subject:"\[MediaWiki\-commits\] \[Gerrit\] mediawiki...SecurityCheckPlugin\[master\]\: Add support for IDatabase\:\:select style arguments"

[MediaWiki-commits] [Gerrit] mediawiki...SecurityCheckPlugin[master]: Add support for IDatabase::select style arguments

2017-12-03 Thread Brian Wolff (Code Review)

Brian Wolff has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/394870 )

Change subject: Add support for IDatabase::select style arguments
..

Add support for IDatabase::select style arguments

Change-Id: Id52f45e3dfc21a4c522902a8d4d92e61b40b7202
---
M src/MediaWikiSecurityCheckPlugin.php
M src/TaintednessBaseVisitor.php
M src/TaintednessVisitor.php
A tests/integration/arraynumkey/db.php
A tests/integration/arraynumkey/expectedResults.txt
A tests/integration/arraynumkey/test.php
A tests/integration/multiassign/expectedResults.txt
A tests/integration/multiassign/test.php
A tests/integration/multiassign/test2.php
9 files changed, 289 insertions(+), 1 deletion(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/tools/phan/SecurityCheckPlugin 
refs/changes/70/394870/1

diff --git a/src/MediaWikiSecurityCheckPlugin.php 
b/src/MediaWikiSecurityCheckPlugin.php
index d17ebfa..2c25a07 100644
--- a/src/MediaWikiSecurityCheckPlugin.php
+++ b/src/MediaWikiSecurityCheckPlugin.php
@@ -76,6 +76,42 @@
// What should DB results be considered?
'overall' => self::YES_TAINT
],
+   '\Wikimedia\Rdbms\IDatabase::select' => [
+   self::SQL_EXEC_TAINT,
+   self::SQL_EXEC_TAINT,
+   self::SQL_NUMKEY_EXEC_TAINT,
+   // the function name doesn't seem to be escaped
+   self::SQL_EXEC_TAINT,
+   // I'm not even sure for options
+   self::SQL_EXEC_TAINT,
+   self::SQL_NUMKEY_EXEC_TAINT,
+   // What should DB results be considered?
+   'overall' => self::YES_TAINT
+   ],
+   '\Wikimedia\Rdbms\Database::select' => [
+   self::SQL_EXEC_TAINT,
+   self::SQL_EXEC_TAINT,
+   self::SQL_NUMKEY_EXEC_TAINT,
+   // the function name doesn't seem to be escaped
+   self::SQL_EXEC_TAINT,
+   // I'm not even sure for options
+   self::SQL_EXEC_TAINT,
+   self::SQL_NUMKEY_EXEC_TAINT,
+   // What should DB results be considered?
+   'overall' => self::YES_TAINT
+   ],
+   '\Wikimedia\Rdbms\DBConnRef::select' => [
+   self::SQL_EXEC_TAINT,
+   self::SQL_EXEC_TAINT,
+   self::SQL_NUMKEY_EXEC_TAINT,
+   // the function name doesn't seem to be escaped
+   self::SQL_EXEC_TAINT,
+   // I'm not even sure for options
+   self::SQL_EXEC_TAINT,
+   self::SQL_NUMKEY_EXEC_TAINT,
+   // What should DB results be considered?
+   'overall' => self::YES_TAINT
+   ],
'\Wikimedia\Rdbms\Database::addIdentifierQuotes' => [
self::YES_TAINT & ~self::SQL_TAINT,
'overall' => self::NO_TAINT,
diff --git a/src/TaintednessBaseVisitor.php b/src/TaintednessBaseVisitor.php
index 89a47b1..4a01337 100644
--- a/src/TaintednessBaseVisitor.php
+++ b/src/TaintednessBaseVisitor.php
@@ -12,6 +12,7 @@
 use Phan\Language\UnionType;
 use Phan\Language\Type\CallableType;
 use Phan\Language\Type\MixedType;
+use Phan\Language\Type\IntType;
 use Phan\Language\Type\StringType;
 use Phan\Language\FQSEN\FullyQualifiedFunctionLikeName;
 use Phan\Language\FQSEN\FullyQualifiedFunctionName;
@@ -1359,7 +1360,12 @@
) {
$issueType = 'SecurityCheck-XSS';
} elseif (
-   $combinedTaint === SecurityCheckPlugin::SQL_TAINT
+   $combinedTaint === SecurityCheckPlugin::SQL_TAINT ||
+   $combinedTaint === 
SecurityCheckPlugin::SQL_NUMKEY_TAINT ||
+   $combinedTaint === (
+   SecurityCheckPlugin::SQL_TAINT |
+   SecurityCheckPlugin::SQL_NUMKEY_TAINT
+   )
) {
$issueType = 'SecurityCheck-SQLInjection';
$severity = Issue::SEVERITY_CRITICAL;
@@ -1459,6 +1465,16 @@
$curArgTaintedness = 
SecurityCheckPlugin::NO_TAINT;
$effectiveArgTaintedness = 
SecurityCheckPlugin::NO_TAINT;

[MediaWiki-commits] [Gerrit] mediawiki...SecurityCheckPlugin[master]: Add support for IDatabase::select style arguments

2017-12-03 Thread Brian Wolff (Code Review)

Brian Wolff has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/394870 )

Change subject: Add support for IDatabase::select style arguments
..


Add support for IDatabase::select style arguments

Change-Id: Id52f45e3dfc21a4c522902a8d4d92e61b40b7202
---
M src/MediaWikiSecurityCheckPlugin.php
M src/TaintednessBaseVisitor.php
M src/TaintednessVisitor.php
A tests/integration/arraynumkey/db.php
A tests/integration/arraynumkey/expectedResults.txt
A tests/integration/arraynumkey/test.php
A tests/integration/multiassign/expectedResults.txt
A tests/integration/multiassign/test.php
A tests/integration/multiassign/test2.php
9 files changed, 289 insertions(+), 1 deletion(-)



diff --git a/src/MediaWikiSecurityCheckPlugin.php 
b/src/MediaWikiSecurityCheckPlugin.php
index d17ebfa..2c25a07 100644
--- a/src/MediaWikiSecurityCheckPlugin.php
+++ b/src/MediaWikiSecurityCheckPlugin.php
@@ -76,6 +76,42 @@
// What should DB results be considered?
'overall' => self::YES_TAINT
],
+   '\Wikimedia\Rdbms\IDatabase::select' => [
+   self::SQL_EXEC_TAINT,
+   self::SQL_EXEC_TAINT,
+   self::SQL_NUMKEY_EXEC_TAINT,
+   // the function name doesn't seem to be escaped
+   self::SQL_EXEC_TAINT,
+   // I'm not even sure for options
+   self::SQL_EXEC_TAINT,
+   self::SQL_NUMKEY_EXEC_TAINT,
+   // What should DB results be considered?
+   'overall' => self::YES_TAINT
+   ],
+   '\Wikimedia\Rdbms\Database::select' => [
+   self::SQL_EXEC_TAINT,
+   self::SQL_EXEC_TAINT,
+   self::SQL_NUMKEY_EXEC_TAINT,
+   // the function name doesn't seem to be escaped
+   self::SQL_EXEC_TAINT,
+   // I'm not even sure for options
+   self::SQL_EXEC_TAINT,
+   self::SQL_NUMKEY_EXEC_TAINT,
+   // What should DB results be considered?
+   'overall' => self::YES_TAINT
+   ],
+   '\Wikimedia\Rdbms\DBConnRef::select' => [
+   self::SQL_EXEC_TAINT,
+   self::SQL_EXEC_TAINT,
+   self::SQL_NUMKEY_EXEC_TAINT,
+   // the function name doesn't seem to be escaped
+   self::SQL_EXEC_TAINT,
+   // I'm not even sure for options
+   self::SQL_EXEC_TAINT,
+   self::SQL_NUMKEY_EXEC_TAINT,
+   // What should DB results be considered?
+   'overall' => self::YES_TAINT
+   ],
'\Wikimedia\Rdbms\Database::addIdentifierQuotes' => [
self::YES_TAINT & ~self::SQL_TAINT,
'overall' => self::NO_TAINT,
diff --git a/src/TaintednessBaseVisitor.php b/src/TaintednessBaseVisitor.php
index 89a47b1..4a01337 100644
--- a/src/TaintednessBaseVisitor.php
+++ b/src/TaintednessBaseVisitor.php
@@ -12,6 +12,7 @@
 use Phan\Language\UnionType;
 use Phan\Language\Type\CallableType;
 use Phan\Language\Type\MixedType;
+use Phan\Language\Type\IntType;
 use Phan\Language\Type\StringType;
 use Phan\Language\FQSEN\FullyQualifiedFunctionLikeName;
 use Phan\Language\FQSEN\FullyQualifiedFunctionName;
@@ -1359,7 +1360,12 @@
) {
$issueType = 'SecurityCheck-XSS';
} elseif (
-   $combinedTaint === SecurityCheckPlugin::SQL_TAINT
+   $combinedTaint === SecurityCheckPlugin::SQL_TAINT ||
+   $combinedTaint === 
SecurityCheckPlugin::SQL_NUMKEY_TAINT ||
+   $combinedTaint === (
+   SecurityCheckPlugin::SQL_TAINT |
+   SecurityCheckPlugin::SQL_NUMKEY_TAINT
+   )
) {
$issueType = 'SecurityCheck-SQLInjection';
$severity = Issue::SEVERITY_CRITICAL;
@@ -1459,6 +1465,16 @@
$curArgTaintedness = 
SecurityCheckPlugin::NO_TAINT;
$effectiveArgTaintedness = 
SecurityCheckPlugin::NO_TAINT;
} elseif ( isset( $taint[$i] ) ) {
+   if (
+

[MediaWiki-commits] [Gerrit] mediawiki...SecurityCheckPlugin[master]: Add support for IDatabase::select style arguments

[MediaWiki-commits] [Gerrit] mediawiki...SecurityCheckPlugin[master]: Add support for IDatabase::select style arguments

2 matches

Site Navigation

Mail list logo

Footer information