[00:27:29] 10phan-taint-check-plugin, 10Patch-For-Review: taint-check fails on array-plus and assumed int|float type - https://phabricator.wikimedia.org/T268891 (10Daimona) >>! In T268891#6653088, @Umherirrender wrote: > Not sure if related, but also related to types: > > `Language.php` [...] > `ResourceLoader.php` [...... [00:36:17] 10phan-taint-check-plugin, 10MediaWiki-Core-Testing, 10Security-Team, 10MW-1.35-notes (1.35.0-wmf.32; 2020-05-12), and 2 others: Suppress or fix non-double escape phan-taint-check warnings for MW core - https://phabricator.wikimedia.org/T216348 (10Daimona) >>! In T216348#6653147, @Umherirrender wrote: > `... [01:00:28] 10phan-taint-check-plugin, 10MediaWiki-Core-Testing, 10Security-Team, 10MW-1.35-notes (1.35.0-wmf.32; 2020-05-12), and 2 others: Suppress or fix non-double escape phan-taint-check warnings for MW core - https://phabricator.wikimedia.org/T216348 (10Umherirrender) >>! In T216348#6653388, @Daimona wrote: >>>!... [01:03:46] 10phan-taint-check-plugin, 10MediaWiki-Core-Testing, 10Security-Team, 10MW-1.35-notes (1.35.0-wmf.32; 2020-05-12), and 2 others: Suppress or fix non-double escape phan-taint-check warnings for MW core - https://phabricator.wikimedia.org/T216348 (10Daimona) >>! In T216348#6653391, @Umherirrender wrote: > `$... [01:15:49] 10phan-taint-check-plugin: taint-check has trouble for taintness for arrays - https://phabricator.wikimedia.org/T268905 (10Umherirrender) [01:16:59] 10phan-taint-check-plugin: taint-check has trouble for taintedness of arrays or array-keys - https://phabricator.wikimedia.org/T268905 (10Umherirrender) [01:17:18] 10phan-taint-check-plugin, 10MediaWiki-Core-Testing, 10Security-Team, 10MW-1.35-notes (1.35.0-wmf.32; 2020-05-12), and 2 others: Suppress or fix non-double escape phan-taint-check warnings for MW core - https://phabricator.wikimedia.org/T216348 (10Umherirrender) >>! In T216348#6653394, @Daimona wrote: > >... [01:20:38] 10phan-taint-check-plugin: taint-check has trouble for taintedness of arrays or array-keys - https://phabricator.wikimedia.org/T268905 (10Umherirrender) `WebRequest::getRequestId()` is using `$_SERVER['UNIQUE_ID']` which means the return could contain user input? But the first report was about the key `'table'`... [01:21:04] 10phan-taint-check-plugin: taint-check has trouble for taintedness of unknown array keys and reports possible false positives - https://phabricator.wikimedia.org/T268905 (10Umherirrender) [01:23:00] 10phan-taint-check-plugin: taint-check has trouble for taintedness of unknown array keys and reports possible false positives - https://phabricator.wikimedia.org/T268905 (10Umherirrender) [01:23:04] 10phan-taint-check-plugin, 10MediaWiki-Core-Testing, 10Security-Team, 10MW-1.35-notes (1.35.0-wmf.32; 2020-05-12), and 2 others: Suppress or fix non-double escape phan-taint-check warnings for MW core - https://phabricator.wikimedia.org/T216348 (10Umherirrender) [02:53:22] 10Release-Engineering-Team, 10Gerrit-Privilege-Requests, 10TechCom: Create WikiTeq group on Gerrit - https://phabricator.wikimedia.org/T267213 (10Legoktm) >>! In T267213#6635559, @Kizule wrote: > Someone to do this? So it's been over a week and no one else has commented or given a thumbs up. I'm going to re... [03:01:57] (03PS1) 10Legoktm: docker: Update Rust to 1.48.0 [integration/config] - 10https://gerrit.wikimedia.org/r/643997 [03:01:59] (03PS1) 10Legoktm: jjb: Bump Rust images for 1.48.0 [integration/config] - 10https://gerrit.wikimedia.org/r/643998 [04:39:32] 10Beta-Cluster-Infrastructure, 10Developer Productivity, 10Patch-For-Review, 10Puppet: puppetdb on deployment-puppetdb03 keeps getting OOMKilled - https://phabricator.wikimedia.org/T248041 (10Krenair) ` alex@alex-laptop:~$ ssh deployment-puppetdb03 Linux deployment-puppetdb03 4.19.0-11-amd64 #1 SMP Debian... [04:57:31] (03PS3) 10Legoktm: Revert "Zuul: Clean-up `php-compile*` templates to run only lowest item in test" [integration/config] - 10https://gerrit.wikimedia.org/r/634626 (owner: 10Jforrester) [04:58:34] (03CR) 10Legoktm: [C: 03+2] Revert "Zuul: Clean-up `php-compile*` templates to run only lowest item in test" [integration/config] - 10https://gerrit.wikimedia.org/r/634626 (owner: 10Jforrester) [04:59:44] (03Merged) 10jenkins-bot: Revert "Zuul: Clean-up `php-compile*` templates to run only lowest item in test" [integration/config] - 10https://gerrit.wikimedia.org/r/634626 (owner: 10Jforrester) [05:00:51] !log reloading Zuul for https://gerrit.wikimedia.org/r/634626 [05:00:53] Logged the message at https://wikitech.wikimedia.org/wiki/Release_Engineering/SAL [08:17:11] 10Release-Engineering-Team, 10Gerrit-Privilege-Requests, 10TechCom: Create WikiTeq group on Gerrit - https://phabricator.wikimedia.org/T267213 (10Kizule) @Legoktm Oh, I'm sorry. We didn't know that everyone should comment, I didn't see it written anywhere. But okay, I asked the others to comment. [09:08:44] 10Release-Engineering-Team, 10Gerrit-Privilege-Requests, 10TechCom: Create WikiTeq group on Gerrit - https://phabricator.wikimedia.org/T267213 (10Legoktm) Sorry, I wasn't clear, I meant comments from developers *outside* of WikiTeq. [09:19:18] 10Release-Engineering-Team, 10Gerrit-Privilege-Requests, 10TechCom: Create WikiTeq group on Gerrit - https://phabricator.wikimedia.org/T267213 (10Kizule) My mistake @Legoktm, no problem then. [10:15:32] 10Release-Engineering-Team, 10Gerrit-Privilege-Requests, 10TechCom: Create WikiTeq group on Gerrit - https://phabricator.wikimedia.org/T267213 (10daniel) First off: I have worked with WikiTeq before, and they have been contracted by WMF in the past to do work on core and on extensions. I particularly know @v... [10:28:05] 10Release-Engineering-Team, 10Gerrit-Privilege-Requests, 10TechCom: Create WikiTeq group on Gerrit - https://phabricator.wikimedia.org/T267213 (10Kizule) As I know, extensions maintained by us aren't deployed in WMF's production. This request is for creating group on Gerrit which will be able to +2 patches... [10:28:49] 10Phabricator: Reactivate nuria's Phabricator account - https://phabricator.wikimedia.org/T268895 (10Aklapper) I'm sorry for the interruption! (I checked https://ldap.toolforge.org/user/nuria before, and that one listed an inactive email address...) [10:56:55] 10Phabricator: Reactivate nuria's Phabricator account - https://phabricator.wikimedia.org/T268895 (10MarcoAurelio) >>! In T268895#6653538, @Aklapper wrote: > I'm sorry for the interruption! (I checked https://ldap.toolforge.org/user/nuria before, and that one listed an inactive email address...) If her `@wikime... [14:18:54] 10phan-taint-check-plugin, 10Patch-For-Review: taint-check has trouble for taintedness of unknown array keys and reports possible false positives - https://phabricator.wikimedia.org/T268905 (10Daimona) a:03Daimona [17:47:53] 10phan-taint-check-plugin: taint-check 3.1.0 showing more issues from type SecurityCheck-OTHER - https://phabricator.wikimedia.org/T268920 (10Umherirrender) [17:48:11] 10phan-taint-check-plugin: taint-check 3.1.0 showing more issues from type SecurityCheck-OTHER - https://phabricator.wikimedia.org/T268920 (10Umherirrender) [17:48:15] 10phan-taint-check-plugin, 10MediaWiki-Core-Testing, 10Security-Team, 10MW-1.35-notes (1.35.0-wmf.32; 2020-05-12), and 2 others: Suppress or fix non-double escape phan-taint-check warnings for MW core - https://phabricator.wikimedia.org/T216348 (10Umherirrender) [18:21:01] (03CR) 10Jforrester: [C: 03+2] Enable CI for the mediawiki/extensions/EncryptedUploads repository [integration/config] - 10https://gerrit.wikimedia.org/r/643991 (owner: 10Zoranzoki21) [18:22:20] (03Merged) 10jenkins-bot: Enable CI for the mediawiki/extensions/EncryptedUploads repository [integration/config] - 10https://gerrit.wikimedia.org/r/643991 (owner: 10Zoranzoki21) [18:23:30] !log Zuul: Install CI for mediawiki/extensions/EncryptedUploads [18:23:33] Logged the message at https://wikitech.wikimedia.org/wiki/Release_Engineering/SAL [22:55:29] 10phan-taint-check-plugin, 10MediaWiki-Core-Testing, 10Security-Team, 10MW-1.35-notes (1.35.0-wmf.32; 2020-05-12), and 2 others: Suppress or fix non-double escape phan-taint-check warnings for MW core - https://phabricator.wikimedia.org/T216348 (10Umherirrender) False positive: ` 13:49:09 includes/export/... [23:05:04] 10phan-taint-check-plugin, 10Patch-For-Review: taint-check has trouble for taintedness of unknown array keys and reports possible false positives - https://phabricator.wikimedia.org/T268905 (10Daimona) The patch above solves part of the issue, but it will remain on MediaWiki core. I got tired after a few hours... [23:05:56] 10phan-taint-check-plugin, 10Patch-For-Review, 10Upstream: taint-check fails on array-plus and assumed int|float type - https://phabricator.wikimedia.org/T268891 (10Daimona) As per link above, this is an upstream issue. [23:08:08] 10phan-taint-check-plugin: taint-check 3.1.0 showing more issues from type SecurityCheck-OTHER - https://phabricator.wikimedia.org/T268920 (10Daimona) > I am getting some file path related issues with SecurityCheck-OTHER, there are from the new version. This is expected, see https://gerrit.wikimedia.org/r/c/med... [23:15:41] (03PS3) 10DannyS712: Allow Trusted-Contributors to rebase others' patches [All-Projects] (refs/meta/config) - 10https://gerrit.wikimedia.org/r/583133 (https://phabricator.wikimedia.org/T239543) [23:43:17] 10phan-taint-check-plugin: taint-check 3.1.0 showing more issues from type SecurityCheck-OTHER - https://phabricator.wikimedia.org/T268920 (10Daimona) > includes\filerepo\file\LocalFileRestoreBatch.php:181 SecurityCheck-OTHER Calling method \RepoGroup::getFileProps() in \LocalFileRestoreBatch::execute that outpu...