Nextcloud-PR-Bot
fda21b35c4
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-24 04:25:08 +00:00
Lukas Reschke
47ac8e0028
Add Psalm Taint Flow Analysis
...
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/
It also adds a plugin for adding input into AppFramework.
The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning
**Q&A:**
Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.
Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/
Q: We should run this on apps!
A: Yes.
Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.
Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-20 23:12:00 +01:00
dependabot-preview[bot]
774350c610
Bump vimeo/psalm from 4.1.1 to 4.2.0
...
Bumps [vimeo/psalm](https://github.com/vimeo/psalm ) from 4.1.1 to 4.2.0.
- [Release notes](https://github.com/vimeo/psalm/releases )
- [Commits](https://github.com/vimeo/psalm/compare/4.1.1...4.2.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-20 09:07:01 +01:00
Roeland Jago Douma
9163790b7c
Set frame-ancestors to none if none are filled
...
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-18 10:13:36 +01:00
Nextcloud-PR-Bot
e93a76962c
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-17 04:22:33 +00:00
Roeland Jago Douma
426dc68b45
Merge pull request #24069 from nextcloud/fix-default-internal-expiration-date
...
Fix default internal expiration date
2020-11-16 14:13:56 +01:00
Daniel Calviño Sánchez
28c57004dd
Add integration tests for creating shares with default expiration dates
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-11-16 08:54:19 +01:00
Daniel Calviño Sánchez
4f5271acf9
Reset app configs by deleting the values instead of setting the defaults
...
This avoids the need to keep the default values in the integration tests
in sync with the code, and also makes possible to reset values with
"dynamic" defaults (defaults that depend on other values).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-11-16 08:54:19 +01:00
Nextcloud-PR-Bot
aa967d798c
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-14 04:21:44 +00:00
Nextcloud-PR-Bot
05cd789e9d
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-13 04:22:06 +00:00
Joas Schilling
e39d657e24
Merge pull request #23882 from nextcloud/tests/oracle
...
Run unit tests against oracle
2020-11-11 10:05:24 +01:00
Daniel Calviño Sánchez
ee852d7e0e
Add integration tests for default share permissions
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-11-11 02:31:25 +01:00
Joas Schilling
6883676ad4
Update baseline, I'm sorry
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-10 15:55:06 +01:00
Nextcloud-PR-Bot
e35329176d
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-10 04:18:47 +00:00
Roeland Jago Douma
c8822508de
Merge pull request #23967 from nextcloud/dependabot/composer/build/integration/behat/behat-approx-3.8.0
...
Update behat/behat requirement from ~3.7.0 to ~3.8.0 in /build/integration
2020-11-09 19:54:41 +01:00
Nextcloud-PR-Bot
63c68d49c7
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-08 04:26:59 +00:00
Nextcloud-PR-Bot
610c22d2ca
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-07 04:26:22 +00:00
dependabot-preview[bot]
d2aeeddce7
Update behat/behat requirement in /build/integration
...
Updates the requirements on [behat/behat](https://github.com/Behat/Behat ) to permit the latest version.
- [Release notes](https://github.com/Behat/Behat/releases )
- [Changelog](https://github.com/Behat/Behat/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Behat/Behat/compare/v3.7.0...v3.8.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-11-07 02:40:59 +00:00
Nextcloud-PR-Bot
4c61d52879
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-06 04:25:56 +00:00
Morris Jobke
0a1f4549e7
Check InvalidArgument psalm error into baseline - PHPDoc needs to be improved
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-05 13:49:25 +01:00
Nextcloud-PR-Bot
3929dc24c9
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-04 04:24:19 +00:00
Nextcloud-PR-Bot
4bbd6ceefd
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-03 04:23:30 +00:00
Morris Jobke
f8739b327a
Update psalm-baseline.xml
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-02 10:14:07 +01:00
Morris Jobke
7410489e86
Update psalm baseline
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-10-30 10:49:57 +01:00
Morris Jobke
f438ee40a4
Revert "[Automated] Update psalm-baseline.xml"
2020-10-30 10:36:46 +01:00
Nextcloud-PR-Bot
ac8a5ca18c
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-30 04:18:38 +00:00
Joas Schilling
92be66cff2
Fix the expected output
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-10-27 09:11:36 +01:00
Joas Schilling
c5d0c8ce12
Simplify the function looking for output
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-10-27 09:11:19 +01:00
Joas Schilling
dd3d5829e7
This is not javascript
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-10-26 17:06:32 +01:00
Joas Schilling
46e3ea4e41
Fix undefined variable
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-10-26 16:37:54 +01:00
Daniel Kesselberg
d08dca4ee5
Update baseline
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-10-22 14:44:38 +02:00
Nextcloud-PR-Bot
3ecfaca85f
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-21 04:30:21 +00:00
Nextcloud-PR-Bot
8f813c691d
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-20 04:29:45 +00:00
Nextcloud-PR-Bot
8005fd6f19
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-16 04:28:48 +00:00
Christoph Wurst
2c40d2cf45
Bump vimeo/psalm from 3.15 to 3.17.1
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-14 11:47:54 +02:00
Christoph Wurst
081e9ac47f
Use own psalm instead of a global one
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-13 17:55:37 +02:00
Nextcloud-PR-Bot
035346a5d3
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-13 04:28:02 +00:00
Nextcloud-PR-Bot
953c6eda28
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-11 04:27:09 +00:00
Nextcloud-PR-Bot
7896b20100
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-09 04:27:56 +00:00
Nextcloud-PR-Bot
ab6f6f7149
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-07 04:26:43 +00:00
Nextcloud-PR-Bot
c2a6893033
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-06 04:27:00 +00:00
Morris Jobke
482b42c4a7
Merge pull request #22891 from nextcloud/techdebt/18680/improve-ProvisioningApiMiddleware-service-logic
...
Improve registerService logic for ProvisioningApiMiddleware for static code analysis
2020-10-05 21:50:50 +02:00
Christoph Wurst
d9015a8c94
Format code to a single space around binary operators
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-05 20:25:24 +02:00
dependabot-preview[bot]
8c2fe6df0a
Bump jsdoc from 3.6.5 to 3.6.6 in /build
...
Bumps [jsdoc](https://github.com/jsdoc/jsdoc ) from 3.6.5 to 3.6.6.
- [Release notes](https://github.com/jsdoc/jsdoc/releases )
- [Changelog](https://github.com/jsdoc/jsdoc/blob/3.6.6/CHANGES.md )
- [Commits](https://github.com/jsdoc/jsdoc/compare/3.6.5...3.6.6 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-09-26 01:16:20 +00:00
Nextcloud-PR-Bot
f7e5ba6116
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-09-25 04:24:37 +00:00
Daniel Calviño Sánchez
7b9a40b407
Add integration tests to check that only the given path is transferred
...
Until recently (it was fixed in ac2999a26a
) when a path was transferred
other shares with the target user were removed, so a test was added to
ensure that it does not happen again.
Besides that a test to ensure that other files with the target user are
not transferred was added too (it did not fail before, but seemed
convenient to have that covered too :-) ).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-09-18 18:35:06 +02:00
Daniel Calviño Sánchez
c4c602ee80
Add integration tests for transferring files of a user with a risky name
...
The files:transfer-ownership performs a sanitization of users with
"risky" display names (including characters like "\" or "/").
In order to allow (escaped) double quotes in the display name the
regular expression used in the "user XXX with displayname YYY exists"
step had to be adjusted.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-09-18 18:34:30 +02:00
Daniel Calviño Sánchez
5e143845cb
Add integration test for transferring the path of a single file
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-09-18 18:32:23 +02:00
Nextcloud-PR-Bot
281f0d6793
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-09-18 04:23:58 +00:00
Morris Jobke
a65b431f51
Update baseline
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-09-16 17:02:44 +02:00