dependabot-preview[bot]
01ec741e6c
Merge pull request #24272 from nextcloud/dependabot/npm_and_yarn/jquery-migrate-3.3.2
2020-11-24 09:29:34 +00:00
Roeland Jago Douma
c2c539a754
Merge pull request #24323 from nextcloud/fix/comments-tab-missing
...
Fix reverse registration and missing comments tab
2020-11-24 09:34:50 +01:00
dependabot-preview[bot]
0c2a6d1474
Bump jquery-migrate from 3.3.1 to 3.3.2
...
Bumps [jquery-migrate](https://github.com/jquery/jquery-migrate ) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/jquery/jquery-migrate/releases )
- [Commits](https://github.com/jquery/jquery-migrate/compare/3.3.1...3.3.2 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
2020-11-24 08:06:06 +00:00
Roeland Jago Douma
8ac9767881
Merge pull request #24312 from nextcloud/bugfix/noid/fix-router-alias
...
Add proper alias for internal router class
2020-11-24 08:43:29 +01:00
Julius Härtl
b3191edcda
Merge pull request #24271 from nextcloud/dependabot/npm_and_yarn/babel/preset-env-7.12.7
...
Bump @babel/preset-env from 7.12.1 to 7.12.7
2020-11-24 08:38:15 +01:00
Roeland Jago Douma
ac42f94269
Merge pull request #24320 from nextcloud/typo/noid/fix-typo-in-deprecated
...
Fix typo in @deprecated PHPDoc tag
2020-11-24 08:31:38 +01:00
Roeland Jago Douma
14b563fe43
Merge pull request #24321 from nextcloud-pr-bot/automated/noid/psalm-baseline-update
...
[Automated] Update psalm-baseline.xml
2020-11-24 08:31:28 +01:00
Christoph Wurst
decc5c844b
Fix reverse registration and missing comments tab
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-24 08:28:19 +01:00
Julius Härtl
d9708ebece
Add proper alias for internal router class
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-11-24 08:01:39 +01:00
Nextcloud-PR-Bot
fda21b35c4
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-24 04:25:08 +00:00
Nextcloud bot
eddc31a07b
[tx-robot] updated from transifex
2020-11-24 02:18:55 +00:00
Morris Jobke
f4c1512bb7
Fix typo in @deprecated PHPDoc tag
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-24 00:13:09 +01:00
Morris Jobke
dc5f17f561
Merge pull request #24288 from nextcloud/techdebt/noid/encryption-setup-dependency-cleanup
...
Remove unused dependencies in encryption app setup
2020-11-23 20:43:42 +01:00
dependabot-preview[bot]
8f830c7754
Bump @babel/preset-env from 7.12.1 to 7.12.7
...
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env ) from 7.12.1 to 7.12.7.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.12.7/packages/babel-preset-env )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
2020-11-23 18:24:55 +00:00
Morris Jobke
d9e0efbf72
Merge pull request #24289 from nextcloud/techdebt/noid/encryption-make-application-class-dependency-free
...
[encryption] Remove dependency fetching inside the constructor and mo…
2020-11-23 16:23:21 +01:00
Morris Jobke
c832e6180b
Remove unused dependencies in encryption app setup
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-23 16:20:00 +01:00
Morris Jobke
5d88686b18
Merge pull request #24310 from nextcloud/perf/noid/theming-capabilities
...
Optimize check if background is themed
2020-11-23 15:48:57 +01:00
Roeland Jago Douma
a3cff5abbe
Merge pull request #24273 from nextcloud/dependabot/npm_and_yarn/babel/core-7.12.7
...
Bump @babel/core from 7.12.3 to 7.12.7
2020-11-23 14:39:56 +01:00
Julius Härtl
a0c0918ce2
Optimize chek if background is themed
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-11-23 13:48:05 +01:00
dependabot-preview[bot]
f2a249ff71
Bump @babel/core from 7.12.3 to 7.12.7
...
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core ) from 7.12.3 to 7.12.7.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.12.7/packages/babel-core )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
2020-11-23 10:49:41 +00:00
Roeland Jago Douma
59a83b77ea
Merge pull request #24275 from nextcloud/dependabot/npm_and_yarn/moment-timezone-0.5.32
...
Bump moment-timezone from 0.5.31 to 0.5.32
2020-11-23 11:10:24 +01:00
Roeland Jago Douma
e0a6f6d34b
Merge pull request #24251 from nextcloud/fix/sabre-parse-xml-errors
...
Update sabre/xml to fix XML parsing errors (with empty strings)
2020-11-23 10:28:06 +01:00
dependabot-preview[bot]
f8af508907
Bump moment-timezone from 0.5.31 to 0.5.32
...
Bumps [moment-timezone](https://github.com/moment/moment-timezone ) from 0.5.31 to 0.5.32.
- [Release notes](https://github.com/moment/moment-timezone/releases )
- [Changelog](https://github.com/moment/moment-timezone/blob/develop/changelog.md )
- [Commits](https://github.com/moment/moment-timezone/compare/0.5.31...0.5.32 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
2020-11-23 08:23:42 +00:00
Christoph Wurst
a35a9a009d
Update sabre/xml to fix XML parsing errors (with empty strings)
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-23 09:13:46 +01:00
Roeland Jago Douma
a1cd5ca20c
Merge pull request #24290 from nextcloud/propagate-taint
...
Add IRequest taint sources
2020-11-23 08:40:14 +01:00
Roeland Jago Douma
ad5059a39e
Merge pull request #24293 from nextcloud/dependabot/composer/vimeo/psalm-4.2.1
...
Bump vimeo/psalm from 4.2.0 to 4.2.1
2020-11-23 08:03:07 +01:00
dependabot-preview[bot]
942cd71055
Bump vimeo/psalm from 4.2.0 to 4.2.1
...
Bumps [vimeo/psalm](https://github.com/vimeo/psalm ) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/vimeo/psalm/releases )
- [Commits](https://github.com/vimeo/psalm/compare/4.2.0...4.2.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-11-23 02:42:54 +00:00
Nextcloud bot
6b9f57905f
[tx-robot] updated from transifex
2020-11-23 02:18:46 +00:00
Lukas Reschke
a5d4d3d4cc
Add IRequest taint sources
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-22 23:04:43 +01:00
Morris Jobke
efe644137d
[encryption] Remove dependency fetching inside the constructor and move them to method call parameters
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-22 22:35:02 +01:00
Morris Jobke
9a0428835f
Merge pull request #24267 from nextcloud/techdebt/noid/auto-wire-encryption-app-view-dependent
...
Auto-wire remaining encryption app services that depend on View
2020-11-22 22:33:53 +01:00
Morris Jobke
858c7f4032
Auto-wire remaining encryption app services that depend on View
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-22 22:22:16 +01:00
Roeland Jago Douma
032de4f333
Merge pull request #24269 from nextcloud/taint-specialize
...
Mark getAppPath as specialized taint
2020-11-22 13:39:46 +01:00
Roeland Jago Douma
293410f576
Merge pull request #24268 from nextcloud/add-app-as-sanitizer-for-include
...
Mark cleanAppId as sanitizer for include
2020-11-22 10:53:26 +01:00
Nextcloud bot
f1d71a21e5
[tx-robot] updated from transifex
2020-11-22 02:18:27 +00:00
John Molakvoæ
e1821f36d9
Merge pull request #24276 from nextcloud/dependabot/npm_and_yarn/vue-material-design-icons-4.11.0
...
Bump vue-material-design-icons from 4.10.0 to 4.11.0
2020-11-21 11:11:28 +01:00
dependabot-preview[bot]
1cde362c2e
Bump vue-material-design-icons from 4.10.0 to 4.11.0
...
Bumps [vue-material-design-icons](https://github.com/robcresswell/vue-material-design-icons ) from 4.10.0 to 4.11.0.
- [Release notes](https://github.com/robcresswell/vue-material-design-icons/releases )
- [Changelog](https://github.com/robcresswell/vue-material-design-icons/blob/dev/CHANGELOG.md )
- [Commits](https://github.com/robcresswell/vue-material-design-icons/compare/4.10.0...4.11.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-11-21 02:20:25 +00:00
Nextcloud bot
1859cebe56
[tx-robot] updated from transifex
2020-11-21 02:19:19 +00:00
Lukas Reschke
d25ca1976b
Mark getAppPath as specialized taint
...
Should remove some false positives.
https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-21 01:15:15 +00:00
Lukas Reschke
98ddfdd1e8
Mark cleanAppId as sanitizer for include
...
Should remove a bunch of false positive code scanning results.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-21 00:57:25 +00:00
Morris Jobke
e606c0eef4
Allow View to be used via DI
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-21 00:18:59 +01:00
Morris Jobke
db3a3bee37
Merge pull request #24064 from nextcloud/techdebt/noid/auto-wire-encryption-app
...
Auto-wire as much as possible in the encryption app
2020-11-21 00:04:54 +01:00
Morris Jobke
6811274cfd
Merge pull request #24246 from LukasReschke/add-taint-flow-analysis
...
Add Psalm Security Analysis
2020-11-21 00:04:37 +01:00
Morris Jobke
5be18215fb
Auto-wire as much as possible in the encryption app
...
Also cleans up only non-classname services in the server container
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-20 23:13:22 +01:00
Lukas Reschke
47ac8e0028
Add Psalm Taint Flow Analysis
...
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/
It also adds a plugin for adding input into AppFramework.
The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning
**Q&A:**
Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.
Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/
Q: We should run this on apps!
A: Yes.
Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.
Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-20 23:12:00 +01:00
Morris Jobke
c31e4266c7
Merge pull request #24257 from nextcloud/nc-comments
...
Simple typo in comments
2020-11-20 20:42:40 +01:00
Morris Jobke
1448b7c923
Merge pull request #24242 from essys/patch-1
...
Update ScanLegacyFormat.php
2020-11-20 20:39:49 +01:00
Morris Jobke
a06111e1eb
Merge pull request #24254 from nextcloud/enh/lint_php8
...
Also lint php8
2020-11-20 20:33:21 +01:00
Carlos Ferreira
a42eb05a35
Simple typo in comments
2020-11-20 20:01:28 +01:00
Roeland Jago Douma
12f322d804
Also lint php8
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-20 16:49:09 +01:00