build: Update mediawiki/mediawiki-phan-config to 0.11.0

Addition and remove of suppression needs to be done with the version update. Change-Id: I3288b3cefa744b507eadebb67b8ab08c86517c1c
2021-08-28 10:40:44 +02:00 · 2021-08-28 10:40:44 +02:00 · 07b499fbcf
commit 07b499fbcf
parent 695db68020
68 changed files with 60 additions and 53 deletions
--- a/.phan/config.php
+++ b/.phan/config.php
@ -97,6 +97,7 @@ $cfg['null_casts_as_any_type'] = true;
 $cfg['scalar_implicit_cast'] = true;
 $cfg['suppress_issue_types'][] = 'PhanTypePossiblyInvalidDimOffset';
 $cfg['suppress_issue_types'][] = 'PhanPossiblyUndeclaredVariable';
+$cfg['suppress_issue_types'][] = 'PhanCompatibleAccessMethodOnTraitDefinition'; // T289813

 // Do not use aliases in core.
 // Use the correct name, because we don't need backward compatibility
@ -129,8 +130,8 @@ $cfg['globals_type_map'] = array_merge( $cfg['globals_type_map'], [
 	'wgExtraNamespaces' => 'string[]',
 ] );

-// TODO Provide as base config with a new version of mediawiki-phan-config
-$cfg['plugins'][] = 'UseReturnValuePlugin';
+// TODO Use @return never annotations - T240141
+$cfg['plugins'] = array_diff( $cfg['plugins'], [ 'AddNeverReturnTypePlugin' ] );

 // Include a local config file if it exists
 if ( file_exists( __DIR__ . '/local-config.php' ) ) {
--- a/composer.json
+++ b/composer.json
@ -84,7 +84,7 @@
 		"johnkary/phpunit-speedtrap": "^3.1",
 		"justinrainbow/json-schema": "~5.2",
 		"mediawiki/mediawiki-codesniffer": "37.0.0",
-		"mediawiki/mediawiki-phan-config": "0.10.6",
+		"mediawiki/mediawiki-phan-config": "0.11.0",
 		"nikic/php-parser": "4.10.2",
 		"nmred/kafka-php": "0.1.5",
 		"php-parallel-lint/php-console-highlighter": "0.5",
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@ -50,6 +50,8 @@ if ( !defined( 'MEDIAWIKI' ) ) {

 /** @endcond */

+/** @phan-file-suppress PhanPluginRedundantAssignmentInGlobalScope */
+
 /**
 * $wgConf hold the site configuration.
 * Not used for much in a default install.
--- a/includes/DerivativeRequest.php
+++ b/includes/DerivativeRequest.php
@ -91,6 +91,7 @@ class DerivativeRequest extends FauxRequest {
 	}

 	public function getUpload( $key ) {
+		// @phan-suppress-next-line PhanTypeMismatchReturnSuperType
 		return $this->base->getUpload( $key );
 	}

--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@ -2248,9 +2248,11 @@ function wfGetDB( $db, $groups = [], $wiki = false ) {
 function wfGetLB( $wiki = false ) {
 	wfDeprecated( __FUNCTION__, '1.27' );
 	if ( $wiki === false ) {
+		// @phan-suppress-next-line PhanTypeMismatchReturnSuperType
 		return MediaWikiServices::getInstance()->getDBLoadBalancer();
 	} else {
 		$factory = MediaWikiServices::getInstance()->getDBLoadBalancerFactory();
+		// @phan-suppress-next-line PhanTypeMismatchReturnSuperType
 		return $factory->getMainLB( $wiki );
 	}
 }
--- a/includes/Revision/MutableRevisionRecord.php
+++ b/includes/Revision/MutableRevisionRecord.php
@ -383,6 +383,7 @@ class MutableRevisionRecord extends RevisionRecord {
 	public function getSlots(): RevisionSlots {
 		// Overwritten just guarantee the more narrow return type.
 		// TODO Update return typehint once full return type covariance is allowed (PHP 7.4+, T278139)
+		// @phan-suppress-next-line PhanTypeMismatchReturnSuperType
 		return parent::getSlots();
 	}

--- a/includes/Setup.php
+++ b/includes/Setup.php
@ -609,7 +609,6 @@ MWExceptionHandler::installHandler();

 // Non-trivial validation of: $wgServer
 // The FatalError page only renders cleanly after MWExceptionHandler is installed.
-// @phan-suppress-next-line PhanSuspiciousValueComparisonInGlobalScope
 if ( $wgServer === false ) {
 	// T30798: $wgServer must be explicitly set
 	throw new FatalError(
--- a/includes/Title.php
+++ b/includes/Title.php
@ -807,6 +807,7 @@ class Title implements LinkTarget, PageIdentity, IDBAccessObject {
 				$r0 = $d0;
 			}
 			// Do the output
+			// @phan-suppress-next-line PhanPluginRedundantAssignmentInLoop Confusing, $r1 is set later
 			if ( $x0 !== '' && $x1 === '-' && $x2 !== '' ) {
 				// Range
 				if ( $ord2 > $ord0 ) {
--- a/includes/actions/MarkpatrolledAction.php
+++ b/includes/actions/MarkpatrolledAction.php
@ -87,6 +87,7 @@ class MarkpatrolledAction extends FormAction {
 			'diff' => $revId,
 			'oldid' => $rc->getAttribute( 'rc_last_oldid' )
 		];
+		// @phan-suppress-next-line SecurityCheck-DoubleEscaped Triggered by RecentChange::getAttribute
 		$revlink = $this->linkRenderer->makeLink( $title, $revId, [], $query );
 		$pagelink = $this->linkRenderer->makeLink( $title, $title->getPrefixedText() );

--- a/includes/api/ApiComparePages.php
+++ b/includes/api/ApiComparePages.php
@ -639,7 +639,6 @@ class ApiComparePages extends ApiBase {
 					if ( isset( $this->props['comment'] ) ) {
 						$vals["{$prefix}comment"] = $comment->text;
 					}
-					// @phan-suppress-next-line SecurityCheck-DoubleEscaped false positive
 					$vals["{$prefix}parsedcomment"] = Linker::formatComment(
 						$comment->text, $title
 					);
--- a/includes/api/ApiContinuationManager.php
+++ b/includes/api/ApiContinuationManager.php
@ -231,6 +231,7 @@ class ApiContinuationManager {
 				$generatorParams += $kvp;
 			}
 			$generatorParams += $this->generatorParams;
+			// @phan-suppress-next-line PhanTypeInvalidLeftOperand False positive in phan
 			$data += $generatorParams;
 			$generatorKeys = implode( '|', array_keys( $generatorParams ) );
 		} elseif ( $this->generatorContinuationData ) {
--- a/includes/api/ApiHelp.php
+++ b/includes/api/ApiHelp.php
@ -179,6 +179,7 @@ class ApiHelp extends ApiBase {
 		$haveModules = [];
 		$html = self::getHelpInternal( $context, $modules, $options, $haveModules );
 		if ( !empty( $options['toc'] ) && $haveModules ) {
+			// @phan-suppress-next-line SecurityCheck-DoubleEscaped Triggered by Linker?
 			$out->addHTML( Linker::generateTOC( $haveModules, $context->getLanguage() ) );
 		}
 		$out->addHTML( $html );
--- a/includes/api/ApiImportReporter.php
+++ b/includes/api/ApiImportReporter.php
@ -37,7 +37,6 @@ class ApiImportReporter extends ImportReporter {
 	 * @param int $successCount
 	 * @param array $pageInfo
 	 * @return void
-	 * @suppress PhanParamSignatureMismatch
 	 */
 	public function reportPage( ?PageIdentity $pageIdentity, $foreignTitle, $revisionCount, $successCount, $pageInfo ) {
 		// Add a result entry
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@ -814,6 +814,7 @@ class ApiMain extends ApiBase {
 			);
 		}

+		// @phan-suppress-next-line PhanTypeMismatchReturnSuperType
 		return $printer;
 	}

--- a/includes/api/ApiParse.php
+++ b/includes/api/ApiParse.php
@ -786,7 +786,6 @@ class ApiParse extends ApiBase {
 		}
 		if ( $section === null ) {
 			$this->dieWithError( [ 'apierror-sectionsnotsupported-what', $what ], 'nosuchsection' );
-			$section = false;
 		}

 		return $section;
--- a/includes/api/ApiQuery.php
+++ b/includes/api/ApiQuery.php
@ -220,7 +220,6 @@ class ApiQuery extends ApiBase {
 				'GenderCache',
 			]
 		],
-		'mystashedfiles' => ApiQueryMyStashedFiles::class,
 		'allrevisions' => [
 			'class' => ApiQueryAllRevisions::class,
 			'services' => [
--- a/includes/changes/ChangesList.php
+++ b/includes/changes/ChangesList.php
@ -733,7 +733,6 @@ class ChangesList extends ContextSource {
 	 * @return bool
 	 */
 	public static function isDeleted( $rc, $field ) {
-		// @phan-suppress-next-line PhanTypeInvalidLeftOperandOfBitwiseOp false positive
 		return ( $rc->mAttribs['rc_deleted'] & $field ) == $field;
 	}

--- a/includes/changes/RCCacheEntryFactory.php
+++ b/includes/changes/RCCacheEntryFactory.php
@ -285,6 +285,7 @@ class RCCacheEntryFactory {
 			$userLink = ' <span class="history-deleted">' .
 				$this->context->msg( 'rev-deleted-user' )->escaped() . '</span>';
 		} else {
+			// @phan-suppress-next-line SecurityCheck-DoubleEscaped Triggered by Linker?
 			$userLink = Linker::userLink(
 				$cacheEntry->mAttribs['rc_user'],
 				$cacheEntry->mAttribs['rc_user_text'],
--- a/includes/changes/RecentChange.php
+++ b/includes/changes/RecentChange.php
@ -603,6 +603,8 @@ class RecentChange implements Taggable {
 		if ( defined( 'MW_PHPUNIT_TEST' ) && is_object( $wgRCEngines[$scheme] ) ) {
 			return $wgRCEngines[$scheme];
 		}
+		// TODO For non test a object could be here?
+		// @phan-suppress-next-line PhanTypeExpectedObjectOrClassName
 		return new $wgRCEngines[$scheme]( $params );
 	}

--- a/includes/content/CssContent.php
+++ b/includes/content/CssContent.php
@ -66,6 +66,7 @@ class CssContent extends TextContent {
 			return $this;
 		}

+		// @phan-suppress-next-line PhanTypeMismatchReturnSuperType
 		return $this->getContentHandler()->makeRedirectContent( $target );
 	}

--- a/includes/content/JavaScriptContent.php
+++ b/includes/content/JavaScriptContent.php
@ -69,6 +69,7 @@ class JavaScriptContent extends TextContent {
 			return $this;
 		}

+		// @phan-suppress-next-line PhanTypeMismatchReturnSuperType
 		return $this->getContentHandler()->makeRedirectContent( $target );
 	}

--- a/includes/diff/DiffEngine.php
+++ b/includes/diff/DiffEngine.php
@ -235,6 +235,7 @@ class DiffEngine {
 				while ( $start > 0 && $lines[$start - 1] == $lines[$i - 1] ) {
 					$changed[--$start] = 1;
 					$changed[--$i] = false;
+					// @phan-suppress-next-line PhanPluginLoopVariableReuse
 					while ( $start > 0 && $changed[$start - 1] ) {
 						$start--;
 					}
--- a/includes/export/XmlDumpWriter.php
+++ b/includes/export/XmlDumpWriter.php
@ -297,6 +297,7 @@ class XmlDumpWriter {
 	 * @return SqlBlobStore
 	 */
 	private function getBlobStore() {
+		// @phan-suppress-next-line PhanTypeMismatchReturnSuperType
 		return MediaWikiServices::getInstance()->getBlobStore();
 	}

@ -374,6 +375,7 @@ class XmlDumpWriter {
 		} else {
 			if ( $rev->getComment()->text != '' ) {
 				$out .= "      "
+					// @phan-suppress-next-line SecurityCheck-DoubleEscaped getComment is polluted by truncate
 					. Xml::elementClean( 'comment', [], strval( $rev->getComment()->text ) )
 					. "\n";
 			}
@ -597,6 +599,7 @@ class XmlDumpWriter {
 		} else {
 			$comment = CommentStore::getStore()->getComment( 'log_comment', $row )->text;
 			if ( $comment != '' ) {
+				// @phan-suppress-next-line SecurityCheck-DoubleEscaped CommentStore is polluted by truncate
 				$out .= "    " . Xml::elementClean( 'comment', null, strval( $comment ) ) . "\n";
 			}
 		}
--- a/includes/filerepo/FileRepo.php
+++ b/includes/filerepo/FileRepo.php
@ -320,6 +320,7 @@ class FileRepo {
 			// standard public zones
 			if ( $ext !== null && isset( $this->zones[$zone]['urlsByExt'][$ext] ) ) {
 				// custom URL for extension/zone
+				// @phan-suppress-next-line PhanTypeArraySuspiciousNullable
 				return $this->zones[$zone]['urlsByExt'][$ext];
 			} elseif ( isset( $this->zones[$zone]['url'] ) ) {
 				// custom URL for zone
--- a/includes/filerepo/RepoGroup.php
+++ b/includes/filerepo/RepoGroup.php
@ -378,6 +378,7 @@ class RepoGroup {
 	 * @return LocalRepo
 	 */
 	public function getLocalRepo() {
+		// @phan-suppress-next-line PhanTypeMismatchReturnSuperType
 		return $this->getRepo( 'local' );
 	}

@ -436,6 +437,7 @@ class RepoGroup {
 	 * @return LocalRepo
 	 */
 	public function newCustomLocalRepo( $info = [] ) {
+		// @phan-suppress-next-line PhanTypeMismatchReturnSuperType
 		return $this->newRepo( $info + $this->localInfo );
 	}

--- a/includes/gallery/TraditionalImageGallery.php
+++ b/includes/gallery/TraditionalImageGallery.php
@ -251,6 +251,7 @@ class TraditionalImageGallery extends ImageGalleryBase {
 		// Preloaded into LinkCache in toHTML
 		return $linkRenderer->makeKnownLink(
 			$nt,
+			// @phan-suppress-next-line SecurityCheck-DoubleEscaped Triggered by Language::truncateForVisual
 			is_int( $this->getCaptionLength() ) ?
 				$lang->truncateForVisual( $nt->getText(), $this->getCaptionLength() ) :
 				$nt->getText(),
--- a/includes/htmlform/fields/HTMLFormFieldCloner.php
+++ b/includes/htmlform/fields/HTMLFormFieldCloner.php
@ -59,7 +59,6 @@ class HTMLFormFieldCloner extends HTMLFormField {
 		}

 		// Make sure the delete button, if explicitly specified, is sane
-		// @phan-suppress-next-line PhanTypeMismatchDimFetch Phan is very confused
 		if ( isset( $this->mParams['fields']['delete'] ) ) {
 			$class = 'mw-htmlform-cloner-delete-button';
 			$info = $this->mParams['fields']['delete'] + [
--- a/includes/installer/Installer.php
+++ b/includes/installer/Installer.php
@ -1320,7 +1320,7 @@ abstract class Installer {
 			return Status::newGood( [] );
 		}

-		// @phan-suppress-next-line SecurityCheck-PathTraversal False positive T268920
+		// @phan-suppress-next-line SecurityCheck-PathTraversal False positive
 		$dh = opendir( $extDir );
 		$exts = [];
 		$status = new Status;
@ -1396,6 +1396,7 @@ abstract class Installer {
 			$info += $jsonStatus->value;
 		}

+		// @phan-suppress-next-line SecurityCheckMulti
 		return Status::newGood( $info );
 	}

@ -1573,6 +1574,7 @@ abstract class Installer {
 		 * but we're not opening that can of worms
 		 * @see https://phabricator.wikimedia.org/T28857
 		 */
+		// @phan-suppress-next-line SecurityCheck-PathTraversal
 		require "$IP/includes/DefaultSettings.php";

 		// phpcs:ignore MediaWiki.VariableAnalysis.UnusedGlobalVariables
--- a/includes/installer/PostgresInstaller.php
+++ b/includes/installer/PostgresInstaller.php
@ -195,6 +195,7 @@ class PostgresInstaller extends DatabaseInstaller {
 			$conn = $status->value;
 			$conn->clearFlag( DBO_TRX );
 			$conn->commit( __METHOD__ );
+			// @phan-suppress-next-line SecurityCheck-DoubleEscaped
 			$this->pgConns[$type] = $conn;
 		}

--- a/includes/installer/SqliteInstaller.php
+++ b/includes/installer/SqliteInstaller.php
@ -228,6 +228,7 @@ class SqliteInstaller extends DatabaseInstaller {
 		# deleted the data dir between then and now
 		$dir_status = self::checkDataDir( $dir );
 		if ( $dir_status->isGood() ) {
+			// @phan-suppress-next-line SecurityCheck-PathTraversal
 			$res = self::createDataDir( $dir );
 			if ( !$res->isGood() ) {
 				return $res;
--- a/includes/installer/WebInstaller.php
+++ b/includes/installer/WebInstaller.php
@ -1199,8 +1199,6 @@ class WebInstaller extends Installer {

 	/**
 	 * Actually output LocalSettings.php for download
-	 *
-	 * @suppress SecurityCheck-XSS
 	 */
 	private function outputLS() {
 		$this->request->response()->header( 'Content-type: application/x-httpd-php' );
--- a/includes/installer/WebInstallerName.php
+++ b/includes/installer/WebInstallerName.php
@ -59,7 +59,6 @@ class WebInstallerName extends WebInstallerPage {
 		$pingbackInfo = Pingback::getSystemInfo( $pingbackConf );

 		$this->addHTML(
-			// @phan-suppress-next-line SecurityCheck-DoubleEscaped taint cannot track the helpbox from the rest
 			$this->parent->getTextBox( [
 				'var' => 'wgSitename',
 				'label' => 'config-site-name',
@ -68,7 +67,6 @@ class WebInstallerName extends WebInstallerPage {
 			// getRadioSet() builds a set of labeled radio buttons.
 			// For grep: The following messages are used as the item labels:
 			// config-ns-site-name, config-ns-generic, config-ns-other
-			// @phan-suppress-next-line SecurityCheck-DoubleEscaped taint cannot track the helpbox from the rest
 			$this->parent->getRadioSet( [
 				'var' => '_NamespaceType',
 				'label' => 'config-project-namespace',
@ -84,7 +82,6 @@ class WebInstallerName extends WebInstallerPage {
 				'attribs' => [ 'class' => 'enabledByOther' ]
 			] ) .
 			$this->getFieldsetStart( 'config-admin-box' ) .
-			// @phan-suppress-next-line SecurityCheck-DoubleEscaped taint cannot track the helpbox from the rest
 			$this->parent->getTextBox( [
 				'var' => '_AdminName',
 				'label' => 'config-admin-name',
@ -98,7 +95,6 @@ class WebInstallerName extends WebInstallerPage {
 				'var' => '_AdminPasswordConfirm',
 				'label' => 'config-admin-password-confirm'
 			] ) .
-			// @phan-suppress-next-line SecurityCheck-DoubleEscaped taint cannot track the helpbox from the rest
 			$this->parent->getTextBox( [
 				'var' => '_AdminEmail',
 				'attribs' => [
@ -107,13 +103,11 @@ class WebInstallerName extends WebInstallerPage {
 				'label' => 'config-admin-email',
 				'help' => $this->parent->getHelpBox( 'config-admin-email-help' )
 			] ) .
-			// @phan-suppress-next-line SecurityCheck-DoubleEscaped taint cannot track the helpbox from the rest
 			$this->parent->getCheckBox( [
 				'var' => '_Subscribe',
 				'label' => 'config-subscribe',
 				'help' => $this->parent->getHelpBox( 'config-subscribe-help' )
 			] ) .
-			// @phan-suppress-next-line SecurityCheck-DoubleEscaped taint cannot track the helpbox from the rest
 			$this->parent->getCheckBox( [
 				'var' => 'wgPingback',
 				'label' => 'config-pingback',
--- a/includes/installer/WebInstallerOptions.php
+++ b/includes/installer/WebInstallerOptions.php
@ -129,7 +129,6 @@ class WebInstallerOptions extends WebInstallerPage {
 				}
 				$skinHtml .=
 					'<div class="config-skins-item">' .
-					// @phan-suppress-next-line SecurityCheck-DoubleEscaped screenshotText is safe
 					$this->parent->getCheckBox( [
 						'var' => "skin-$skin",
 						'rawtext' => $screenshotText,
@ -206,6 +205,7 @@ class WebInstallerOptions extends WebInstallerPage {
 							}
 						}
 						if ( isset( $dependencyMap[$ext]['skins'] ) ) {
+							// @phan-suppress-next-line PhanTypeMismatchForeach Phan internal bug
 							foreach ( $dependencyMap[$ext]['skins'] as $name ) {
 								$links[] = Html::element(
 									'a',
@ -222,7 +222,6 @@ class WebInstallerOptions extends WebInstallerPage {
 					} else {
 						$text = $ext;
 					}
-					// @phan-suppress-next-line SecurityCheck-DoubleEscaped False positive
 					$extHtml .= $this->parent->getCheckBox( [
 						'var' => "ext-$ext",
 						'rawtext' => $text,
@ -253,7 +252,6 @@ class WebInstallerOptions extends WebInstallerPage {
 		$this->addHTML(
 			# Uploading
 			$this->getFieldsetStart( 'config-upload-settings' ) .
-			// @phan-suppress-next-line SecurityCheck-DoubleEscaped taint cannot track the helpbox from the rest
 			$this->parent->getCheckBox( [
 				'var' => 'wgEnableUploads',
 				'label' => 'config-upload-enable',
@ -261,7 +259,6 @@ class WebInstallerOptions extends WebInstallerPage {
 				'help' => $this->parent->getHelpBox( 'config-upload-help' )
 			] ) .
 			'<div id="uploadwrapper" style="' . $uploadwrapperStyle . '">' .
-			// @phan-suppress-next-line SecurityCheck-DoubleEscaped taint cannot track the helpbox from the rest
 			$this->parent->getTextBox( [
 				'var' => 'wgDeletedDirectory',
 				'label' => 'config-upload-deleted',
@ -269,7 +266,6 @@ class WebInstallerOptions extends WebInstallerPage {
 				'help' => $this->parent->getHelpBox( 'config-upload-deleted-help' )
 			] ) .
 			'</div>' .
-			// @phan-suppress-next-line SecurityCheck-DoubleEscaped taint cannot track the helpbox from the rest
 			$this->parent->getTextBox( [
 				'var' => '_Logo',
 				'label' => 'config-logo',
@ -278,7 +274,6 @@ class WebInstallerOptions extends WebInstallerPage {
 			] )
 		);
 		$this->addHTML(
-			// @phan-suppress-next-line SecurityCheck-DoubleEscaped taint cannot track the helpbox from the rest
 			$this->parent->getCheckBox( [
 				'var' => 'wgUseInstantCommons',
 				'label' => 'config-instantcommons',
@ -322,7 +317,6 @@ class WebInstallerOptions extends WebInstallerPage {
 			] ) .
 			$this->parent->getHelpBox( 'config-cache-help' ) .
 			"<div id=\"config-memcachewrapper\" style=\"$hidden\">" .
-			// @phan-suppress-next-line SecurityCheck-DoubleEscaped taint cannot track the helpbox from the rest
 			$this->parent->getTextArea( [
 				'var' => '_MemCachedServers',
 				'label' => 'config-memcached-servers',
--- a/includes/language/Language.php
+++ b/includes/language/Language.php
@ -2126,7 +2126,6 @@ class Language {
 			}
 		}

-		// @phan-suppress-next-line PhanSuspiciousValueComparison
 		if ( $data[0] == 'System' || $tz == '' ) {
 			# Global offset in minutes.
 			$minDiff = $wgLocalTZoffset;
--- a/includes/libs/filebackend/fileiteration/FileBackendStoreShardDirIterator.php
+++ b/includes/libs/filebackend/fileiteration/FileBackendStoreShardDirIterator.php
@ -29,6 +29,7 @@ class FileBackendStoreShardDirIterator extends FileBackendStoreShardListIterator
 		if ( $list === null ) {
 			return new ArrayIterator( [] );
 		} else {
+			// @phan-suppress-next-line PhanTypeMismatchReturnSuperType
 			return is_array( $list ) ? new ArrayIterator( $list ) : $list;
 		}
 	}
--- a/includes/libs/filebackend/fileiteration/FileBackendStoreShardFileIterator.php
+++ b/includes/libs/filebackend/fileiteration/FileBackendStoreShardFileIterator.php
@ -29,6 +29,7 @@ class FileBackendStoreShardFileIterator extends FileBackendStoreShardListIterato
 		if ( $list === null ) {
 			return new ArrayIterator( [] );
 		} else {
+			// @phan-suppress-next-line PhanTypeMismatchReturnSuperType
 			return is_array( $list ) ? new ArrayIterator( $list ) : $list;
 		}
 	}
--- a/includes/libs/objectcache/wancache/WANObjectCache.php
+++ b/includes/libs/objectcache/wancache/WANObjectCache.php
@ -1738,7 +1738,7 @@ class WANObjectCache implements
 				$this->setInterimValue( $key, $value, $lockTSE, $version, $walltime );
 			} else {
 				$finalSetOpts = [
-					// @phan-suppress-next-line PhanUselessBinaryAddRight
+					// @phan-suppress-next-line PhanUselessBinaryAddRight,PhanCoalescingAlwaysNull
 					'since' => $setOpts['since'] ?? $preCallbackTime,
 					'version' => $version,
 					'staleTTL' => $staleTTL,
--- a/includes/libs/rdbms/database/DatabaseSqlite.php
+++ b/includes/libs/rdbms/database/DatabaseSqlite.php
@ -955,7 +955,6 @@ class DatabaseSqlite extends Database {

 			$sqlIndex .= '(' . implode( ',', $fields ) . ')';

-			// @phan-suppress-next-line SecurityCheck-SQLInjection implode does not ignore taint from keys T270942
 			$this->query( $sqlIndex, __METHOD__ );
 		}

--- a/includes/libs/rdbms/lbfactory/LBFactory.php
+++ b/includes/libs/rdbms/lbfactory/LBFactory.php
@ -448,7 +448,6 @@ abstract class LBFactory implements ILBFactory {
 			'ifWritesSince' => null
 		];

-		// @phan-suppress-next-line PhanSuspiciousValueComparison
 		if ( $opts['domain'] === false && isset( $opts['wiki'] ) ) {
 			$opts['domain'] = $opts['wiki']; // b/c
 		}
@ -456,7 +455,6 @@ abstract class LBFactory implements ILBFactory {
 		// Figure out which clusters need to be checked
 		/** @var ILoadBalancer[] $lbs */
 		$lbs = [];
-		// @phan-suppress-next-line PhanSuspiciousValueComparison
 		if ( $opts['cluster'] !== false ) {
 			$lbs[] = $this->getExternalLB( $opts['cluster'] );
 		} elseif ( $opts['domain'] !== false ) {
--- a/includes/logging/BlockLogFormatter.php
+++ b/includes/logging/BlockLogFormatter.php
@ -58,6 +58,7 @@ class BlockLogFormatter extends LogFormatter {
 			// in English to help visitors from other wikis.
 			// The lrm is needed to make sure that the number
 			// is shown on the correct side of the tooltip text.
+			// @phan-suppress-next-line SecurityCheck-DoubleEscaped
 			$durationTooltip = '&lrm;' . htmlspecialchars( $params[4] );
 			$blockExpiry = $this->context->getLanguage()->translateBlockExpiry(
 				$params[4],
@ -65,7 +66,6 @@ class BlockLogFormatter extends LogFormatter {
 				wfTimestamp( TS_UNIX, $this->entry->getTimestamp() )
 			);
 			if ( $this->plaintext ) {
-				// @phan-suppress-next-line SecurityCheck-XSS Plain text
 				$params[4] = Message::rawParam( $blockExpiry );
 			} else {
 				$params[4] = Message::rawParam(
--- a/includes/logging/LogEventsList.php
+++ b/includes/logging/LogEventsList.php
@ -666,6 +666,7 @@ class LogEventsList extends ContextSource {
 		if ( $param['useMaster'] ) {
 			$pager->mDb = wfGetDB( DB_PRIMARY );
 		}
+		// @phan-suppress-next-line PhanImpossibleCondition
 		if ( isset( $param['offset'] ) ) { # Tell pager to ignore WebRequest offset
 			$pager->setOffset( $param['offset'] );
 		}
--- a/includes/logging/LogPage.php
+++ b/includes/logging/LogPage.php
@ -255,7 +255,6 @@ class LogPage {
 				$titleLink = self::getTitleLink( $title, $langObjOrNull );

 				if ( count( $params ) == 0 ) {
-					// @phan-suppress-next-line SecurityCheck-XSS mixed between plaintext and html
 					$rv = wfMessage( $wgLogActions[$key] )->rawParams( $titleLink )
 						->inLanguage( $langObj )->escaped();
 				} else {
@ -270,6 +269,7 @@ class LogPage {

 			if ( isset( $wgLogActionsHandlers[$key] ) ) {
 				$args = func_get_args();
+				// @phan-suppress-next-line PhanTypeMismatchArgumentInternal
 				$rv = call_user_func_array( $wgLogActionsHandlers[$key], $args );
 			} else {
 				wfDebug( "LogPage::actionText - unknown action $key" );
--- a/includes/logging/PatrolLogFormatter.php
+++ b/includes/logging/PatrolLogFormatter.php
@ -59,7 +59,6 @@ class PatrolLogFormatter extends LogFormatter {
 			$revlink = htmlspecialchars( $revision );
 		}

-		// @phan-suppress-next-line SecurityCheck-XSS one if branch is for plain text
 		$params[3] = Message::rawParam( $revlink );

 		return $params;
--- a/includes/logging/RightsLogFormatter.php
+++ b/includes/logging/RightsLogFormatter.php
@ -40,6 +40,7 @@ class RightsLogFormatter extends LogFormatter {
 			$parts = explode( $wgUserrightsInterwikiDelimiter, $text, 2 );

 			if ( count( $parts ) === 2 ) {
+				// @phan-suppress-next-line SecurityCheck-DoubleEscaped
 				$titleLink = WikiMap::foreignUserLink(
 					$parts[1],
 					$parts[0],
--- a/includes/logging/TagLogFormatter.php
+++ b/includes/logging/TagLogFormatter.php
@ -61,10 +61,8 @@ class TagLogFormatter extends LogFormatter {
 		}

 		if ( $isRevLink ) {
-			// @phan-suppress-next-line SecurityCheck-XSS one if branch is for plain text
 			$params[3] = Message::rawParam( $link );
 		} else {
-			// @phan-suppress-next-line SecurityCheck-XSS one if branch is for plain text
 			$params[4] = Message::rawParam( $link );
 		}

--- a/includes/media/TransformationalImageHandler.php
+++ b/includes/media/TransformationalImageHandler.php
@ -274,6 +274,7 @@ abstract class TransformationalImageHandler extends ImageHandler {
 				wfMessage( 'unknown-error' )
 			);
 		} elseif ( $mto ) {
+			// @phan-suppress-next-line PhanTypeMismatchReturnSuperType
 			return $mto;
 		} else {
 			$newParams = [
--- a/includes/page/PageStore.php
+++ b/includes/page/PageStore.php
@ -233,6 +233,7 @@ class PageStore implements PageLookup {
 			->conds( $conds )
 			->caller( __METHOD__ );

+		// @phan-suppress-next-line PhanTypeMismatchReturnSuperType
 		return $queryBuilder->fetchPageRecord();
 	}

--- a/includes/parser/CoreTagHooks.php
+++ b/includes/parser/CoreTagHooks.php
@ -68,6 +68,7 @@ class CoreTagHooks {
 			[ '&gt;', '&lt;' ],
 			$content
 		);
+		// @phan-suppress-next-line SecurityCheck-XSS
 		return Html::rawElement( 'pre', $attribs, $content );
 	}

@ -158,6 +159,7 @@ class CoreTagHooks {
 	 * @internal
 	 */
 	public static function gallery( ?string $content, array $attributes, Parser $parser ): string {
+		// @phan-suppress-next-line SecurityCheck-XSS
 		return $parser->renderImageGallery( $content ?? '', $attributes );
 	}

@ -219,6 +221,7 @@ class CoreTagHooks {
 					$toVariant = $converter->validateVariant( $toArg );

 					if ( $toVariant ) {
+						// @phan-suppress-next-line SecurityCheck-XSS
 						return $converter->autoConvert(
 							$parser->recursiveTagParse( $content ?? '', $frame ),
 							$toVariant
--- a/includes/parser/LinkHolderArray.php
+++ b/includes/parser/LinkHolderArray.php
@ -170,7 +170,6 @@ class LinkHolderArray {

 	/**
 	 * Replace internal links
-	 * @suppress SecurityCheck-XSS Gets confused with $entry['pdbk']
 	 * @param string &$text
 	 */
 	protected function replaceInternal( &$text ) {
@ -312,7 +311,6 @@ class LinkHolderArray {
 	/**
 	 * Replace interwiki links
 	 * @param string &$text
-	 * @suppress SecurityCheck-XSS Gets confused with $this->interwikis['pdbk']
 	 */
 	protected function replaceInterwiki( &$text ) {
 		if ( empty( $this->interwikis ) ) {
--- a/includes/parser/PPFrame_Hash.php
+++ b/includes/parser/PPFrame_Hash.php
@ -347,7 +347,6 @@ class PPFrame_Hash implements PPFrame {
 					}
 					$out .= $s;
 				} else {
-					// @phan-suppress-next-line SecurityCheck-DoubleEscaped False positive
 					$out .= $this->parser->extensionSubstitution( $bits, $this );
 				}
 			} elseif ( $contextName === 'h' ) {
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@ -2212,7 +2212,7 @@ class Parser {
 			# This means that users can paste URLs directly into the text
 			# Funny characters like ö aren't valid in URLs anyway
 			# This was changed in August 2004
-			// @phan-suppress-next-line SecurityCheck-XSS using false for escape is valid here
+			// @phan-suppress-next-line SecurityCheck-XSS,SecurityCheck-DoubleEscaped using false for escape is valid
 			$s .= Linker::makeExternalLink( $url, $text, false, $linktype,
 				$this->getExternalLinkAttribs( $url ), $this->getTitle() ) . $dtrail . $trail;

@ -4442,6 +4442,7 @@ class Parser {
 				// be able to convert that piece of data.
 				// Gets replaced with html in ParserOutput::getText
 				$editlink = '<mw:editsection page="' . htmlspecialchars( $editsectionPage );
+				// @phan-suppress-next-line SecurityCheck-DoubleEscaped
 				$editlink .= '" section="' . htmlspecialchars( $editsectionSection ) . '"';
 				if ( $editsectionContent !== null ) {
 					$editlink .= '>' . $editsectionContent . '</mw:editsection>';
@ -5392,11 +5393,9 @@ class Parser {
 		}

 		# Process alignment parameters
-		// @phan-suppress-next-line PhanImpossibleCondition
 		if ( $params['horizAlign'] ) {
 			$params['frame']['align'] = key( $params['horizAlign'] );
 		}
-		// @phan-suppress-next-line PhanImpossibleCondition
 		if ( $params['vertAlign'] ) {
 			$params['frame']['valign'] = key( $params['vertAlign'] );
 		}
--- a/includes/parser/Preprocessor_Hash.php
+++ b/includes/parser/Preprocessor_Hash.php
@ -674,6 +674,7 @@ class Preprocessor_Hash extends Preprocessor {
 					$i += $count;
 					continue;
 				}
+				// @phan-suppress-next-line PhanTypeArraySuspiciousNullable
 				$name = $rule['names'][$matchingCount];
 				if ( $name === null ) {
 					// No element, just literal text
--- a/includes/registration/ExtensionRegistry.php
+++ b/includes/registration/ExtensionRegistry.php
@ -424,7 +424,6 @@ class ExtensionRegistry {
 	) {
 		if ( isset( $info['AutoloadClasses'] ) ) {
 			$autoload = self::processAutoLoader( $dir, $info['AutoloadClasses'] );
-			// @phan-suppress-next-line PhanUndeclaredVariableAssignOp
 			$GLOBALS['wgAutoloadClasses'] += $autoload;
 			$autoloadClasses += $autoload;
 		}
--- a/includes/resourceloader/ResourceLoader.php
+++ b/includes/resourceloader/ResourceLoader.php
@ -882,6 +882,7 @@ class ResourceLoader implements LoggerAwareInterface {
 		}

 		$this->errors = [];
+		// @phan-suppress-next-line SecurityCheck-XSS
 		echo $response;
 	}

@ -1181,6 +1182,7 @@ MESSAGE;
 							$implementKey,
 							$scripts,
 							$content['styles'] ?? [],
+							// @phan-suppress-next-line SecurityCheck-XSS
 							isset( $content['messagesBlob'] ) ? new XmlJsCode( $content['messagesBlob'] ) : [],
 							$content['templates'] ?? []
 						);
@ -1293,8 +1295,10 @@ MESSAGE;
 			if ( $scripts->value === '' ) {
 				$scripts = null;
 			} elseif ( $context->getDebug() ) {
+				// @phan-suppress-next-line SecurityCheck-XSS
 				$scripts = new XmlJsCode( "function ( $, jQuery, require, module ) {\n{$scripts->value}\n}" );
 			} else {
+				// @phan-suppress-next-line SecurityCheck-XSS
 				$scripts = new XmlJsCode(
 					'function($,jQuery,require,module){' . self::ensureNewline( $scripts->value ) . '}'
 				);
--- a/includes/resourceloader/VueComponentParser.php
+++ b/includes/resourceloader/VueComponentParser.php
@ -102,6 +102,7 @@ class VueComponentParser {
 		$treeBuilder = new TreeBuilder( $domBuilder, [ 'ignoreErrors' => true ] );
 		$tokenizer = new Tokenizer( new Dispatcher( $treeBuilder ), $html, [ 'ignoreErrors' => true ] );
 		$tokenizer->execute();
+		// @phan-suppress-next-line PhanTypeMismatchReturnSuperType
 		return $domBuilder->getFragment();
 	}

--- a/includes/revisiondelete/RevDelLogItem.php
+++ b/includes/revisiondelete/RevDelLogItem.php
@ -129,7 +129,6 @@ class RevDelLogItem extends RevDelItem {
 		$action = $formatter->getActionText();

 		$comment = $this->commentStore->getComment( 'log_comment', $this->row )->text;
-		// @phan-suppress-next-line SecurityCheck-DoubleEscaped false positive
 		$comment = $this->list->getLanguage()->getDirMark()
 			. Linker::commentBlock( $comment );

--- a/includes/search/BaseSearchResultSet.php
+++ b/includes/search/BaseSearchResultSet.php
@ -46,6 +46,7 @@ abstract class BaseSearchResultSet implements ISearchResultSet {
 			$this->bcIterator = 'RECURSION';
 			$this->bcIterator = $this->getIterator();
 		} elseif ( $this->bcIterator === 'RECURSION' ) {
+			// @phan-suppress-previous-line PhanTypeComparisonFromArray Use of string is a hack
 			// Either next/rewind or extractResults must be implemented.  This
 			// class was potentially instantiated directly. It should be
 			// abstract with abstract methods to enforce this but that's a
--- a/includes/search/SearchHighlighter.php
+++ b/includes/search/SearchHighlighter.php
@ -555,6 +555,7 @@ class SearchHighlighter {

 			$found = $m[2];

+			// @phan-suppress-next-line SecurityCheck-DoubleEscaped Triggered by Language::truncateForVisual
 			$line = htmlspecialchars( $pre . $found . $post );
 			$pat2 = '/(' . $terms . ")/i";
 			$line = preg_replace( $pat2, "<span class='searchmatch'>\\1</span>", $line );
--- a/includes/specials/forms/PreferencesFormOOUI.php
+++ b/includes/specials/forms/PreferencesFormOOUI.php
@ -140,8 +140,6 @@ class PreferencesFormOOUI extends OOUIHTMLForm {
 	public function filterDataForSubmit( $data ) {
 		foreach ( $this->mFlatFields as $fieldname => $field ) {
 			if ( $field instanceof HTMLNestedFilterable ) {
-				// @phan-suppress-next-next-line PhanUndeclaredProperty All HTMLForm fields have mParams,
-				// but the instanceof confuses phan, which doesn't support intersections
 				$info = $field->mParams;
 				$prefix = $info['prefix'] ?? $fieldname;
 				foreach ( $field->filterDataForSubmit( $data[$fieldname] ) as $key => $value ) {
--- a/includes/upload/UploadFromChunks.php
+++ b/includes/upload/UploadFromChunks.php
@ -122,6 +122,7 @@ class UploadFromChunks extends UploadFromFile {
 		$this->getChunkStatus();

 		$metadata = $this->stash->getMetadata( $key );
+		// @phan-suppress-next-line SecurityCheckMulti,SecurityCheck-PathTraversal
 		$this->initializePathInfo( $name,
 			$this->getRealPath( $metadata['us_path'] ),
 			$metadata['us_size'],
--- a/includes/upload/UploadFromFile.php
+++ b/includes/upload/UploadFromFile.php
@ -53,7 +53,6 @@ class UploadFromFile extends UploadBase {
 	 */
 	public function initialize( $name, $webRequestUpload ) {
 		$this->mUpload = $webRequestUpload;
-		// @phan-suppress-next-line SecurityCheck-PathTraversal False positive T268920
 		$this->initializePathInfo( $name,
 			$this->mUpload->getTempName(), $this->mUpload->getSize() );
 	}
--- a/includes/upload/UploadFromStash.php
+++ b/includes/upload/UploadFromStash.php
@ -100,6 +100,7 @@ class UploadFromStash extends UploadBase {
 		 * an opaque key to the user agent.
 		 */
 		$metadata = $this->stash->getMetadata( $key );
+		// @phan-suppress-next-line SecurityCheck-PathTraversal
 		$this->initializePathInfo( $name,
 			$initTempFile ? $this->getRealPath( $metadata['us_path'] ) : false,
 			$metadata['us_size'],
--- a/includes/user/UserGroupMembership.php
+++ b/includes/user/UserGroupMembership.php
@ -150,7 +150,6 @@ class UserGroupMembership {
 				return $context->msg( 'group-membership-link-with-expiry' )
 					->params( $groupLink, $expiryDT, $expiryD, $expiryT )->text();
 			} else {
-				// @phan-suppress-next-line SecurityCheck-XSS Okay for html format T183174
 				$groupLink = Message::rawParam( $groupLink );
 				return $context->msg( 'group-membership-link-with-expiry' )
 					->params( $groupLink, $expiryDT, $expiryD, $expiryT )->escaped();
--- a/maintenance/eval.php
+++ b/maintenance/eval.php
@ -80,6 +80,7 @@ while ( ( $__line = Maintenance::readconsole() ) !== false ) {
 		readline_write_history( $__historyFile );
 	}
 	try {
+		// @phan-suppress-next-line SecurityCheck-RCE
 		$__val = eval( $__line . ";" );
 	} catch ( Exception $__e ) {
 		fwrite( STDERR, "Caught exception " . get_class( $__e ) .
--- a/maintenance/includes/MigrateActors.php
+++ b/maintenance/includes/MigrateActors.php
@ -169,7 +169,6 @@ class MigrateActors extends LoggedUpdateMaintenance {
 	/**
 	 * Add actors for anons in a set of rows
 	 *
-	 * @suppress SecurityCheck-SQLInjection The array_keys/array_map is too much for static analysis
 	 * @param IDatabase $dbw
 	 * @param string $nameField
 	 * @param stdClass[] &$rows
--- a/maintenance/preprocessorFuzzTest.php
+++ b/maintenance/preprocessorFuzzTest.php
@ -75,9 +75,7 @@ class PPFuzzTester {
 				$testReport = self::$currentTest->getReport();
 				$exceptionReport = $e instanceof MWException ? $e->getText() : (string)$e;
 				$hash = md5( $testReport );
-				// @phan-suppress-next-line SecurityCheck-PathTraversal False positive T268920
 				file_put_contents( "results/ppft-$hash.in", serialize( self::$currentTest ) );
-				// @phan-suppress-next-line SecurityCheck-PathTraversal False positive T268920
 				file_put_contents( "results/ppft-$hash.fail",
 					"Input:\n$testReport\n\nException report:\n$exceptionReport\n" );
 				print "Test $hash failed\n";
--- a/maintenance/sql.php
+++ b/maintenance/sql.php
@ -152,6 +152,7 @@ class MwSql extends Maintenance {
 				readline_add_history( $wholeLine . ';' );
 				readline_write_history( $historyFile );
 			}
+			// @phan-suppress-next-line SecurityCheck-SQLInjection
 			$res = $this->sqlDoQuery( $db, $wholeLine, $doDie );
 			$prompt = $newPrompt;
 			$wholeLine = '';
--- a/maintenance/storage/checkStorage.php
+++ b/maintenance/storage/checkStorage.php
@ -358,14 +358,12 @@ class CheckStorage {

 		print "\n\nErrors:\n";
 		foreach ( $this->errors as $name => $errors ) {
-			// @phan-suppress-next-line PhanImpossibleConditionInLoop
 			if ( count( $errors ) ) {
 				$description = $this->errorDescriptions[$name];
 				echo "$description: " . implode( ',', array_keys( $errors ) ) . "\n";
 			}
 		}

-		// @phan-suppress-next-line PhanImpossibleCondition
 		if ( count( $this->errors['restore text'] ) && $fix ) {
 			if ( (string)$xml !== '' ) {
 				$this->restoreText( array_keys( $this->errors['restore text'] ), $xml );