nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-04-15 22:11:17 -04:00

Author	SHA1	Message	Date
Lukas Reschke	47ac8e0028	Add Psalm Taint Flow Analysis This adds the Psalm Security Analysis, as described at https://psalm.dev/docs/security_analysis/ It also adds a plugin for adding input into AppFramework. The results can be viewed in the GitHub Security tab at https://github.com/nextcloud/server/security/code-scanning Q&A: Q: Why do you not use the shipped Psalm version? A: I do a lot of changes to the Psalm Taint behaviour. Using released versions is not gonna get us the results we want. Q: How do I improve false positives? A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/ Q: How do I add custom sources? A: https://psalm.dev/docs/security_analysis/custom_taint_sources/ Q: We should run this on apps! A: Yes. Q: What will change in Psalm? A: Quite some of the PHP core functions are not yet marked to propagate the taint. This leads to results where the taint flow is lost. That's something that I am currently working on. Q: Why is the plugin MIT licensed? A: Because its the first of its kind (based on GitHub Code Search) and I want other people to copy it if they want to. Security is for all :) Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2020-11-20 23:12:00 +01:00
dependabot-preview[bot]	774350c610	Bump vimeo/psalm from 4.1.1 to 4.2.0 Bumps [vimeo/psalm](https://github.com/vimeo/psalm) from 4.1.1 to 4.2.0. - [Release notes](https://github.com/vimeo/psalm/releases) - [Commits](https://github.com/vimeo/psalm/compare/4.1.1...4.2.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-11-20 09:07:01 +01:00
Roeland Jago Douma	9163790b7c	Set frame-ancestors to none if none are filled frame-ancestors doesn't fall back to default-src. So when we apply a very restricted CSP we should make sure to set it to 'none' and not leave it empty. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-11-18 10:13:36 +01:00
Nextcloud-PR-Bot	e93a76962c	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-11-17 04:22:33 +00:00
Roeland Jago Douma	426dc68b45	Merge pull request #24069 from nextcloud/fix-default-internal-expiration-date Fix default internal expiration date	2020-11-16 14:13:56 +01:00
Daniel Calviño Sánchez	28c57004dd	Add integration tests for creating shares with default expiration dates Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	2020-11-16 08:54:19 +01:00
Daniel Calviño Sánchez	4f5271acf9	Reset app configs by deleting the values instead of setting the defaults This avoids the need to keep the default values in the integration tests in sync with the code, and also makes possible to reset values with "dynamic" defaults (defaults that depend on other values). Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	2020-11-16 08:54:19 +01:00
Nextcloud-PR-Bot	aa967d798c	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-11-14 04:21:44 +00:00
Nextcloud-PR-Bot	05cd789e9d	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-11-13 04:22:06 +00:00
Joas Schilling	e39d657e24	Merge pull request #23882 from nextcloud/tests/oracle Run unit tests against oracle	2020-11-11 10:05:24 +01:00
Daniel Calviño Sánchez	ee852d7e0e	Add integration tests for default share permissions Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	2020-11-11 02:31:25 +01:00
Joas Schilling	6883676ad4	Update baseline, I'm sorry Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-11-10 15:55:06 +01:00
Nextcloud-PR-Bot	e35329176d	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-11-10 04:18:47 +00:00
Roeland Jago Douma	c8822508de	Merge pull request #23967 from nextcloud/dependabot/composer/build/integration/behat/behat-approx-3.8.0 Update behat/behat requirement from ~3.7.0 to ~3.8.0 in /build/integration	2020-11-09 19:54:41 +01:00
Nextcloud-PR-Bot	63c68d49c7	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-11-08 04:26:59 +00:00
Nextcloud-PR-Bot	610c22d2ca	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-11-07 04:26:22 +00:00
dependabot-preview[bot]	d2aeeddce7	Update behat/behat requirement in /build/integration Updates the requirements on [behat/behat](https://github.com/Behat/Behat) to permit the latest version. - [Release notes](https://github.com/Behat/Behat/releases) - [Changelog](https://github.com/Behat/Behat/blob/master/CHANGELOG.md) - [Commits](https://github.com/Behat/Behat/compare/v3.7.0...v3.8.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	2020-11-07 02:40:59 +00:00
Nextcloud-PR-Bot	4c61d52879	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-11-06 04:25:56 +00:00
Morris Jobke	0a1f4549e7	Check InvalidArgument psalm error into baseline - PHPDoc needs to be improved Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-11-05 13:49:25 +01:00
Nextcloud-PR-Bot	3929dc24c9	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-11-04 04:24:19 +00:00
Nextcloud-PR-Bot	4bbd6ceefd	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-11-03 04:23:30 +00:00
Morris Jobke	f8739b327a	Update psalm-baseline.xml Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-11-02 10:14:07 +01:00
Morris Jobke	7410489e86	Update psalm baseline Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-10-30 10:49:57 +01:00
Morris Jobke	f438ee40a4	Revert "[Automated] Update psalm-baseline.xml"	2020-10-30 10:36:46 +01:00
Nextcloud-PR-Bot	ac8a5ca18c	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-10-30 04:18:38 +00:00
Joas Schilling	92be66cff2	Fix the expected output Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-10-27 09:11:36 +01:00
Joas Schilling	c5d0c8ce12	Simplify the function looking for output Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-10-27 09:11:19 +01:00
Joas Schilling	dd3d5829e7	This is not javascript Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-10-26 17:06:32 +01:00
Joas Schilling	46e3ea4e41	Fix undefined variable Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-10-26 16:37:54 +01:00
Daniel Kesselberg	d08dca4ee5	Update baseline Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2020-10-22 14:44:38 +02:00
Nextcloud-PR-Bot	3ecfaca85f	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-10-21 04:30:21 +00:00
Nextcloud-PR-Bot	8f813c691d	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-10-20 04:29:45 +00:00
Nextcloud-PR-Bot	8005fd6f19	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-10-16 04:28:48 +00:00
Christoph Wurst	2c40d2cf45	Bump vimeo/psalm from 3.15 to 3.17.1 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-10-14 11:47:54 +02:00
Christoph Wurst	081e9ac47f	Use own psalm instead of a global one Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-10-13 17:55:37 +02:00
Nextcloud-PR-Bot	035346a5d3	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-10-13 04:28:02 +00:00
Nextcloud-PR-Bot	953c6eda28	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-10-11 04:27:09 +00:00
Nextcloud-PR-Bot	7896b20100	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-10-09 04:27:56 +00:00
Nextcloud-PR-Bot	ab6f6f7149	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-10-07 04:26:43 +00:00
Nextcloud-PR-Bot	c2a6893033	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-10-06 04:27:00 +00:00
Morris Jobke	482b42c4a7	Merge pull request #22891 from nextcloud/techdebt/18680/improve-ProvisioningApiMiddleware-service-logic Improve registerService logic for ProvisioningApiMiddleware for static code analysis	2020-10-05 21:50:50 +02:00
Christoph Wurst	d9015a8c94	Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-10-05 20:25:24 +02:00
dependabot-preview[bot]	8c2fe6df0a	Bump jsdoc from 3.6.5 to 3.6.6 in /build Bumps [jsdoc](https://github.com/jsdoc/jsdoc) from 3.6.5 to 3.6.6. - [Release notes](https://github.com/jsdoc/jsdoc/releases) - [Changelog](https://github.com/jsdoc/jsdoc/blob/3.6.6/CHANGES.md) - [Commits](https://github.com/jsdoc/jsdoc/compare/3.6.5...3.6.6) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	2020-09-26 01:16:20 +00:00
Nextcloud-PR-Bot	f7e5ba6116	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-09-25 04:24:37 +00:00
Daniel Calviño Sánchez	7b9a40b407	Add integration tests to check that only the given path is transferred Until recently (it was fixed in `ac2999a26a`) when a path was transferred other shares with the target user were removed, so a test was added to ensure that it does not happen again. Besides that a test to ensure that other files with the target user are not transferred was added too (it did not fail before, but seemed convenient to have that covered too :-) ). Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	2020-09-18 18:35:06 +02:00
Daniel Calviño Sánchez	c4c602ee80	Add integration tests for transferring files of a user with a risky name The files:transfer-ownership performs a sanitization of users with "risky" display names (including characters like "\" or "/"). In order to allow (escaped) double quotes in the display name the regular expression used in the "user XXX with displayname YYY exists" step had to be adjusted. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	2020-09-18 18:34:30 +02:00
Daniel Calviño Sánchez	5e143845cb	Add integration test for transferring the path of a single file Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	2020-09-18 18:32:23 +02:00
Nextcloud-PR-Bot	281f0d6793	Update psalm baseline Signed-off-by: GitHub <noreply@github.com>	2020-09-18 04:23:58 +00:00
Morris Jobke	a65b431f51	Update baseline Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-09-16 17:02:44 +02:00
Morris Jobke	c6948c2517	Update baseline Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-09-16 16:54:10 +02:00

1 2 3 4 5 ...

814 commits