Commit Graph

35 Commits

Author SHA1 Message Date
Lukas Reschke 6c8d48b0f6
Harden t() with DOMPurify
This mitigates issues where developers pass untrusted user-input through t() which may lead to XSS issues.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 14:17:42 +01:00
Roeland Jago Douma bb2ec51bbb
Fix unit tests of master
Follow up to #3802

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-16 12:46:02 +01:00
Morris Jobke cee8853658
Show info in admin settings about PHP opcache if disabled
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-22 23:45:48 -06:00
Morris Jobke a2867c0664
Properly check the data dir
* fixes #1364

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-12-05 23:35:35 +01:00
Joas Schilling 0f06034239
Replace more vendor naming
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-11 08:54:21 +01:00
Arthur Schiwon 9b01574465
adjust js tests 2016-08-25 13:47:14 +02:00
Derek b236100619 Alters 'No Internet Connection' error message. #181 2016-07-20 19:12:10 -05:00
Vincent Petry fb087a0261
Use temporary htaccesstest.txt for data dir security check 2016-06-07 18:36:13 +02:00
Morris Jobke e03d289b70
Use 6 months as SSL STS header threshold
* this uses 6 months (6 * 30 * 24 * 60 * 60 = 15552000)
* old value was half a year (365 / 2 * 24 * 60 * 60 = 15768000)
* fixes #23957
2016-04-13 08:47:34 +02:00
Lukas Reschke 6ad957906e Consistently use rel=noreferrer
When linking to external entities we should consistently use rel=noreferrer
2016-03-20 15:27:20 +01:00
Lukas Reschke 2ca3c0d461 Adjust wording a bit
**Before:**
> Your PHP version (5.4.16) is no longer supported by PHP. We encourage you to upgrade your PHP version to take advantage of performance and security updates provided by PHP.

**After:**
> You are currently running PHP 5.4.0. We encourage you to upgrade your PHP version to take advantage of performance and security updates provided by the PHP Group as soon as your distribution supports it.

Fixes https://github.com/owncloud/enterprise/issues/1170
2016-03-11 17:39:35 +01:00
Thomas Müller 8abdcb8085 Fix error ins source language strings
https://www.transifex.com/owncloud-org/owncloud/translate/#en_GB/core/50786279
https://www.transifex.com/owncloud-org/owncloud/translate/#en_GB/settings-1/50555028
2016-02-19 15:04:16 +01:00
Vincent Chan faf48e42b7 Move data protection check to javascript
fixes #20199
2016-02-01 18:57:58 +01:00
Thomas Müller b1ee51f255 Merge pull request #21630 from owncloud/add-some-security-headers-as-hardening
Add X-Download-Options and X-Permitted-Cross-Domain-Policies
2016-01-13 10:33:58 +01:00
Thomas Müller 2493cfede9 Merge pull request #21640 from owncloud/add-config-to-disable-wellknown-check
Add config switch to disable the .well-known URL check
2016-01-12 14:46:09 +01:00
Lukas Reschke 4d0dcd3c53 Add X-Download-Options and X-Permitted-Cross-Domain-Policies
Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---
2016-01-12 10:37:16 +01:00
Morris Jobke 8b6b042ffd Add config switch to disable the .well-known URL check 2016-01-12 09:53:23 +01:00
Morris Jobke a6c7cdd75e Show the well-known URL check as info instead of error
* ref https://github.com/owncloud/core/pull/21562#issuecomment-170344549
2016-01-12 09:18:20 +01:00
Morris Jobke 0161928fc3 Add check for .well-known URL in the root of the webservers URL
* fixes #20012
2016-01-08 23:27:29 +01:00
Lukas Reschke cebeb0e052 Fix unit tests
Fixes https://github.com/owncloud/core/issues/21345
2015-12-23 09:11:22 +01:00
Lukas Reschke 4971015544 Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-12-01 11:55:20 +01:00
Morris Jobke b519965408 [admin] check for correct PHP memcached module 2015-10-06 08:51:47 +02:00
Roeland Jago Douma 8eefc5c4e1 Move remaining setupchecks to new fomat 2015-08-18 14:42:57 +02:00
Jan-Christoph Borchardt 12eec397e3 Merge pull request #17975 from owncloud/settings_admin_warning_levels
Settings admin warning levels
2015-08-18 13:38:08 +02:00
Robin McCorkell 2579999373 Add setup check for reverse proxy header configuration 2015-08-10 23:28:16 +01:00
Roeland Jago Douma 8bde72c4bd All setup messages are now properly types 2015-07-30 09:57:08 +02:00
Roeland Jago Douma 5d15051da4 Allow setupchecks to specify a warning level 2015-07-30 09:57:08 +02:00
Roeland Jago Douma 72ba67815e Display warning in security & setup warnings if php version is EOL 2015-07-29 10:07:01 +02:00
Lukas Reschke eec8d776b7 Align recommended settings
This aligns the recommended setting with the max-age of `15768000` as described in our documentation. Furthermore it fixes some logical problems with the code, unit tests has been added as well.

Fixes https://github.com/owncloud/core/issues/16673
2015-06-15 10:39:25 +02:00
Lukas Reschke bc6d17ed74 Add check for availability of /dev/urandom
Without /dev/urandom being available to read the medium RNG will rely only on the following components on a Linux system:

1. MicroTime: microtime() . memory_get_usage() as seed and then a garbage collected microtime for loop
2. MTRand: chr((mt_rand() ^ mt_rand()) % 256)
3. Rand: chr((rand() ^ rand()) % 256)
4. UniqId: Plain uniqid()

An adversary with the possibility to predict the seed used by the PHP process may thus be able to predict future tokens which is an unwanted behaviour.

One should note that this behaviour is documented in our documentation to ensure that users get aware of this even without reading our documentation this will add a post setup check to the administrative interface.

Thanks to David Black from d1b.org for bringing this again to our attention.
2015-05-26 14:16:07 +02:00
Joas Schilling 81ec1c8a1a Remove hardcoded link to performance docs 2015-04-07 12:25:30 +02:00
Lukas Reschke 65202d2a18 Add check for activated local memcache
Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it.

Fixes https://github.com/owncloud/core/issues/14956
2015-03-28 13:59:22 +01:00
Lukas Reschke 9d1ce53cb1 Add some generic default headers as well via PHP 2015-03-26 22:32:57 +01:00
Vincent Petry b4cfc79b5a Added missing done() calls for async tests 2015-03-03 13:59:03 +01:00
Lukas Reschke bbd5f28415 Let users configure security headers in their Webserver
Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
2015-03-02 19:07:46 +01:00