Continuous integration/Phan/phan-taint-check-plugin

For using phan in general with MediaWiki see Continuous integration/Phan

SecurityCheckPlugin is a phan plugin meant to use static analysis to find certain types of security vulnerabilities in MediaWiki extensions.

It is primarily intended for use with MediaWiki extensions, but also has a generic mode for general php projects. It can also be used with MediaWiki core.

This page is just a stub so far, for more information, see https://phabricator.wikimedia.org/diffusion/MTPS/.

Dependencies
This depends on php 7.0 (exactly. 7.1 doesn't work) and the php-ast extension. For information on how to install these dependencies, see Continuous_integration/Phan

How to use

 * Run (from the root directory of your project)

"scripts": { "seccheck": "seccheck-mwext", "seccheck-fast": "seccheck-fast-mwext" }, "scripts": { "seccheck": "seccheck-generic" }, "scripts": { "seccheck": "seccheck-mw" }, You can then run:
 * For mediawiki extension, add the following to composer.json
 * For a generic php project add
 * For mediawiki core add