59a83b77ea
Merge pull request #24275 from nextcloud/dependabot/npm_and_yarn/moment-timezone-0.5.32
...
Bump moment-timezone from 0.5.31 to 0.5.32
2020-11-23 11:10:24 +01:00
e0a6f6d34b
Merge pull request #24251 from nextcloud/fix/sabre-parse-xml-errors
...
Update sabre/xml to fix XML parsing errors (with empty strings)
2020-11-23 10:28:06 +01:00
f8af508907
Bump moment-timezone from 0.5.31 to 0.5.32
...
Bumps [moment-timezone](https://github.com/moment/moment-timezone ) from 0.5.31 to 0.5.32.
- [Release notes](https://github.com/moment/moment-timezone/releases )
- [Changelog](https://github.com/moment/moment-timezone/blob/develop/changelog.md )
- [Commits](https://github.com/moment/moment-timezone/compare/0.5.31...0.5.32 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
2020-11-23 08:23:42 +00:00
a35a9a009d
Update sabre/xml to fix XML parsing errors (with empty strings)
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-23 09:13:46 +01:00
a1cd5ca20c
Merge pull request #24290 from nextcloud/propagate-taint
...
Add IRequest taint sources
2020-11-23 08:40:14 +01:00
ad5059a39e
Merge pull request #24293 from nextcloud/dependabot/composer/vimeo/psalm-4.2.1
...
Bump vimeo/psalm from 4.2.0 to 4.2.1
2020-11-23 08:03:07 +01:00
942cd71055
Bump vimeo/psalm from 4.2.0 to 4.2.1
...
Bumps [vimeo/psalm](https://github.com/vimeo/psalm ) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/vimeo/psalm/releases )
- [Commits](https://github.com/vimeo/psalm/compare/4.2.0...4.2.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-11-23 02:42:54 +00:00
6b9f57905f
[tx-robot] updated from transifex
2020-11-23 02:18:46 +00:00
a5d4d3d4cc
Add IRequest taint sources
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-22 23:04:43 +01:00
9a0428835f
Merge pull request #24267 from nextcloud/techdebt/noid/auto-wire-encryption-app-view-dependent
...
Auto-wire remaining encryption app services that depend on View
2020-11-22 22:33:53 +01:00
858c7f4032
Auto-wire remaining encryption app services that depend on View
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-22 22:22:16 +01:00
032de4f333
Merge pull request #24269 from nextcloud/taint-specialize
...
Mark getAppPath as specialized taint
2020-11-22 13:39:46 +01:00
293410f576
Merge pull request #24268 from nextcloud/add-app-as-sanitizer-for-include
...
Mark cleanAppId as sanitizer for include
2020-11-22 10:53:26 +01:00
f1d71a21e5
[tx-robot] updated from transifex
2020-11-22 02:18:27 +00:00
e1821f36d9
Merge pull request #24276 from nextcloud/dependabot/npm_and_yarn/vue-material-design-icons-4.11.0
...
Bump vue-material-design-icons from 4.10.0 to 4.11.0
2020-11-21 11:11:28 +01:00
1cde362c2e
Bump vue-material-design-icons from 4.10.0 to 4.11.0
...
Bumps [vue-material-design-icons](https://github.com/robcresswell/vue-material-design-icons ) from 4.10.0 to 4.11.0.
- [Release notes](https://github.com/robcresswell/vue-material-design-icons/releases )
- [Changelog](https://github.com/robcresswell/vue-material-design-icons/blob/dev/CHANGELOG.md )
- [Commits](https://github.com/robcresswell/vue-material-design-icons/compare/4.10.0...4.11.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-11-21 02:20:25 +00:00
1859cebe56
[tx-robot] updated from transifex
2020-11-21 02:19:19 +00:00
d25ca1976b
Mark getAppPath as specialized taint
...
Should remove some false positives.
https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-21 01:15:15 +00:00
98ddfdd1e8
Mark cleanAppId as sanitizer for include
...
Should remove a bunch of false positive code scanning results.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-21 00:57:25 +00:00
e606c0eef4
Allow View to be used via DI
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-21 00:18:59 +01:00
db3a3bee37
Merge pull request #24064 from nextcloud/techdebt/noid/auto-wire-encryption-app
...
Auto-wire as much as possible in the encryption app
2020-11-21 00:04:54 +01:00
6811274cfd
Merge pull request #24246 from LukasReschke/add-taint-flow-analysis
...
Add Psalm Security Analysis
2020-11-21 00:04:37 +01:00
5be18215fb
Auto-wire as much as possible in the encryption app
...
Also cleans up only non-classname services in the server container
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-20 23:13:22 +01:00
47ac8e0028
Add Psalm Taint Flow Analysis
...
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/
It also adds a plugin for adding input into AppFramework.
The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning
**Q&A:**
Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.
Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/
Q: We should run this on apps!
A: Yes.
Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.
Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-20 23:12:00 +01:00
c31e4266c7
Merge pull request #24257 from nextcloud/nc-comments
...
Simple typo in comments
2020-11-20 20:42:40 +01:00
1448b7c923
Merge pull request #24242 from essys/patch-1
...
Update ScanLegacyFormat.php
2020-11-20 20:39:49 +01:00
a06111e1eb
Merge pull request #24254 from nextcloud/enh/lint_php8
...
Also lint php8
2020-11-20 20:33:21 +01:00
a42eb05a35
Simple typo in comments
2020-11-20 20:01:28 +01:00
12f322d804
Also lint php8
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-20 16:49:09 +01:00
691409cdec
Merge pull request #24062 from nextcloud/revert-24060-revert-24039-faster-installation
...
Revert "Revert "Installation goes brrrr""
2020-11-20 15:02:51 +01:00
7fd7601016
Merge pull request #24241 from nextcloud/enh/harden_EncryptionLegacyCipher_repair
...
Harden EncryptionLegacyCipher a bit
2020-11-20 14:15:45 +01:00
0d30047ac6
Merge pull request #24243 from nextcloud/techdebt/composer-require-libxml
...
Require libxml in composer
2020-11-20 14:13:29 +01:00
0af22a64cb
Require xmlreader via composer
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-20 11:29:50 +01:00
6ae2fe941f
Require libxml in composer
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-20 11:08:37 +01:00
fdcfc4edce
Update ScanLegacyFormat.php
...
Fixed a small typo on line 99.
2020-11-20 10:16:35 +01:00
f8a2c08c41
Merge pull request #24234 from nextcloud/dependabot/composer/vimeo/psalm-4.2.0
...
Bump vimeo/psalm from 4.1.1 to 4.2.0
2020-11-20 10:03:01 +01:00
b71803802c
Harden EncryptionLegacyCipher a bit
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-20 09:52:55 +01:00
774350c610
Bump vimeo/psalm from 4.1.1 to 4.2.0
...
Bumps [vimeo/psalm](https://github.com/vimeo/psalm ) from 4.1.1 to 4.2.0.
- [Release notes](https://github.com/vimeo/psalm/releases )
- [Commits](https://github.com/vimeo/psalm/compare/4.1.1...4.2.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-20 09:07:01 +01:00
e794d1f5d8
Merge pull request #24235 from nextcloud-pr-bot/automated/noid/psalm-baseline-update
...
[Automated] Update psalm-baseline.xml
2020-11-20 08:09:28 +01:00
c4e8c1bdcd
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-20 04:24:06 +00:00
285570f546
[tx-robot] updated from transifex
2020-11-20 02:20:07 +00:00
46f406a8be
Merge pull request #24017 from nextcloud/enh/share_expiration
...
Make the expire shares cron job actually expire the shares
2020-11-19 23:20:47 +01:00
700449882a
Merge pull request #24203 from nextcloud/enh/search_regex_file_shares
...
Use regex when searching on single file shares
2020-11-19 23:18:48 +01:00
568762a5a5
Merge pull request #24211 from nextcloud/bugfix/noid/theming-image
...
Fix setting images through occ for theming
2020-11-19 23:16:42 +01:00
1b613c84e9
Merge pull request #24007 from nextcloud/select-distinct-multiple
...
allow selecting multiple columns with SELECT DISTINCT
2020-11-19 22:39:01 +01:00
c2510ecae9
Merge pull request #24103 from nextcloud/bugfix/noid/groupfolder-share-object-storage
...
Only check path for being accessible when the storage is a object home
2020-11-19 22:37:28 +01:00
650ffc587f
Merge pull request #24164 from nextcloud/fix/lazy-app-registration
...
Allow lazy app registration
2020-11-19 22:35:09 +01:00
bf23555b8b
Merge pull request #24094 from nextcloud/bugfix/noid/trash-appdata
...
Only attempt to move to trash if a file is not in appdata
2020-11-19 22:29:23 +01:00
33bceacc82
Merge pull request #24225 from nextcloud/enh/dataresponse_typehints
...
Fix DataResponse typehints
2020-11-19 21:33:46 +01:00
1e111b2ad2
Fix DataResponse typehints
...
We use this already in several places where we just pass strings or
numbers.
This all works because we just convert it to a json response in the end.
So better to have the typehints reflect this.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-19 20:34:42 +01:00
Roeland Jago Douma
dependabot-preview[bot]
Christoph Wurst
Nextcloud bot
Lukas Reschke
Morris Jobke
John Molakvoæ
Carlos Ferreira
Roeland Jago Douma
essys
Nextcloud-PR-Bot