Brian Wolff has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/391628 )
Change subject: Add composer and phpcs.
......................................................................
Add composer and phpcs.
This does the phpcs auto fixes. There are still some sniff
failures I need to manually deal with.
Change-Id: I63949990101001481454ff8879dad18bed334433
---
A .gitignore
A .phpcs.xml
A composer.json
M src/GenericSecurityCheckPlugin.php
M src/MediaWikiSecurityCheckPlugin.php
M src/PreTaintednessVisitor.php
M src/SecurityCheckPlugin.php
M src/TaintednessBaseVisitor.php
M src/TaintednessVisitor.php
M src/tests/config.php
M src/tests/integration/callwithevil/test.php
M src/tests/integration/callwithevil2/test.php
M src/tests/integration/callwithevil3/test.php
M src/tests/integration/echoevil2/test.php
M src/tests/integration/echoevilfunc/test.php
M src/tests/integration/execvstaint/OutputPage.php
M src/tests/integration/indirectecho/test.php
M src/tests/integration/miscpreserves/test.php
M src/tests/integration/prop/test.php
M src/tests/integration/refescape/reftest.php
M src/tests/integration/refwrongesc/reftest.php
M src/tests/integration/safebinopor/test.php
M src/tests/integration/viafunc/Html.php
M src/tests/integration/viafunc/OutputPage.php
M src/tests/integration/viafuncbad/Html.php
M src/tests/integration/viafuncbad/OutputPage.php
26 files changed, 180 insertions(+), 195 deletions(-)
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..3a9875b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+/vendor/
+composer.lock
diff --git a/.phpcs.xml b/.phpcs.xml
new file mode 100644
index 0000000..d10a2bf
--- /dev/null
+++ b/.phpcs.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0"?>
+ <ruleset>
+ <rule ref="./vendor/mediawiki/mediawiki-codesniffer/MediaWiki">
+ <exclude
name="MediaWiki.NamingConventions.PrefixedGlobalFunctions.wfPrefix"/>
+ <exclude name="MediaWiki.Usage.ScalarTypeHintUsage.Found"/>
+ </rule>
+ <file>.</file>
+ <arg name="bootstrap"
value="./vendor/mediawiki/mediawiki-codesniffer/utils/bootstrap-ci.php"/>
+ <arg name="extensions" value="php,php5,inc"/>
+ <arg name="encoding" value="UTF-8"/>
+
+ <exclude-pattern>./vendor</exclude-pattern>
+
+ <!-- Stuff we are only excluding in tests" -->
+ <rule ref="MediaWiki.Usage.SuperGlobalsUsage.SuperGlobals">
+ <exclude-pattern>./src/tests</exclude-pattern>
+ </rule>
+ <rule ref="Generic.Classes.DuplicateClassName.Found">
+ <exclude-pattern>./src/tests</exclude-pattern>
+ </rule>
+
+ <rule
ref="MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic">
+ <exclude-pattern>./src/tests</exclude-pattern>
+ </rule>
+ <rule ref="MediaWiki.Files.ClassMatchesFilename.NotMatch">
+ <exclude-pattern>./src/tests</exclude-pattern>
+ </rule>
+ </ruleset>
diff --git a/composer.json b/composer.json
new file mode 100644
index 0000000..6aa6840
--- /dev/null
+++ b/composer.json
@@ -0,0 +1,26 @@
+{
+ "name": "wikimedia/security-check-plugin",
+ "description": "A Phan plugin to do security checking",
+ "type": "library",
+ "require": {
+ "etsy/phan": "0.8.0"
+ },
+ "require-dev": {
+ "mediawiki/mediawiki-codesniffer": "14.1.0",
+ "jakub-onderka/php-parallel-lint": "^0.9.2"
+ },
+ "scripts": {
+ "test": [
+ "phpcs -p -s"
+ ],
+ "fix": "phpcbf"
+ },
+ "license": "GPLv2",
+ "authors": [
+ {
+ "name": "Brian Wolff",
+ "email": "[email protected]"
+ }
+ ],
+ "minimum-stability": "stable"
+}
diff --git a/src/GenericSecurityCheckPlugin.php
b/src/GenericSecurityCheckPlugin.php
index b264537..2010605 100644
--- a/src/GenericSecurityCheckPlugin.php
+++ b/src/GenericSecurityCheckPlugin.php
@@ -1,5 +1,5 @@
<?php
-require_once( "SecurityCheckPlugin.php" );
+require_once "SecurityCheckPlugin.php";
/**
* Copyright Brian Wolff 2017. Released under the GPL version 2 or later.
diff --git a/src/MediaWikiSecurityCheckPlugin.php
b/src/MediaWikiSecurityCheckPlugin.php
index c69f5d8..da6bca4 100644
--- a/src/MediaWikiSecurityCheckPlugin.php
+++ b/src/MediaWikiSecurityCheckPlugin.php
@@ -2,14 +2,14 @@
/*
* Copyright Brian Wolff 2017. Released under the GPL version 2 or later.
*/
-require_once( "SecurityCheckPlugin.php" );
+require_once "SecurityCheckPlugin.php";
class MediaWikiSecurityCheckPlugin extends SecurityCheckPlugin {
protected function getCustomFuncTaints() : array {
return [
- //'\Message::__construct' =>
SecurityCheckPlugin::YES_TAINT,
- //'\wfMessage' => SecurityCheckPlugin::YES_TAINT,
+ // '\Message::__construct' =>
SecurityCheckPlugin::YES_TAINT,
+ // '\wfMessage' => SecurityCheckPlugin::YES_TAINT,
'\Message::plain' => [ 'overall' =>
SecurityCheckPlugin::YES_TAINT, ],
'\Message::text' => [ 'overall' =>
SecurityCheckPlugin::YES_TAINT, ],
'\Message::parseAsBlock' => [ 'overall' =>
SecurityCheckPlugin::NO_TAINT, ],
@@ -32,11 +32,11 @@
// FIXME Doesn't handle array args right.
'\wfShellExec' => [
SecurityCheckPlugin::SHELL_EXEC_TAINT,
- 'overall' => Self::YES_TAINT
+ 'overall' => self::YES_TAINT
],
'\wfShellExecWithStderr' => [
SecurityCheckPlugin::SHELL_EXEC_TAINT,
- 'overall' => Self::YES_TAINT
+ 'overall' => self::YES_TAINT
],
'\wfEscapeShellArg' => [
self::YES_TAINT & ~self::SHELL_TAINT,
@@ -139,7 +139,6 @@
],
];
}
-
}
diff --git a/src/PreTaintednessVisitor.php b/src/PreTaintednessVisitor.php
index d46e54f..70c0172 100644
--- a/src/PreTaintednessVisitor.php
+++ b/src/PreTaintednessVisitor.php
@@ -1,24 +1,9 @@
<?php
-use Phan\AST\AnalysisVisitor;
-use Phan\AST\ContextNode;
-use Phan\CodeBase;
use Phan\Language\Context;
-use Phan\Language\Element\Clazz;
-use Phan\Language\Element\Func;
-use Phan\Language\Element\FunctionInterface;
-use Phan\Language\Element\Method;
-use Phan\Language\Element\Variable;
-use Phan\Language\Element\Parameter;
-use Phan\Language\UnionType;
-use Phan\Language\FQSEN\FullyQualifiedFunctionLikeName;
-use Phan\Plugin;
-use Phan\Plugin\PluginImplementation;
use ast\Node;
use ast\Node\Decl;
use Phan\Debug;
-use Phan\Language\Scope\FunctionLikeScope;
-use Phan\Language\Scope\BranchScope;
class PreTaintednessVisitor extends TaintednessBaseVisitor {
@@ -55,7 +40,7 @@
$variableObj = $this->getCtxN(
$node->children['key'] )->getVariable();
$this->setTaintedness( $variableObj,
$lhsTaintedness );
}
- } catch( Exception $e ) {
+ } catch ( Exception $e ) {
// getVariable can throw an IssueException if var
doesn't exist.
$this->debug( __METHOD__, "Exception " . get_class( $e
) . $e->getMessage() . "" );
}
@@ -72,12 +57,12 @@
* Also handles FuncDecl
*/
public function visitMethod( Decl $node ) {
- //var_dump( __METHOD__ ); Debug::printNode( $node );
+ // var_dump( __METHOD__ ); Debug::printNode( $node );
$method = $this->context->getFunctionLikeInScope(
$this->code_base );
$params = $node->children['params']->children;
$varObjs = [];
- foreach( $params as $i => $param ) {
+ foreach ( $params as $i => $param ) {
$scope = $this->context->getScope();
if ( !$scope->hasVariableWithName(
$param->children['name'] ) ) {
// Well uh-oh.
diff --git a/src/SecurityCheckPlugin.php b/src/SecurityCheckPlugin.php
index 8f3cb4c..f0156e0 100644
--- a/src/SecurityCheckPlugin.php
+++ b/src/SecurityCheckPlugin.php
@@ -1,30 +1,16 @@
-<?php declare(strict_types=1);
+<?php declare( strict_types=1 );
-require_once( 'TaintednessBaseVisitor.php' );
-require_once( 'PreTaintednessVisitor.php' );
-require_once( 'TaintednessVisitor.php' );
+require_once 'TaintednessBaseVisitor.php';
+require_once 'PreTaintednessVisitor.php';
+require_once 'TaintednessVisitor.php';
-use Phan\AST\AnalysisVisitor;
-use Phan\AST\ContextNode;
use Phan\CodeBase;
use Phan\Language\Context;
-use Phan\Language\Element\Clazz;
-use Phan\Language\Element\Func;
-use Phan\Language\Element\FunctionInterface;
-use Phan\Language\Element\Method;
-use Phan\Language\Element\Variable;
-use Phan\Language\UnionType;
use Phan\Language\FQSEN\FullyQualifiedFunctionLikeName;
-use Phan\Plugin;
use Phan\Plugin\PluginImplementation;
use ast\Node;
-use ast\Node\Decl;
-use Phan\Debug;
-use Phan\Language\Scope\FunctionLikeScope;
-use Phan\Language\Scope\BranchScope;
abstract class SecurityCheckPlugin extends PluginImplementation {
-
// Various taint flags. The _EXEC_ varieties mean
// that it is unsafe to assign that type of taint
@@ -80,23 +66,22 @@
Node $node,
Node $parent_node = null
) {
- //echo __METHOD__ . ' ' .\ast\get_kind_name($node->kind) . " (Parent: "
. ($parent_node ? \ast\get_kind_name($parent_node->kind) : "N/A") . ")\n";
+ // echo __METHOD__ . ' ' .\ast\get_kind_name($node->kind) . " (Parent:
" . ($parent_node ? \ast\get_kind_name($parent_node->kind) : "N/A") . ")\n";
$oldMem = memory_get_peak_usage();
- (new TaintednessVisitor($code_base, $context, $this))(
+ ( new TaintednessVisitor( $code_base, $context, $this ) )(
$node
);
$newMem = memory_get_peak_usage();
- $diff = floor(($newMem - $oldMem )/(1024*1024));
+ $diff = floor( ( $newMem - $oldMem ) / ( 1024 * 1024 ) );
if ( $diff > 10 ) {
- echo "Memory Spike! " . $context . " "
.\ast\get_kind_name($node->kind) .
- " diff=$diff MB; cur=" .
floor((memory_get_usage()/(1024*1024))) . " MB\n";
+ echo "Memory Spike! " . $context . " "
.\ast\get_kind_name( $node->kind ) .
+ " diff=$diff MB; cur=" . floor( ( memory_get_usage() /
( 1024 * 1024 ) ) ) . " MB\n";
}
}
public function preAnalyzeNode( CodeBase $code_base, Context $context,
Node $node ) {
- (new PreTaintednessVisitor( $code_base, $context, $this ))(
$node );
+ ( new PreTaintednessVisitor( $code_base, $context, $this ) )(
$node );
}
-
/**
* Get the taintedness of a function
@@ -147,22 +132,21 @@
protected function getPHPFuncTaints() : array {
return [
'\htmlspecialchars' => [
- ~SecurityCheckPlugin::HTML_TAINT &
SecurityCheckPlugin::YES_TAINT,
- 'overall' => SecurityCheckPlugin::NO_TAINT
+ ~self::HTML_TAINT & self::YES_TAINT,
+ 'overall' => self::NO_TAINT
],
'\escapeshellarg' => [
- ~SecurityCheckPlugin::SHELL_TAINT &
SecurityCheckPlugin::YES_TAINT,
- 'overall' => SecurityCheckPlugin::NO_TAINT
+ ~self::SHELL_TAINT & self::YES_TAINT,
+ 'overall' => self::NO_TAINT
],
// Or any time the serialized data comes from a trusted
source.
'\serialize' => [
- 'overall'=> self::YES_TAINT &
~self::SERIALIZE_TAINT,
+ 'overall' => self::YES_TAINT &
~self::SERIALIZE_TAINT,
],
'\unserialize' => [
- SecurityCheckPlugin::SERIALIZE_EXEC_TAINT,
- 'overall' => SecurityCheckPlugin::NO_TAINT,
+ self::SERIALIZE_EXEC_TAINT,
+ 'overall' => self::NO_TAINT,
],
];
}
}
-
diff --git a/src/TaintednessBaseVisitor.php b/src/TaintednessBaseVisitor.php
index 7d8c04e..14d87e8 100644
--- a/src/TaintednessBaseVisitor.php
+++ b/src/TaintednessBaseVisitor.php
@@ -4,19 +4,13 @@
use Phan\AST\ContextNode;
use Phan\CodeBase;
use Phan\Language\Context;
-use Phan\Language\Element\Clazz;
-use Phan\Language\Element\Func;
use Phan\Language\Element\FunctionInterface;
-use Phan\Language\Element\Method;
use Phan\Language\Element\Variable;
use Phan\Language\Element\TypedElementInterface;
-use Phan\Language\Element\Parameter;
use Phan\Language\UnionType;
use Phan\Language\FQSEN\FullyQualifiedFunctionLikeName;
use Phan\Plugin;
-use Phan\Plugin\PluginImplementation;
use ast\Node;
-use ast\Node\Decl;
use Phan\Debug;
use Phan\Language\Scope\FunctionLikeScope;
use Phan\Language\Scope\BranchScope;
@@ -35,7 +29,7 @@
Context $context,
SecurityCheckPlugin $plugin
) {
- parent::__construct($code_base, $context);
+ parent::__construct( $code_base, $context );
$this->plugin = $plugin;
}
@@ -73,7 +67,6 @@
$this->checkFuncTaint( $newTaint );
$func->funcTaint = $newTaint;
-
if ( $mergedTaint & SecurityCheckPlugin::YES_EXEC_TAINT ) {
if ( !property_exists( $func, 'taintedOriginalError' )
) {
$func->taintedOriginalError = '';
@@ -102,7 +95,6 @@
}
}
-
/**
* Change the taintedness of a variable
*
@@ -111,7 +103,7 @@
* @param bool $override Override taintedness or just take max.
*/
protected function setTaintedness( TypedElementInterface $variableObj,
int $taintedness, $override = true ) {
- //$this->debug( __METHOD__, "begin for \$" .
$variableObj->getName() . " <- $taintedness (override=$override)" );
+ // $this->debug( __METHOD__, "begin for \$" .
$variableObj->getName() . " <- $taintedness (override=$override)" );
assert( $taintedness >= 0, $taintedness );
@@ -121,9 +113,9 @@
}
if ( property_exists( $variableObj, 'taintednessHasOuterScope' )
- || !($this->context->getScope() instanceof
FunctionLikeScope)
+ || !( $this->context->getScope() instanceof
FunctionLikeScope )
) {
-//$this->debug( __METHOD__, "\$" . $variableObj->getName() . " has outer scope
- " . get_class( $this->context->getScope()) . "" );
+// $this->debug( __METHOD__, "\$" . $variableObj->getName() . " has outer
scope - " . get_class( $this->context->getScope()) . "" );
// If the current context is not a FunctionLikeScope,
then
// it might be a class, or an if branch, or global. In
any case
// its probably a non-local variable (or in the if
case, code
@@ -131,19 +123,19 @@
//
if ( !property_exists( $variableObj,
'taintednessHasOuterScope' )
- && ($this->context->getScope() instanceof
BranchScope)
+ && ( $this->context->getScope() instanceof
BranchScope )
) {
-//echo __METHOD__ . "in a branch\n";
+// echo __METHOD__ . "in a branch\n";
$scope = $this->context->getScope();
do {
- //echo __METHOD__ . " getting parent
scope\n";
+ // echo __METHOD__ . " getting parent
scope\n";
$scope = $scope->getParentScope();
- } while( $scope instanceof BranchScope );
+ } while ( $scope instanceof BranchScope );
if ( $scope->hasVariableWithName(
$variableObj->getName() ) ) {
$parentVarObj =
$scope->getVariableByName( $variableObj->getName() );
if ( !property_exists( $parentVarObj,
'taintedness' ) ) {
- //echo __METHOD__ . " parent
scope for {$variableObj->getName()} has no taint\n";
+ // echo __METHOD__ . " parent
scope for {$variableObj->getName()} has no taint\n";
$parentVarObj->taintedness =
$taintedness;
} else {
$parentVarObj->taintedness =
$this->mergeAddTaint( $parentVarObj->taintedness, $taintedness );
@@ -176,7 +168,7 @@
$variableObj->taintedness = $taintedness;
}
} else {
-//echo __METHOD__ . " \${$variableObj->getName()} is local variable\n";
+// echo __METHOD__ . " \${$variableObj->getName()} is local variable\n";
// This must be executed, so it can overwrite
taintedness.
$variableObj->taintedness = $override ?
$taintedness :
@@ -251,7 +243,7 @@
// $this->debug( __METHOD__, "no taint info for
func $func" );
try {
$func->analyze( $func->getContext(),
$this->code_base );
- } catch( Exception $e ) {
+ } catch ( Exception $e ) {
$this->debug( __METHOD__, "Error" .
$e->getMessage() . "\n" );
}
// $this->debug( __METHOD__, "updated taint
info for $func" );
@@ -275,7 +267,7 @@
* // assume its safe until). Except we don't.
* $taint = SecurityCheckPlugin::PRESERVE_TAINT;
}*/
- //echo "No taint for method $funcName - now $taint\n";
+ // echo "No taint for method $funcName - now $taint\n";
}
$this->checkFuncTaint( $taint );
return $taint;
@@ -289,11 +281,11 @@
$typelist = $types->getTypeSet();
if ( count( $typelist ) === 0 ) {
- //$this->debug( __METHOD__, "Setting type unknown due
to no type info." );
+ // $this->debug( __METHOD__, "Setting type unknown due
to no type info." );
return SecurityCheckPlugin::UNKNOWN_TAINT;
}
- foreach( $types->getTypeSet() as $type ) {
- switch( $type->getName() ) {
+ foreach ( $types->getTypeSet() as $type ) {
+ switch ( $type->getName() ) {
case 'int':
case 'float':
case 'bool':
@@ -313,7 +305,7 @@
case 'resource':
case 'mixed':
// TODO If we have a specific class, maybe look
at __toString()
- //$this->debug( __METHOD__, "Taint set unknown
due to type '$type'." );
+ // $this->debug( __METHOD__, "Taint set unknown
due to type '$type'." );
$taint = $this->mergeAddTaint( $taint,
SecurityCheckPlugin::UNKNOWN_TAINT );
break;
}
@@ -357,11 +349,11 @@
case "double":
case "NULL":
// simple literal
- return SecurityCheckPlugin::NO_TAINT;
+ return SecurityCheckPlugin::NO_TAINT;
case "object":
if ( $expr instanceof Node ) {
return $this->getTaintednessNode( $expr );
- } elseif( $expr instanceof TypedElementInterface ) {
+ } elseif ( $expr instanceof TypedElementInterface ) {
// echo __METHOD__ . "FIXME, do we want this
interface here?\n";
return $this->getTaintednessPhanObj( $expr );
}
@@ -376,8 +368,8 @@
}
protected function getTaintednessNode( Node $node ) : int {
- //Debug::printNode( $node );
- $r = (new TaintednessVisitor($this->code_base, $this->context,
$this->plugin))(
+ // Debug::printNode( $node );
+ $r = ( new TaintednessVisitor( $this->code_base,
$this->context, $this->plugin ) )(
$node
);
assert( $r >= 0, $r );
@@ -391,11 +383,11 @@
}
if ( property_exists( $variableObj, 'taintedness' ) ) {
$taintedness = $variableObj->taintedness;
- //echo "$varName has taintedness $taintedness due to
last time\n";
+ // echo "$varName has taintedness $taintedness due to
last time\n";
} else {
- $type = $variableObj->getUnionType();
+ $type = $variableObj->getUnionType();
$taintedness = $this->getTaintByReturnType( $type );
- //echo $this->dbgInfo() . " \$" .
$variableObj->getName() . " first sight. taintedness set to $taintedness due to
type $type\n";
+ // echo $this->dbgInfo() . " \$" .
$variableObj->getName() . " first sight. taintedness set to $taintedness due to
type $type\n";
}
assert( is_int( $taintedness ) && $taintedness >= 0 );
return $taintedness;
@@ -430,12 +422,12 @@
protected function getPhanObjsForNode( Node $node, $all = false ) {
$cn = $this->getCtxN( $node );
- switch( $node->kind ) {
+ switch ( $node->kind ) {
case \ast\AST_PROP:
case \ast\AST_STATIC_PROP:
try {
return [ $cn->getProperty(
$node->children['prop'] ) ];
- } catch( Exception $e ) {
+ } catch ( Exception $e ) {
try {
// There won't be an expr for
static prop.
if ( isset(
$node->children['expr'] ) ) {
@@ -447,10 +439,10 @@
return [];
}
}
- } catch( IssueException $e ) {
+ } catch ( IssueException $e ) {
$this->debug( __METHOD__,
"Cannot determine property or var name [1] (Maybe don't know what class) - " .
$e->getIssueInstance() );
return [];
- } catch( Exception $e ) {
+ } catch ( Exception $e ) {
$this->debug( __METHOD__,
"Cannot determine property or var name [2] (Maybe don't know what class) - " .
get_class( $e ) . $e->getMessage() );
return [];
}
@@ -460,7 +452,6 @@
case \ast\AST_VAR:
try {
if (
Variable::isHardcodedGlobalVariableWithName( $cn->getVariableName() ) ) {
-
return [];
} else {
return [ $cn->getVariable() ];
@@ -477,7 +468,7 @@
case \ast\AST_ENCAPS_LIST:
case \ast\AST_ARRAY:
$results = [];
- foreach( $node->children as $child ) {
+ foreach ( $node->children as $child ) {
if ( !is_object( $child ) ) {
continue;
}
@@ -557,7 +548,7 @@
}
$args =
$node->children['args']->children;
$pObjs = [ $func ];
- foreach( $args as $arg ) {
+ foreach ( $args as $arg ) {
if ( !( $arg instanceof Node )
) {
continue;
}
@@ -574,10 +565,10 @@
return [];
}
default:
- //Debug::printNode( $node );
+ // Debug::printNode( $node );
// This should really be a visitor that
recurses into
// things.
- echo __METHOD__ . $this->dbgInfo() . " FIXME
unhandled case" . \ast\get_kind_name( $node->kind ) . "\n";
+ echo __METHOD__ . $this->dbgInfo() . " FIXME
unhandled case" . \ast\get_kind_name( $node->kind ) . "\n";
return [];
}
}
@@ -660,7 +651,7 @@
// Last we add these methods to $a's list of all methods that
can set it.
foreach ( $rhs->taintedMethodLinks as $method ) {
$paramInfo = $rhs->taintedMethodLinks[$method];
- foreach( $paramInfo as $index => $_ ) {
+ foreach ( $paramInfo as $index => $_ ) {
assert( property_exists( $method,
'taintedVarLinks' ) );
assert( isset( $method->taintedVarLinks[$index]
) );
@@ -687,20 +678,20 @@
// FIXME. Does this check make sense?
// should it also check if it has any of the YES_TAINT flags?
- //echo __METHOD__ . $this->dbgInfo() . "Setting all methods
dependent on $var as exec\n";
+ // echo __METHOD__ . $this->dbgInfo() . "Setting all methods
dependent on $var as exec\n";
if ( !property_exists( $var, 'taintedMethodLinks' ) ) {
- //$this->debug( __METHOD__, "no backlinks on $var" );
+ // $this->debug( __METHOD__, "no backlinks on $var" );
return;
}
$oldMem = memory_get_peak_usage();
- foreach( $var->taintedMethodLinks as $method ) {
+ foreach ( $var->taintedMethodLinks as $method ) {
$paramInfo = $var->taintedMethodLinks[$method];
$paramTaint = [ 'overall' =>
SecurityCheckPlugin::NO_TAINT ];
- foreach( $paramInfo as $i => $_ ) {
+ foreach ( $paramInfo as $i => $_ ) {
$paramTaint[$i] = $taint;
- //$this->debug( __METHOD__ , "Setting method
$method arg $i as $taint due to depenency on $var" );
+ // $this->debug( __METHOD__ , "Setting method
$method arg $i as $taint due to depenency on $var" );
}
$this->setFuncTaint( $method, $paramTaint );
}
@@ -709,7 +700,7 @@
$this->setTaintedness( $var, $newTaint );
$newMem = memory_get_peak_usage();
- $diffMem = round( ($newMem - $oldMem ) / (1024*1024) );
+ $diffMem = round( ( $newMem - $oldMem ) / ( 1024 * 1024 ) );
if ( $diffMem > 2 ) {
$this->debug( __METHOD__, "Memory spike $diffMem for
$var" );
}
@@ -733,16 +724,16 @@
return;
}
$oldMem = memory_get_peak_usage();
- //echo __METHOD__ . $this->dbgInfo() . "Setting all vars
depending on $method as tainted\n";
+ // echo __METHOD__ . $this->dbgInfo() . "Setting all vars
depending on $method as tainted\n";
foreach ( $method->taintedVarLinks[$i] as $var ) {
$curVarTaint = $this->getTaintedness( $var );
$newTaint = $this->mergeAddTaint( $curVarTaint,
SecurityCheckPlugin::YES_TAINT );
- //echo __METHOD__ . $this->dbgInfo() . "Setting $var as
$newTaint due to dependency on $method\n";
+ // echo __METHOD__ . $this->dbgInfo() . "Setting $var
as $newTaint due to dependency on $method\n";
$this->setTaintedness( $var, $newTaint );
}
// Maybe delete links??
$newMem = memory_get_peak_usage();
- $diffMem = round( ($newMem - $oldMem ) / (1024*1024) );
+ $diffMem = round( ( $newMem - $oldMem ) / ( 1024 * 1024 ) );
if ( $diffMem > 2 ) {
$this->debug( __METHOD__, "Memory spike $diffMem for
$var" );
}
@@ -794,7 +785,7 @@
*/
protected function isSafeAssignment( $lhs, $rhs ) {
$adjustRHS = $this->yesToExecTaint( $rhs );
- //$this->debug( __METHOD__, "lhs=$lhs; rhs=$rhs,
adjustRhs=$adjustRHS" );
+ // $this->debug( __METHOD__, "lhs=$lhs; rhs=$rhs,
adjustRhs=$adjustRHS" );
return ( $adjustRHS & $lhs ) === 0 &&
!(
( $lhs & SecurityCheckPlugin::EXEC_TAINT ) &&
@@ -828,7 +819,7 @@
}
} elseif ( $element instanceof Node ) {
$pobjs = $this->getPhanObjsForNode( $element );
- foreach( $pobjs as $elem ) {
+ foreach ( $pobjs as $elem ) {
if ( property_exists( $elem,
'taintedOriginalError' ) ) {
$line .= $elem->taintedOriginalError;
}
@@ -838,7 +829,7 @@
// This will also include method calls and
whatnot.
// FIXME should we always do this? Is it too
spammy.
$pobjs = $this->getPhanObjsForNode( $element,
true );
- foreach( $pobjs as $elem ) {
+ foreach ( $pobjs as $elem ) {
if ( property_exists( $elem,
'taintedOriginalError' ) ) {
$line .=
$elem->taintedOriginalError;
}
@@ -906,7 +897,7 @@
foreach ( $links as $func ) {
/** @var $paramInfo array Array of int -> true
*/
$paramInfo = $links[$func];
- if ( (string)($func->getFQSEN()) ===
(string)($curFunc->getFQSEN()) ) {
+ if ( (string)( $func->getFQSEN() ) ===
(string)( $curFunc->getFQSEN() ) ) {
foreach ( $paramInfo as $i => $_ ) {
if ( !isset( $paramTaint[$i] )
) {
$paramTaint[$i] = 0;
@@ -960,10 +951,10 @@
isset( $taint['overall'] )
&& is_int( $taint['overall'] )
&& $taint >= 0,
- "Overall taint is wrong " . $this->dbgInfo() .
($taint['overall'] ?? 'unset' )
+ "Overall taint is wrong " . $this->dbgInfo() . (
$taint['overall'] ?? 'unset' )
);
- foreach( $taint as $i => $t ) {
+ foreach ( $taint as $i => $t ) {
assert( is_int( $t ) && $t >= 0, "Taint index $i wrong
$t" . $this->dbgInfo() );
}
}
diff --git a/src/TaintednessVisitor.php b/src/TaintednessVisitor.php
index 159a24b..35428da 100644
--- a/src/TaintednessVisitor.php
+++ b/src/TaintednessVisitor.php
@@ -1,25 +1,14 @@
-<?php declare(strict_types=1);
+<?php declare( strict_types=1 );
-use Phan\AST\AnalysisVisitor;
use Phan\AST\ContextNode;
-use Phan\CodeBase;
use Phan\Language\Context;
-use Phan\Language\Element\Clazz;
-use Phan\Language\Element\Func;
-use Phan\Language\Element\FunctionInterface;
-use Phan\Language\Element\Method;
use Phan\Language\Element\Variable;
-use Phan\Language\UnionType;
-use Phan\Language\FQSEN\FullyQualifiedFunctionLikeName;
use Phan\Language\FQSEN\FullyQualifiedMethodName;
use Phan\Plugin;
-use Phan\Plugin\PluginImplementation;
use ast\Node;
use ast\Node\Decl;
use Phan\Exception\IssueException;
use Phan\Debug;
-use Phan\Language\Scope\FunctionLikeScope;
-use Phan\Language\Scope\BranchScope;
use Phan\Library\Set;
/**
@@ -45,8 +34,7 @@
* @param Node $node
* @return int The taintedness of the node.
*/
- public function visit (Node $node) : int
- {
+ public function visit( Node $node ) : int {
// This method will be called on all nodes for which
// there is no implementation of it's kind visitor.
//
@@ -56,12 +44,11 @@
//var_dump( $this->context );
echo ' ';
Debug::printNode($node); */
- #echo __METHOD__ . $this->dbgInfo() . " setting unknown taint
for " . \ast\get_kind_name( $node->kind ) . "\n";
- #Debug::printNode( $node );
+ # echo __METHOD__ . $this->dbgInfo() . " setting unknown taint
for " . \ast\get_kind_name( $node->kind ) . "\n";
+ # Debug::printNode( $node );
$this->debug( __METHOD__, "unhandled case " .
\ast\get_kind_name( $node->kind ) );
return SecurityCheckPlugin::UNKNOWN_TAINT;
}
-
public function visitFuncDecl( Decl $node ) : int {
return $this->visitMethod( $node );
@@ -197,7 +184,7 @@
* Also handles visitAssignOp
*/
public function visitAssign( Node $node ) : int {
- //echo __METHOD__ . $this->dbgInfo() . ' ';
+ // echo __METHOD__ . $this->dbgInfo() . ' ';
// Debug::printNode($node);
// FIXME This is wrong for non-local vars (including class
props)
@@ -208,8 +195,8 @@
try {
$variableObjs = $this->getPhanObjsForNode(
$node->children['var'] );
} catch ( Exception $e ) {
- echo __METHOD__ . " FIXME Cannot understand RHS. " .
get_class($e) . " - {$e->getMessage()}\n";
- //Debug::printNode( $node );
+ echo __METHOD__ . " FIXME Cannot understand RHS. " .
get_class( $e ) . " - {$e->getMessage()}\n";
+ // Debug::printNode( $node );
return SecurityCheckPlugin::UNKNOWN_TAINT;
}
$lhsTaintedness = $this->getTaintedness( $node->children['var']
);
@@ -238,7 +225,7 @@
. $this->getOriginalTaintLine(
$node->children['var'] )
);
}
- foreach( $variableObjs as $variableObj ) {
+ foreach ( $variableObjs as $variableObj ) {
// echo $this->dbgInfo() . " " . $variableObj . " now
merging in taintedness " . $rhsTaintedness . " (previously $lhsTaintedness)\n";
$this->setTaintedness( $variableObj, $rhsTaintedness,
$override );
try {
@@ -252,13 +239,12 @@
}
foreach ( $rhsObjs as $rhsObj ) {
$this->mergeTaintDependencies( $variableObj,
$rhsObj );
- }
+ }
}
return $rhsTaintedness;
}
public function visitBinaryOp( Node $node ) : int {
-
$safeBinOps =
// Unsure about BITWISE ops, since
// "A" | "B" still is a string
@@ -322,9 +308,9 @@
"Echoing tainted expression ($taintedness)"
. $this->getOriginalTaintLine(
$node->children['expr'] )
);
- } elseif ( is_object( $node->children['expr'] )||$taintedness &
SecurityCheckPlugin::PRESERVE_TAINT ) {
+ } elseif ( is_object( $node->children['expr'] ) || $taintedness
& SecurityCheckPlugin::PRESERVE_TAINT ) {
$phanObjs = $this->getPhanObjsForNode(
$node->children['expr'] );
- foreach( $phanObjs as $phanObj ) {
+ foreach ( $phanObjs as $phanObj ) {
$this->debug( __METHOD__, "Setting $phanObj
exec due to echo" );
// FIXME, maybe not do this for local variables
// since they don't have other code paths that
can set them.
@@ -366,8 +352,8 @@
$this->context,
$node
);
- $isStatic = ($node->kind === \ast\AST_STATIC_CALL);
- $isFunc = ($node->kind === \ast\AST_CALL);
+ $isStatic = ( $node->kind === \ast\AST_STATIC_CALL );
+ $isFunc = ( $node->kind === \ast\AST_CALL );
// First we need to get the taintedness of the method
// in question.
@@ -391,7 +377,7 @@
}
$funcName = $func->getFQSEN();
$taint = $this->getTaintOfFunction( $func );
- } catch( IssueException $e ) {
+ } catch ( IssueException $e ) {
$this->debug( __METHOD__, "FIXME complicated case not
handled. Maybe func not defined." . $e->getIssueInstance() );
$func = null;
$funcName = '[UNKNOWN FUNC]';
@@ -408,7 +394,7 @@
$overallArgTaint = SecurityCheckPlugin::NO_TAINT;
$overallTaintHist = '';
$args = $node->children['args']->children;
- foreach( $args as $i => $argument ) {
+ foreach ( $args as $i => $argument ) {
if ( !is_object( $argument ) ) {
// Literal value
continue;
@@ -416,7 +402,7 @@
$curArgTaintedness = $this->getTaintednessNode(
$argument );
if ( isset( $taint[$i] ) ) {
- $effectiveArgTaintedness = $curArgTaintedness &
+ $effectiveArgTaintedness = $curArgTaintedness &
( $taint[$i] | $this->execToYesTaint(
$taint[$i] ) );
# $this->debug( __METHOD__, "effective
$effectiveArgTaintedness via arg $i $funcName" );
} elseif ( ( $taint['overall'] &
@@ -454,15 +440,15 @@
// Iffy if this will work, because phan replaces
// the Parameter objects with
ParameterPassByReference,
// and then unreplaces them
- //echo __METHOD__ . $this->dbgInfo() .
(string)$param. "\n";
+ // echo __METHOD__ . $this->dbgInfo() .
(string)$param. "\n";
$pobjs = $this->getPhanObjsForNode( $argument );
if ( count( $pobjs ) !== 1 ) {
echo __METHOD__ . $this->dbgInfo() .
"Expected only one " . (string)$param . "\n";
}
- foreach( $pobjs as $pobj ) {
+ foreach ( $pobjs as $pobj ) {
// FIXME, is unknown right here.
- $combinedTaint = $this->mergeAddTaint(
+ $combinedTaint = $this->mergeAddTaint(
$methodVar->taintedness ??
SecurityCheckPlugin::UNKNOWN_TAINT,
$pobj->taintedness ??
SecurityCheckPlugin::UNKNOWN_TAINT
);
@@ -472,7 +458,7 @@
$pobjLinks = $pobj->taintedMethodLinks
?? new Set;
$pobj->taintedMethodLinks =
$methodLinks->union( $pobjLinks );
$methodVar->taintedMethodLinks =&
$pobj->taintedMethodLinks;
- $combinedOrig =
($pobj->taintedOriginalError ?? '' ) . ( $methodVar->taintedOriginalError ?? ''
);
+ $combinedOrig = (
$pobj->taintedOriginalError ?? '' ) . ( $methodVar->taintedOriginalError ?? ''
);
if ( strlen( $combinedOrig ) > 255 ) {
$combinedOrig = substr(
$combinedOrig, 0, 250 ) . '...';
}
@@ -499,7 +485,7 @@
// So backpropagate that assigning to $arg can cause
evilness.
if ( $this->isExecTaint( $taint[$i] ?? 0 ) ) {
# $this->debug( __METHOD__, "cur param is EXEC.
$funcName" );
- try {
+ try {
$phanObjs = $this->getPhanObjsForNode(
$argument );
foreach ( $phanObjs as $phanObj ) {
$this->markAllDependentMethodsExec( $phanObj );
@@ -508,10 +494,10 @@
$this->debug( __METHOD__, "FIXME " .
get_class( $e ) . " " . $e->getMessage() );
}
}
- $taintedArg = $argument->children['name'] ?? '[arg #' .
($i+1) . ']';
+ $taintedArg = $argument->children['name'] ?? '[arg #' .
( $i + 1 ) . ']';
// We use curArgTaintedness here, as we aren't checking
what taint
// gets passed to return value, but which taint is
EXECed.
- //$this->debug( __METHOD__, "Checking safe assing
$funcName arg=$i paramTaint= " .( $taint[$i] ?? "MISSING" ). " vs argTaint=
$curArgTaintedness" );
+ // $this->debug( __METHOD__, "Checking safe assing
$funcName arg=$i paramTaint= " .( $taint[$i] ?? "MISSING" ). " vs argTaint=
$curArgTaintedness" );
if ( !$this->isSafeAssignment( $taint[$i] ?? 0,
$curArgTaintedness ) ) {
$containingMethod = $this->getCurrentMethod();
$this->plugin->emitIssue(
@@ -524,7 +510,7 @@
" that outputs using tainted
($curArgTaintedness; " .
( $taint[$i] ?? 0 ) . ") argument
\$$taintedArg." .
( $func ? $this->getOriginalTaintLine(
$func ) : '' ).
- $this->getOriginalTaintLine( $argument
)
+ $this->getOriginalTaintLine( $argument )
);
}
@@ -549,7 +535,7 @@
}
$newMem = memory_get_peak_usage();
- $diffMem = round( ($newMem - $oldMem ) / (1024*1024) );
+ $diffMem = round( ( $newMem - $oldMem ) / ( 1024 * 1024 ) );
if ( $diffMem > 2 ) {
$this->debug( __METHOD__, "Memory spike $diffMem
$funcName" );
}
@@ -582,11 +568,11 @@
if ( !$this->context->getScope()->hasVariableWithName( $varName
) ) {
if ( Variable::isSuperglobalVariableWithName( $varName
) ) {
// Super globals are tainted.
- //echo "$varName is superglobal. Marking
tainted\n";
+ // echo "$varName is superglobal. Marking
tainted\n";
return SecurityCheckPlugin::YES_TAINT;
}
// Probably the var just isn't in scope yet.
- //$this->debug( __METHOD__, "No var with name
\$$varName in scope (Setting Unknown taint)" );
+ // $this->debug( __METHOD__, "No var with name
\$$varName in scope (Setting Unknown taint)" );
return SecurityCheckPlugin::UNKNOWN_TAINT;
}
$variableObj = $this->context->getScope()->getVariableByName(
$varName );
@@ -604,7 +590,7 @@
$localVar = $scope->getVariableByName( $varName );
$globalVar = $scope->getGlobalVariableByName( $varName
);
if ( !property_exists( $globalVar, 'taintedness' ) ) {
- //echo "Setting initial taintedness for global
$varName of NO\n";
+ // echo "Setting initial taintedness for global
$varName of NO\n";
$globalVar->taintedness =
SecurityCheckPlugin::NO_TAINT;
}
if ( property_exists( $localVar, 'taintedness' ) ) {
@@ -622,7 +608,7 @@
public function visitReturn( Node $node ) : int {
if ( !$this->context->isInFunctionLikeScope() ) {
$this->debug( __METHOD__, "return outside func?" );
- //Debug::printNode( $node );
+ // Debug::printNode( $node );
return SecurityCheckPlugin::UNKNOWN_TAINT;
}
@@ -641,7 +627,7 @@
if ( $funcTaint['overall'] &
SecurityCheckPlugin::YES_EXEC_TAINT ) {
$taintSource = '';
$pobjs = $this->getPhanObjsForNode(
$node->children['expr'] );
- foreach( $pobjs as $pobj ) {
+ foreach ( $pobjs as $pobj ) {
$taintSource .= $pobj->taintedOriginalError ??
'';
}
if ( strlen( $taintSource ) < 200 ) {
@@ -663,7 +649,7 @@
*/
public function visitArray( Node $node ) : int {
$curTaint = SecurityCheckPlugin::NO_TAINT;
- foreach( $node->children as $child ) {
+ foreach ( $node->children as $child ) {
assert( $child->kind === \ast\AST_ARRAY_ELEM );
$curTaint = $this->mergeAddTaint( $curTaint,
$this->getTaintedness( $child ) );
}
@@ -696,8 +682,8 @@
try {
$props = $this->getPhanObjsForNode( $node );
} catch ( Exception $e ) {
- $this->debug( __METHOD__, "Cannot understand static
class prop. " . get_class($e) . " - {$e->getMessage()}" );
- //Debug::printNode( $node );
+ $this->debug( __METHOD__, "Cannot understand static
class prop. " . get_class( $e ) . " - {$e->getMessage()}" );
+ // Debug::printNode( $node );
return SecurityCheckPlugin::UNKNOWN_TAINT;
}
@@ -706,19 +692,18 @@
$this->debug( __METHOD__, "static prop has many
objects" );
}
$taint = 0;
- foreach( $props as $prop ) {
+ foreach ( $props as $prop ) {
$taint |= $this->getTaintednessPhanObj( $prop );
}
return $taint;
}
-
public function visitProp( Node $node ) : int {
try {
$props = $this->getPhanObjsForNode( $node );
} catch ( Exception $e ) {
- //$this->debug( __METHOD__, "Cannot understand class
prop. " . get_class($e) . " - {$e->getMessage()}" );
- //Debug::printNode( $node );
+ // $this->debug( __METHOD__, "Cannot understand class
prop. " . get_class($e) . " - {$e->getMessage()}" );
+ // Debug::printNode( $node );
return SecurityCheckPlugin::UNKNOWN_TAINT;
}
if ( count( $props ) !== 1 ) {
@@ -764,8 +749,8 @@
assert( $clazz->hasPropertyWithName( $this->code_base,
$node->children['name'] ) );
$prop = $clazz->getPropertyByNameInContext( $this->code_base,
$node->children['name'], $this->context );
- // FIXME should this be NO?
- //$this->debug( __METHOD__, "Setting taint preserve if not set
yet for \$" . $node->children['name'] . "" );
+ // FIXME should this be NO?
+ // $this->debug( __METHOD__, "Setting taint preserve if not set
yet for \$" . $node->children['name'] . "" );
$this->setTaintedness( $prop, SecurityCheckPlugin::NO_TAINT,
false );
return SecurityCheckPlugin::INAPLICABLE_TAINT;
}
@@ -824,7 +809,7 @@
*/
public function visitEncapsList( Node $node ) : int {
$taint = SecurityCheckPlugin::NO_TAINT;
- foreach( $node->children as $child ) {
+ foreach ( $node->children as $child ) {
$taint = $this->mergeAddTaint( $taint,
$this->getTaintedness( $child ) );
}
return $taint;
@@ -842,4 +827,3 @@
return SecurityCheckPlugin::NO_TAINT;
}
}
-
diff --git a/src/tests/config.php b/src/tests/config.php
index ba00e62..16d8337 100644
--- a/src/tests/config.php
+++ b/src/tests/config.php
@@ -1,6 +1,5 @@
<?php
-use \Phan\Config;
// If xdebug is enabled, we need to increase the nesting level for phan
ini_set( 'xdebug.max_nesting_level', 1000 );
@@ -288,7 +287,7 @@
// A list of plugin files to execute
'plugins' => [
- #'.phan/plugins/InlineTypePlugin.php',
+ # '.phan/plugins/InlineTypePlugin.php',
'../..//plugins/MediaWikiSecurityCheckPlugin.php',
],
];
diff --git a/src/tests/integration/callwithevil/test.php
b/src/tests/integration/callwithevil/test.php
index 1821369..82d0cf5 100644
--- a/src/tests/integration/callwithevil/test.php
+++ b/src/tests/integration/callwithevil/test.php
@@ -9,4 +9,3 @@
$c = "Some safe string";
Foo::output( $a, 'foo' );
-
diff --git a/src/tests/integration/callwithevil2/test.php
b/src/tests/integration/callwithevil2/test.php
index fe87205..647875d 100644
--- a/src/tests/integration/callwithevil2/test.php
+++ b/src/tests/integration/callwithevil2/test.php
@@ -9,4 +9,3 @@
$c = "Some safe string";
Foo::output( $c, $a );
-
diff --git a/src/tests/integration/callwithevil3/test.php
b/src/tests/integration/callwithevil3/test.php
index fdd67ee..a4170ce 100644
--- a/src/tests/integration/callwithevil3/test.php
+++ b/src/tests/integration/callwithevil3/test.php
@@ -9,4 +9,3 @@
$c = "Some safe string";
Foo::output( $_GET['bar'], $a );
-
diff --git a/src/tests/integration/echoevil2/test.php
b/src/tests/integration/echoevil2/test.php
index 3373e76..1080dc1 100644
--- a/src/tests/integration/echoevil2/test.php
+++ b/src/tests/integration/echoevil2/test.php
@@ -10,4 +10,3 @@
}
}
-
diff --git a/src/tests/integration/echoevilfunc/test.php
b/src/tests/integration/echoevilfunc/test.php
index 05789b1..8147f01 100644
--- a/src/tests/integration/echoevilfunc/test.php
+++ b/src/tests/integration/echoevilfunc/test.php
@@ -6,4 +6,3 @@
}
echo Foo::getEvil();
-
diff --git a/src/tests/integration/execvstaint/OutputPage.php
b/src/tests/integration/execvstaint/OutputPage.php
index 7e7e68d..8f28f68 100644
--- a/src/tests/integration/execvstaint/OutputPage.php
+++ b/src/tests/integration/execvstaint/OutputPage.php
@@ -7,7 +7,6 @@
class OutputPage {
public static function addHTML( $html ) {
-
}
}
diff --git a/src/tests/integration/indirectecho/test.php
b/src/tests/integration/indirectecho/test.php
index 3c3a8bc..ec45213 100644
--- a/src/tests/integration/indirectecho/test.php
+++ b/src/tests/integration/indirectecho/test.php
@@ -11,4 +11,3 @@
echo $this->hold;
}
}
-
diff --git a/src/tests/integration/miscpreserves/test.php
b/src/tests/integration/miscpreserves/test.php
index bc17c5a..743b1ec 100644
--- a/src/tests/integration/miscpreserves/test.php
+++ b/src/tests/integration/miscpreserves/test.php
@@ -5,4 +5,3 @@
$b = strtolower( $a );
echo $b;
-
diff --git a/src/tests/integration/prop/test.php
b/src/tests/integration/prop/test.php
index a343d0d..85c32d6 100644
--- a/src/tests/integration/prop/test.php
+++ b/src/tests/integration/prop/test.php
@@ -5,7 +5,6 @@
/** @var string $myProp */
public $myProp = '';
-
public function setMyProp( $p ) {
$this->myProp = $p;
}
diff --git a/src/tests/integration/refescape/reftest.php
b/src/tests/integration/refescape/reftest.php
index c6666be..da1e067 100644
--- a/src/tests/integration/refescape/reftest.php
+++ b/src/tests/integration/refescape/reftest.php
@@ -4,7 +4,7 @@
appendStuff( $a );
-echo htmlspecialchars($a);
+echo htmlspecialchars( $a );
function appendStuff( &$param ) {
$param .= $_POST['foo'];
diff --git a/src/tests/integration/refwrongesc/reftest.php
b/src/tests/integration/refwrongesc/reftest.php
index 2e6d950..876f333 100644
--- a/src/tests/integration/refwrongesc/reftest.php
+++ b/src/tests/integration/refwrongesc/reftest.php
@@ -4,7 +4,7 @@
appendStuff( $a );
-echo escapeshellarg($a);
+echo escapeshellarg( $a );
function appendStuff( &$param ) {
$param .= $_POST['foo'];
diff --git a/src/tests/integration/safebinopor/test.php
b/src/tests/integration/safebinopor/test.php
index 4bda0a3..c9375cd 100644
--- a/src/tests/integration/safebinopor/test.php
+++ b/src/tests/integration/safebinopor/test.php
@@ -1,3 +1,3 @@
<?php
-echo ($_GET['foo'] === 'dog' || $_GET['baz'] === 'fred' );
+echo ( $_GET['foo'] === 'dog' || $_GET['baz'] === 'fred' );
diff --git a/src/tests/integration/viafunc/Html.php
b/src/tests/integration/viafunc/Html.php
index bb13f75..b0453e8 100644
--- a/src/tests/integration/viafunc/Html.php
+++ b/src/tests/integration/viafunc/Html.php
@@ -4,7 +4,6 @@
class Html {
-
public static function element( $element, $attribs = [], $contents = ''
) {
return self::rawElement( $element, $attribs, strtr( $contents, [
// There's no point in escaping quotes, >, etc. in the
contents of
@@ -18,9 +17,9 @@
return 'placeholder';
}
- public static function hidden( $name, $value, array $attribs = [] ) {
+ public static function hidden( $name, $value, array $attribs = [] ) {
return self::input( $name, $value, 'hidden', $attribs );
- }
+ }
/**
* Convenience function to produce an "<input>" element. This supports
the
@@ -31,8 +30,8 @@
* @param string $type Type attribute
* @param array $attribs Associative array of miscellaneous extra
* attributes, passed to Html::element()
- * @return string Raw HTML
- */
+ * @return string Raw HTML
+ */
public static function input( $name, $value = '', $type = 'text', array
$attribs = [] ) {
$attribs['type'] = $type;
$attribs['value'] = $value;
diff --git a/src/tests/integration/viafunc/OutputPage.php
b/src/tests/integration/viafunc/OutputPage.php
index 7e7e68d..8f28f68 100644
--- a/src/tests/integration/viafunc/OutputPage.php
+++ b/src/tests/integration/viafunc/OutputPage.php
@@ -7,7 +7,6 @@
class OutputPage {
public static function addHTML( $html ) {
-
}
}
diff --git a/src/tests/integration/viafuncbad/Html.php
b/src/tests/integration/viafuncbad/Html.php
index bb13f75..b0453e8 100644
--- a/src/tests/integration/viafuncbad/Html.php
+++ b/src/tests/integration/viafuncbad/Html.php
@@ -4,7 +4,6 @@
class Html {
-
public static function element( $element, $attribs = [], $contents = ''
) {
return self::rawElement( $element, $attribs, strtr( $contents, [
// There's no point in escaping quotes, >, etc. in the
contents of
@@ -18,9 +17,9 @@
return 'placeholder';
}
- public static function hidden( $name, $value, array $attribs = [] ) {
+ public static function hidden( $name, $value, array $attribs = [] ) {
return self::input( $name, $value, 'hidden', $attribs );
- }
+ }
/**
* Convenience function to produce an "<input>" element. This supports
the
@@ -31,8 +30,8 @@
* @param string $type Type attribute
* @param array $attribs Associative array of miscellaneous extra
* attributes, passed to Html::element()
- * @return string Raw HTML
- */
+ * @return string Raw HTML
+ */
public static function input( $name, $value = '', $type = 'text', array
$attribs = [] ) {
$attribs['type'] = $type;
$attribs['value'] = $value;
diff --git a/src/tests/integration/viafuncbad/OutputPage.php
b/src/tests/integration/viafuncbad/OutputPage.php
index 7e7e68d..8f28f68 100644
--- a/src/tests/integration/viafuncbad/OutputPage.php
+++ b/src/tests/integration/viafuncbad/OutputPage.php
@@ -7,7 +7,6 @@
class OutputPage {
public static function addHTML( $html ) {
-
}
}
--
To view, visit https://gerrit.wikimedia.org/r/391628
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I63949990101001481454ff8879dad18bed334433
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/tools/phan/SecurityCheckPlugin
Gerrit-Branch: master
Gerrit-Owner: Brian Wolff <[email protected]>
Gerrit-Reviewer: Brian Wolff <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
