Commit Graph

56320 Commits

Author SHA1 Message Date
dependabot-preview[bot] 01ec741e6c
Merge pull request #24272 from nextcloud/dependabot/npm_and_yarn/jquery-migrate-3.3.2 2020-11-24 09:29:34 +00:00
Roeland Jago Douma c2c539a754
Merge pull request #24323 from nextcloud/fix/comments-tab-missing
Fix reverse registration and missing comments tab
2020-11-24 09:34:50 +01:00
dependabot-preview[bot] 0c2a6d1474 Bump jquery-migrate from 3.3.1 to 3.3.2
Bumps [jquery-migrate](https://github.com/jquery/jquery-migrate) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/jquery/jquery-migrate/releases)
- [Commits](https://github.com/jquery/jquery-migrate/compare/3.3.1...3.3.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
2020-11-24 08:06:06 +00:00
Roeland Jago Douma 8ac9767881
Merge pull request #24312 from nextcloud/bugfix/noid/fix-router-alias
Add proper alias for internal router class
2020-11-24 08:43:29 +01:00
Julius Härtl b3191edcda
Merge pull request #24271 from nextcloud/dependabot/npm_and_yarn/babel/preset-env-7.12.7
Bump @babel/preset-env from 7.12.1 to 7.12.7
2020-11-24 08:38:15 +01:00
Roeland Jago Douma ac42f94269
Merge pull request #24320 from nextcloud/typo/noid/fix-typo-in-deprecated
Fix typo in @deprecated PHPDoc tag
2020-11-24 08:31:38 +01:00
Roeland Jago Douma 14b563fe43
Merge pull request #24321 from nextcloud-pr-bot/automated/noid/psalm-baseline-update
[Automated] Update psalm-baseline.xml
2020-11-24 08:31:28 +01:00
Christoph Wurst decc5c844b
Fix reverse registration and missing comments tab
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-24 08:28:19 +01:00
Julius Härtl d9708ebece
Add proper alias for internal router class
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-11-24 08:01:39 +01:00
Nextcloud-PR-Bot fda21b35c4 Update psalm baseline
Signed-off-by: GitHub <noreply@github.com>
2020-11-24 04:25:08 +00:00
Nextcloud bot eddc31a07b
[tx-robot] updated from transifex 2020-11-24 02:18:55 +00:00
Morris Jobke f4c1512bb7
Fix typo in @deprecated PHPDoc tag
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-24 00:13:09 +01:00
Morris Jobke dc5f17f561
Merge pull request #24288 from nextcloud/techdebt/noid/encryption-setup-dependency-cleanup
Remove unused dependencies in encryption app setup
2020-11-23 20:43:42 +01:00
dependabot-preview[bot] 8f830c7754 Bump @babel/preset-env from 7.12.1 to 7.12.7
Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.12.1 to 7.12.7.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.12.7/packages/babel-preset-env)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
2020-11-23 18:24:55 +00:00
Morris Jobke d9e0efbf72
Merge pull request #24289 from nextcloud/techdebt/noid/encryption-make-application-class-dependency-free
[encryption] Remove dependency fetching inside the constructor and mo…
2020-11-23 16:23:21 +01:00
Morris Jobke c832e6180b
Remove unused dependencies in encryption app setup
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-23 16:20:00 +01:00
Morris Jobke 5d88686b18
Merge pull request #24310 from nextcloud/perf/noid/theming-capabilities
Optimize check if background is themed
2020-11-23 15:48:57 +01:00
Roeland Jago Douma a3cff5abbe
Merge pull request #24273 from nextcloud/dependabot/npm_and_yarn/babel/core-7.12.7
Bump @babel/core from 7.12.3 to 7.12.7
2020-11-23 14:39:56 +01:00
Julius Härtl a0c0918ce2
Optimize chek if background is themed
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-11-23 13:48:05 +01:00
dependabot-preview[bot] f2a249ff71 Bump @babel/core from 7.12.3 to 7.12.7
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.12.3 to 7.12.7.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.12.7/packages/babel-core)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
2020-11-23 10:49:41 +00:00
Roeland Jago Douma 59a83b77ea
Merge pull request #24275 from nextcloud/dependabot/npm_and_yarn/moment-timezone-0.5.32
Bump moment-timezone from 0.5.31 to 0.5.32
2020-11-23 11:10:24 +01:00
Roeland Jago Douma e0a6f6d34b
Merge pull request #24251 from nextcloud/fix/sabre-parse-xml-errors
Update sabre/xml to fix XML parsing errors (with empty strings)
2020-11-23 10:28:06 +01:00
dependabot-preview[bot] f8af508907 Bump moment-timezone from 0.5.31 to 0.5.32
Bumps [moment-timezone](https://github.com/moment/moment-timezone) from 0.5.31 to 0.5.32.
- [Release notes](https://github.com/moment/moment-timezone/releases)
- [Changelog](https://github.com/moment/moment-timezone/blob/develop/changelog.md)
- [Commits](https://github.com/moment/moment-timezone/compare/0.5.31...0.5.32)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
2020-11-23 08:23:42 +00:00
Christoph Wurst a35a9a009d
Update sabre/xml to fix XML parsing errors (with empty strings)
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-23 09:13:46 +01:00
Roeland Jago Douma a1cd5ca20c
Merge pull request #24290 from nextcloud/propagate-taint
Add IRequest taint sources
2020-11-23 08:40:14 +01:00
Roeland Jago Douma ad5059a39e
Merge pull request #24293 from nextcloud/dependabot/composer/vimeo/psalm-4.2.1
Bump vimeo/psalm from 4.2.0 to 4.2.1
2020-11-23 08:03:07 +01:00
dependabot-preview[bot] 942cd71055
Bump vimeo/psalm from 4.2.0 to 4.2.1
Bumps [vimeo/psalm](https://github.com/vimeo/psalm) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/vimeo/psalm/releases)
- [Commits](https://github.com/vimeo/psalm/compare/4.2.0...4.2.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-11-23 02:42:54 +00:00
Nextcloud bot 6b9f57905f
[tx-robot] updated from transifex 2020-11-23 02:18:46 +00:00
Lukas Reschke a5d4d3d4cc
Add IRequest taint sources
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-22 23:04:43 +01:00
Morris Jobke efe644137d
[encryption] Remove dependency fetching inside the constructor and move them to method call parameters
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-22 22:35:02 +01:00
Morris Jobke 9a0428835f
Merge pull request #24267 from nextcloud/techdebt/noid/auto-wire-encryption-app-view-dependent
Auto-wire remaining encryption app services that depend on View
2020-11-22 22:33:53 +01:00
Morris Jobke 858c7f4032
Auto-wire remaining encryption app services that depend on View
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-22 22:22:16 +01:00
Roeland Jago Douma 032de4f333
Merge pull request #24269 from nextcloud/taint-specialize
Mark getAppPath as specialized taint
2020-11-22 13:39:46 +01:00
Roeland Jago Douma 293410f576
Merge pull request #24268 from nextcloud/add-app-as-sanitizer-for-include
Mark cleanAppId as sanitizer for include
2020-11-22 10:53:26 +01:00
Nextcloud bot f1d71a21e5
[tx-robot] updated from transifex 2020-11-22 02:18:27 +00:00
John Molakvoæ e1821f36d9
Merge pull request #24276 from nextcloud/dependabot/npm_and_yarn/vue-material-design-icons-4.11.0
Bump vue-material-design-icons from 4.10.0 to 4.11.0
2020-11-21 11:11:28 +01:00
dependabot-preview[bot] 1cde362c2e
Bump vue-material-design-icons from 4.10.0 to 4.11.0
Bumps [vue-material-design-icons](https://github.com/robcresswell/vue-material-design-icons) from 4.10.0 to 4.11.0.
- [Release notes](https://github.com/robcresswell/vue-material-design-icons/releases)
- [Changelog](https://github.com/robcresswell/vue-material-design-icons/blob/dev/CHANGELOG.md)
- [Commits](https://github.com/robcresswell/vue-material-design-icons/compare/4.10.0...4.11.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-11-21 02:20:25 +00:00
Nextcloud bot 1859cebe56
[tx-robot] updated from transifex 2020-11-21 02:19:19 +00:00
Lukas Reschke d25ca1976b Mark getAppPath as specialized taint
Should remove some false positives.

https://psalm.dev/docs/security_analysis/avoiding_false_positives/

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-21 01:15:15 +00:00
Lukas Reschke 98ddfdd1e8 Mark cleanAppId as sanitizer for include
Should remove a bunch of false positive code scanning results.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-21 00:57:25 +00:00
Morris Jobke e606c0eef4
Allow View to be used via DI
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-21 00:18:59 +01:00
Morris Jobke db3a3bee37
Merge pull request #24064 from nextcloud/techdebt/noid/auto-wire-encryption-app
Auto-wire as much as possible in the encryption app
2020-11-21 00:04:54 +01:00
Morris Jobke 6811274cfd
Merge pull request #24246 from LukasReschke/add-taint-flow-analysis
Add Psalm Security Analysis
2020-11-21 00:04:37 +01:00
Morris Jobke 5be18215fb
Auto-wire as much as possible in the encryption app
Also cleans up only non-classname services in the server container

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-20 23:13:22 +01:00
Lukas Reschke 47ac8e0028
Add Psalm Taint Flow Analysis
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/

It also adds a plugin for adding input into AppFramework.

The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning

**Q&A:**

Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.

Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/

Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/

Q: We should run this on apps!
A: Yes.

Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.

Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-20 23:12:00 +01:00
Morris Jobke c31e4266c7
Merge pull request #24257 from nextcloud/nc-comments
Simple typo in comments
2020-11-20 20:42:40 +01:00
Morris Jobke 1448b7c923
Merge pull request #24242 from essys/patch-1
Update ScanLegacyFormat.php
2020-11-20 20:39:49 +01:00
Morris Jobke a06111e1eb
Merge pull request #24254 from nextcloud/enh/lint_php8
Also lint php8
2020-11-20 20:33:21 +01:00
Carlos Ferreira a42eb05a35
Simple typo in comments 2020-11-20 20:01:28 +01:00
Roeland Jago Douma 12f322d804
Also lint php8
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-20 16:49:09 +01:00