatabaseBlock. It seems taint-check is now okay with this code, because it is enabled and there is no suppression for that code

https://gerrit.wikimedia.org/r/491039

Daimona closed subtask T268891: taint-check fails on array-plus and assumed int|float type as Resolved.Sep 7 2021, 8:52 AM

Daimona moved this task from MediaWiki mode to Issues in MediaWiki code on the phan-taint-check-plugin board.Oct 15 2022, 4:54 PM

	Bawolff
	Feb 17 2019, 10:09 AM

Suppress or fix non-double escape phan-taint-check warnings for MW coreClosed, ResolvedPublicActions

Description

Details

Related ObjectsSearch...

Event Timeline

Suppress or fix non-double escape phan-taint-check warnings for MW core
Closed, ResolvedPublic
Actions

Related Objects
Search...