This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/
It also adds a plugin for adding input into AppFramework.
The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning
**Q&A:**
Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.
Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/
Q: We should run this on apps!
A: Yes.
Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.
Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
During app installation we run migration steps. Those steps may use
services the app registers or classes from composer. Hence we have to
make sure the app runs through the registration.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
The default expiration date for internal shares was set from the default
link expiration date instead of the internal one.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The personal info section of the personal settings is querying the
storage quota information. For this it requires the FS to be setup which
is not always guaranteed.
This fixes an issue where refreshing the settings page would cause it to
fail after Redis caches are full. It is likely that when Redis cache is
populated, some code path is initializing the FS, so it works so far.
But when the cache is populated, that code path is skipped so the FS is
not guaranteed to be setup...
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
In php8 this starts throwing warnings. And since we use it quite often
we flood the log. This moves it to getType which does the same. Only non
deprecated now.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Because often we catch the exception at some point and then the trace is
misleading. What's really interesting is the trace of the *previous*
exception.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
When the servercontainer wants to obtain something changes are very high
this is something from the server container. Esp on setups with a lot of
shares this can change quite a bit as it avoid a needless check on the
strpos OCA\\ etc.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The getAppPath will always return the same data for the same appId. It
is actually already cached. However we do some cleanup of the appId
(again). Same for the autoloading it is actually already checked.
This just removes the unneeded calls. Which can add up if you have a lot
of incomming shares.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
In certain cases changeLock to EXCLUSIVE fails
and throws LockedException. This leaves the
file locked as SHARED in file_put_contents,
which prevents retrying (because on second
call file_put_contents takes another SHARED
lock on the same file, and changeLock doesn't
allow more than a single SHARED lock to promote
to EXCLUSIVE).
To avoid this case, we catch the LockedException
and unlock before re-throwing.
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Otherwise you might end up calling a lot of functions unneeded.
And while the individual calls are cheap if you multiply them by 20k
they still get somewhat expensive.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
As per https://docs.oracle.com/cd/B19306_01/server.102/b14200/functions060.htm
Oracle uses the first value to cast the rest or the values.
So when the first value is a plain int, instead of doing the math,
it will cast the expression to int and continue with a potential 0.
Signed-off-by: Joas Schilling <coding@schilljs.com>
Now we do on each template load a compile with the SCSS variables to see
if they changed or not. However there is no real reason for this if the
variables didn't change.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
In the 99% case the bucket is just always there. And if it is not the
read/write will fail hard anyways. Esp on big instances the Objectstore
is not always fast and this can save a few hundered ms of each request
that acess the objectstore.
In short it is adding
'verify_bucket_exists' => false
To the S3 config part
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This was a bunch of cylic things being called.
This is an attempt to clean this all up. If an app provides an array of
routes. We just parse them and hand them back.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Just check in the certifcate manager. So every part of the system that
request the certificatebundle gets the defaullt one (the 99% case) if we
can.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* removes the ability for users to import their own certificates (for external storage)
* reliably returns the same certificate bundles system wide (and not depending on the user context and available sessions)
The user specific certificates were broken in some cases anyways, as they are only loaded if the specific user is logged in and thus causing unexpected behavior for background jobs and other non-user triggered code paths.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
We read config.php an awefull lot of times. So it only makes sense to
kill this as much as wel can.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
It seems the DS Set in the polyfill implementation is a lot less
efficient than normal arrays. (A LOT!).
So for now use a stupid normal array.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>