Commit Graph

109 Commits

Author SHA1 Message Date
Lukas Reschke 29e715a1b9
Exclude build/.phan/ from PHP 5.6 syntax check
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 23:04:11 +02:00
Lukas Reschke 3d2600b039
Add Phan plugin to check for SQL injections
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
Morris Jobke ac969cfbb6 Merge pull request #5800 from nextcloud/enable-acceptance-tests-again-on-drone-0.7
Enable acceptance tests again on Drone 0.7
2017-07-20 11:31:48 +02:00
Daniel Calviño Sánchez 94144269de Enable acceptance tests again on Drone 0.7
Running the acceptance tests on Drone relied on the pod-style networking
used by services (service containers were available at 127.0.0.1 from
the build containers). However, in Drone 0.7 service and build
containers must be accessed from each other using their domain name
instead. Thus, acceptance tests had to be disabled on Drone.

Now that the acceptance test system supports setting a different domain
for the Selenium server and for the Nextcloud test server the acceptance
tests can be enabled again on Drone.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-07-20 08:08:35 +02:00
Lukas Reschke e215eabbf7
Update PHP 7.1 containers
Previously this container used a very old CentOS version. It has been migrated to Debian Jessie now using the deb.sury.org repositories.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 17:00:08 +02:00
Lukas Reschke 4d1d82e2d7
Install phan manually
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 10:28:12 +02:00
Lukas Reschke ac1a54cccf
Use new Drone image
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 10:28:12 +02:00
Lukas Reschke d8ec399454
Run phan over code base
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 10:28:11 +02:00
Morris Jobke 75f893b62f Disable postgres temporarily
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-18 19:23:56 +02:00
Morris Jobke 649c47b199 Temporarily disable acceptance and object storage tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-14 21:48:52 +02:00
Morris Jobke 9a34c5051f Fix drone
Fix service container host name
check current folder
fix redis for integration test
Fix more hostnames

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-14 15:04:18 +02:00
Morris Jobke 57fb36b6ae
Update integration tests composer cache
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-06-14 09:37:47 +02:00
Morris Jobke 3a70ebfe02 Merge pull request #4767 from nextcloud/app-code-checker
Check language files and database schema with app code checker
2017-05-16 16:20:27 -05:00
Morris Jobke 78e6c2dea4 Merge pull request #4666 from nextcloud/enable-redis-cluster
Add redis cluster tests to our CI jobs
2017-05-16 10:10:25 -05:00
Joas Schilling 3571355eb5
Run the app checker on all apps
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-16 16:16:55 +02:00
Morris Jobke edbe15f1c9 Run sign-off check as last check
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-15 11:01:06 -05:00
Morris Jobke fe5a4dd499 Make cache tests a bit more clear
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-11 17:07:25 -05:00
Morris Jobke f73ca1b77f Add redis cluster tests to our CI jobs
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-11 17:07:20 -05:00
Morris Jobke 61379c9165 Merge pull request #4682 from nextcloud/try-to-start-browser-sessions-again-when-they-fail-in-acceptance-tests
Try to start browser sessions again when they fail in acceptance tests
2017-05-04 00:02:18 -03:00
Daniel Calviño Sánchez 1a83c4c5c3 Set timeout multiplier to 10 for acceptance tests run by Drone
Sometimes, acceptance tests run by Drone fail due to a timeout when
starting the web browser sessions. Increasing the timeout should
minimize the possibility of the failure happening, although it can not
guarantee that it will not happen. A timeout multiplier of 10 was set
just because it looks like a reasonable margin of time, although it is
not based on any hard data.

The timeout multiplier affects too the timeout used when finding
elements. Like when starting a session, increasing the find timeout
simply gives the acceptance tests more time to find the objects before
giving up, so it does not change their behaviour when successful and can
also prevent failures due to default timeouts being too low for a
strained system.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-05-03 23:18:40 +02:00
Morris Jobke a94c706f26 Merge pull request #4667 from nextcloud/split-up-more-integration-tests
Split up sharing-v1-part2.feature to avoid timeouts
2017-05-02 17:27:37 -03:00
Morris Jobke c079ca7651 Merge pull request #4669 from nextcloud/checkers
Consolidate all the code checkers into one job
2017-05-02 17:27:00 -03:00
Morris Jobke a1929f4d56
Consolidate all the code checkers into one job
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-02 16:04:09 -03:00
Morris Jobke ecb369b5e8
Add redis support to our CI jobs
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-02 15:55:42 -03:00
Morris Jobke 865cd487c4
Split up sharing-v1-part2.feature to avoid timeouts
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-02 12:55:29 -03:00
Morris Jobke bcf587542c Merge pull request #4485 from nextcloud/translation-checker
Check whether we can json decode the translations
2017-04-25 10:46:51 -03:00
Joas Schilling 7ea492b69a
Loop over the apps directory and add the task
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-25 14:35:51 +02:00
Joas Schilling dee2c8d23b
Check whether we can json decode the translations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-25 11:01:34 +02:00
Daniel Calviño Sánchez 316710bcb1 Add acceptance tests for sharing password protected links
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-24 11:33:07 +02:00
Daniel Calviño Sánchez 2f80025ec2 Move acceptance tests from build/acceptance to tests/acceptance
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-21 14:44:29 +02:00
Daniel Calviño Sánchez cccbd028a6 Add safety parameter
As the script modifies the Git repository a safety parameter was added
to prevent running it by mistake and messing with the local copy of the
repository.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-21 14:26:31 +02:00
Daniel Calviño Sánchez bbe479bcd9 Generalize names and descriptions
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-21 14:24:37 +02:00
Daniel Calviño Sánchez 72310cdac1 Use PHP built-in web server instead of Apache in Drone
Instead of running an additional Drone service with the Nextcloud server
now the Nextcloud server is run in the same Drone step as the acceptance
tests themselves using the PHP built-in web server.

Thanks to this, the Nextcloud server control is no longer needed, as the
acceptance tests can now directly reset, start and stop the Nextcloud
server. Also, the "nextcloudci/php7.0:php7.0-7" image provides
everything needed to run and manage the Nextcloud server (including the
Git command used to restore the directory to a saved state), so the
custom image is no longer needed either.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-21 14:24:37 +02:00
Daniel Calviño Sánchez ed7d63d16a Add acceptance test steps to Drone
Each acceptance test feature is run in its own Drone step. The container
of the step runs the acceptance tests themselves, but they require two
additional Drone services. One service provides the Selenium server that
performs the web browser actions specified by the tests, and the other
service provides the Nextcloud server that the tests will be run
against (due to security concerns the acceptance tests themselves can
not create Docker containers for the Nextcloud server as done when
running them in a local system, as if Drone containers had access to
Docker a malicious pull request could be used to take over the Drone
server).

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-19 08:26:57 +02:00
Lukas Reschke 3d425ce833
Enable testing app in CI step
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:18 +02:00
Lukas Reschke a05471eb43
Fix .drone.yml
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:17 +02:00
Lukas Reschke 66835476b5
Add support for ratelimiting via annotations
This allows adding rate limiting via annotations to controllers, as one example:

```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```

Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:16 +02:00
Morris Jobke 749046a799
Add drone.yml config
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-11 14:59:30 -05:00
Lukas Reschke 2f748f625c
Run maintenance mode tests on Drone
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-11 01:39:54 +02:00
Morris Jobke 6901b28f07
Split long running features/sharing-v1.feature into two smaller parts
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-28 16:46:56 -06:00
Lukas Reschke f94bc6f8bb Merge pull request #4013 from nextcloud/bundle_vendor_js
Bundle vendor js
2017-03-24 10:49:57 +01:00
Roeland Jago Douma 588f47d498
Add CI step to verify merged vendor js
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-23 13:40:30 +01:00
Roeland Jago Douma 4518a28924 Revert "Bundle vendor js" 2017-03-22 17:01:54 +01:00
Roeland Jago Douma 12de9ad655
Add CI step to verify merged vendor js
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-22 08:49:03 +01:00
Morris Jobke 036f5a6e08
add drone config
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-20 13:13:08 -06:00
Morris Jobke 4a9ce18ced Revert "Add integration test for trashbin" 2017-03-17 12:06:16 -06:00
Morris Jobke 5d29e84118
Add drone.yml config
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-16 23:54:13 -06:00
Morris Jobke 1df26d438c
Run drone only on master/stable branches
* fixes #3729

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-06 20:57:32 -06:00
Arthur Schiwon 08b31fcb7d
enable user_ldap app for tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-01-20 10:10:37 +01:00
Morris Jobke 31a0821863
fix indentation
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-01-19 13:06:50 -06:00