Commit Graph

15 Commits

Author SHA1 Message Date
Lukas Reschke 3d2600b039
Add Phan plugin to check for SQL injections
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
Joas Schilling 15eec7b83c Start migrations
Fixme:
- Install and update of apps
- No revert on live systems (debug only)
- Service adjustment to our interface
- Loading via autoloader

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-05 13:01:19 +02:00
Piotr Mrówczyński 9fec4031b3
Adjust query/event logging code in favour of more complex owncloud/diagnostics (#27643)
* Adjust query/event logging code in favour of more complex owncloud/diagnostics
* Add descriptions to IQueryLogger and IEventLogger interfaces
2017-04-26 13:19:43 +02:00
Morris Jobke 3329f44a76
Address comments
* fix URL to documentation
* improve logic of UTF8mb4 check
* fix connection parameter creation - it's done already in ConnectionFactory::createConnectionParams
* remove unused attributes of MDB2SchemaReader

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-21 16:42:42 -06:00
Morris Jobke 713f684a8b
Adding tests for 4 byte unicode characters
* success on SQLite and Postgres
* failure on MySQL due to the limited charset that only supports up to 3 bytes

Add config option to update charset of mysql to utf8mb4

* fully optional
* requires additional options set in the database

only disable unicode test on mysql

Fixing ctor call

Adding docker based unit test execution for mysql utf8mb4

Add mysqlmb4 test configuration to Jenkinsfile

fix collation on utf8mb4

Properly setup charset and collation in the doctrine connection

Allow files containing 4-byte chars in case the database supports it

During setup of a mysql database we try to detect if charset 'utf8mb4' can be used

Fix mysql settings

Add console command to migrate the charset

Set ROW_FORMAT before setting collation to mb4

Also select tables with wrong collation

Faster MySQL docker

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-21 16:42:12 -06:00
Philipp Schaffrath 2ccf544ad7
Fixed failing test which was ignoring a required (not null) column (#26303)
* Fixed failing test which was ignoring a required (not null) column

* restored test to original, catching DriverException which also catches ConstraintViolationException

* catch ConstraintViolationException again

* removed unnecessary field from this test

* clobfield should be nullable

* clobfield now is nullable

* removed autoincrement since whenever this strategy is enabled, oracle would not throw constraint violation exceptions (needed for setValues), which mysql still does

* this field does not auto increment anymore

* mark integerfield as primary, since it is not getting marked as such through auto increment anymore,
integerfield default always has been 0 instead of null

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:09:07 -06:00
Roeland Jago Douma f07d75a4dd
@since 9.2.0 to @since 11.0.0
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-15 18:51:52 +01:00
Joas Schilling 2c4035e806
Inject config and logger
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-02 20:30:37 +01:00
Robin Appelman 3a8e75a814
Allow 4byte unicode filenames on supported platforms
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-20 14:26:09 +02:00
Joas Schilling 0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Joas Schilling 7e3ce83526
Add a method to lock a table 2016-05-21 01:59:03 +02:00
Roeland Jago Douma 893204ef4a
Fix broken exception naming 2016-05-19 10:05:53 +02:00
Roeland Jago Douma d09f835dca
Move \OC\DB to PSR-4
Besides the statement wrapper that is moved to the legacy folder
(namepsace of shame folder)
2016-04-15 19:46:34 +02:00