[Wikidata-bugs] [Maniphest] [Created] T101341: Ex: WikibaseQualityConstraints - stored SQL injection via constraint parameters

[csteipp]

csteipp created this task.
csteipp added subscribers: Andreasburmeister, csteipp, Tamslo, Liuxinyu970226, 
Lydia_Pintscher, Aklapper, Wikidata-Quality-Constraints.
csteipp added projects: Wikidata, Wikidata-Quality-Constraints, 
Security-Reviews, Security.
csteipp changed the visibility of this Task from "Public (No Login Required)" 
to "Custom Policy".
csteipp changed the edit policy of this Task from "All Users" to "Custom 
Policy".
csteipp changed Security from None to Software security bug.

TASK DESCRIPTION
  Stored SQL Injection:
  * Constraint parameters are loaded from the CSV (UpdateTable.php: 46,47)
  * Various ConstraintChecker::checkConstraint calls add some of the Constraint 
parameters to the returned CheckResult's parameters
  * CheckResultToViolationTranslator::translateToViolation() adds the 
CheckResult's parameters as a comma separated list to the generated 
$constraintId
  * CheckResultToViolationTranslator::translateToViolation() creates a 
Violation object with constraintId set to the generated value
  * When ViolationRepo::save() is called with the Violation, the constraintId 
is used in a raw SQL fragment (ViolationRepo.php: 75)
  
  
  ViolationRepo needs to properly sanitize its SQL.

TASK DETAIL
  https://phabricator.wikimedia.org/T101341

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: csteipp
Cc: Wikidata-bugs, dominic.sauer, Jonaskeutel, soeren.oldag, Tamslo, 
Tobi_WMDE_SW, Aklapper, Lydia_Pintscher, Liuxinyu970226, csteipp, 
Andreasburmeister, Jalexander, Parent5446, Anomie, MaxSem, Krenair, Legoktm



_______________________________________________
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs