Continuous integration/Phan/phan-taint-check-plugin

SecurityCheckPlugin is a Phan plugin meant to use static analysis to find certain types of security vulnerabilities in MediaWiki extensions.

It is primarily intended for use with MediaWiki extensions, but also has a generic mode for general PHP projects. It can also be used with MediaWiki core.

This page is just a stub so far, for more information, see the Diffusion repository on Phabricator.

Running on Wikimedia Jenkins
You can test any extension in Wikimedia version control by writing a comment  on a gerrit patch.

Dependencies
This depends on PHP 7.0 (exactly - 7.1 doesn't work) and the  extension. For information on how to install these dependencies, see Continuous_integration/Phan.

How to use

 * Run (from the root directory of your project):


 * For mediawiki extension, add the following to :
 * For a generic PHP project add:
 * For MediaWiki core add:

You can then run: