efe644137d
[encryption] Remove dependency fetching inside the constructor and move them to method call parameters
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-22 22:35:02 +01:00
9a0428835f
Merge pull request #24267 from nextcloud/techdebt/noid/auto-wire-encryption-app-view-dependent
...
Auto-wire remaining encryption app services that depend on View
2020-11-22 22:33:53 +01:00
858c7f4032
Auto-wire remaining encryption app services that depend on View
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-22 22:22:16 +01:00
032de4f333
Merge pull request #24269 from nextcloud/taint-specialize
...
Mark getAppPath as specialized taint
2020-11-22 13:39:46 +01:00
293410f576
Merge pull request #24268 from nextcloud/add-app-as-sanitizer-for-include
...
Mark cleanAppId as sanitizer for include
2020-11-22 10:53:26 +01:00
f1d71a21e5
[tx-robot] updated from transifex
2020-11-22 02:18:27 +00:00
e1821f36d9
Merge pull request #24276 from nextcloud/dependabot/npm_and_yarn/vue-material-design-icons-4.11.0
...
Bump vue-material-design-icons from 4.10.0 to 4.11.0
2020-11-21 11:11:28 +01:00
1cde362c2e
Bump vue-material-design-icons from 4.10.0 to 4.11.0
...
Bumps [vue-material-design-icons](https://github.com/robcresswell/vue-material-design-icons ) from 4.10.0 to 4.11.0.
- [Release notes](https://github.com/robcresswell/vue-material-design-icons/releases )
- [Changelog](https://github.com/robcresswell/vue-material-design-icons/blob/dev/CHANGELOG.md )
- [Commits](https://github.com/robcresswell/vue-material-design-icons/compare/4.10.0...4.11.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-11-21 02:20:25 +00:00
1859cebe56
[tx-robot] updated from transifex
2020-11-21 02:19:19 +00:00
d25ca1976b
Mark getAppPath as specialized taint
...
Should remove some false positives.
https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-21 01:15:15 +00:00
98ddfdd1e8
Mark cleanAppId as sanitizer for include
...
Should remove a bunch of false positive code scanning results.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-21 00:57:25 +00:00
e606c0eef4
Allow View to be used via DI
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-21 00:18:59 +01:00
db3a3bee37
Merge pull request #24064 from nextcloud/techdebt/noid/auto-wire-encryption-app
...
Auto-wire as much as possible in the encryption app
2020-11-21 00:04:54 +01:00
6811274cfd
Merge pull request #24246 from LukasReschke/add-taint-flow-analysis
...
Add Psalm Security Analysis
2020-11-21 00:04:37 +01:00
5be18215fb
Auto-wire as much as possible in the encryption app
...
Also cleans up only non-classname services in the server container
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-20 23:13:22 +01:00
47ac8e0028
Add Psalm Taint Flow Analysis
...
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/
It also adds a plugin for adding input into AppFramework.
The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning
**Q&A:**
Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.
Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/
Q: We should run this on apps!
A: Yes.
Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.
Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-20 23:12:00 +01:00
c31e4266c7
Merge pull request #24257 from nextcloud/nc-comments
...
Simple typo in comments
2020-11-20 20:42:40 +01:00
1448b7c923
Merge pull request #24242 from essys/patch-1
...
Update ScanLegacyFormat.php
2020-11-20 20:39:49 +01:00
a06111e1eb
Merge pull request #24254 from nextcloud/enh/lint_php8
...
Also lint php8
2020-11-20 20:33:21 +01:00
a42eb05a35
Simple typo in comments
2020-11-20 20:01:28 +01:00
12f322d804
Also lint php8
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-20 16:49:09 +01:00
691409cdec
Merge pull request #24062 from nextcloud/revert-24060-revert-24039-faster-installation
...
Revert "Revert "Installation goes brrrr""
2020-11-20 15:02:51 +01:00
7fd7601016
Merge pull request #24241 from nextcloud/enh/harden_EncryptionLegacyCipher_repair
...
Harden EncryptionLegacyCipher a bit
2020-11-20 14:15:45 +01:00
0d30047ac6
Merge pull request #24243 from nextcloud/techdebt/composer-require-libxml
...
Require libxml in composer
2020-11-20 14:13:29 +01:00
0af22a64cb
Require xmlreader via composer
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-20 11:29:50 +01:00
6ae2fe941f
Require libxml in composer
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-20 11:08:37 +01:00
fdcfc4edce
Update ScanLegacyFormat.php
...
Fixed a small typo on line 99.
2020-11-20 10:16:35 +01:00
f8a2c08c41
Merge pull request #24234 from nextcloud/dependabot/composer/vimeo/psalm-4.2.0
...
Bump vimeo/psalm from 4.1.1 to 4.2.0
2020-11-20 10:03:01 +01:00
b71803802c
Harden EncryptionLegacyCipher a bit
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-20 09:52:55 +01:00
774350c610
Bump vimeo/psalm from 4.1.1 to 4.2.0
...
Bumps [vimeo/psalm](https://github.com/vimeo/psalm ) from 4.1.1 to 4.2.0.
- [Release notes](https://github.com/vimeo/psalm/releases )
- [Commits](https://github.com/vimeo/psalm/compare/4.1.1...4.2.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-20 09:07:01 +01:00
e794d1f5d8
Merge pull request #24235 from nextcloud-pr-bot/automated/noid/psalm-baseline-update
...
[Automated] Update psalm-baseline.xml
2020-11-20 08:09:28 +01:00
c4e8c1bdcd
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-20 04:24:06 +00:00
285570f546
[tx-robot] updated from transifex
2020-11-20 02:20:07 +00:00
46f406a8be
Merge pull request #24017 from nextcloud/enh/share_expiration
...
Make the expire shares cron job actually expire the shares
2020-11-19 23:20:47 +01:00
700449882a
Merge pull request #24203 from nextcloud/enh/search_regex_file_shares
...
Use regex when searching on single file shares
2020-11-19 23:18:48 +01:00
568762a5a5
Merge pull request #24211 from nextcloud/bugfix/noid/theming-image
...
Fix setting images through occ for theming
2020-11-19 23:16:42 +01:00
1b613c84e9
Merge pull request #24007 from nextcloud/select-distinct-multiple
...
allow selecting multiple columns with SELECT DISTINCT
2020-11-19 22:39:01 +01:00
c2510ecae9
Merge pull request #24103 from nextcloud/bugfix/noid/groupfolder-share-object-storage
...
Only check path for being accessible when the storage is a object home
2020-11-19 22:37:28 +01:00
650ffc587f
Merge pull request #24164 from nextcloud/fix/lazy-app-registration
...
Allow lazy app registration
2020-11-19 22:35:09 +01:00
bf23555b8b
Merge pull request #24094 from nextcloud/bugfix/noid/trash-appdata
...
Only attempt to move to trash if a file is not in appdata
2020-11-19 22:29:23 +01:00
33bceacc82
Merge pull request #24225 from nextcloud/enh/dataresponse_typehints
...
Fix DataResponse typehints
2020-11-19 21:33:46 +01:00
1e111b2ad2
Fix DataResponse typehints
...
We use this already in several places where we just pass strings or
numbers.
This all works because we just convert it to a json response in the end.
So better to have the typehints reflect this.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-19 20:34:42 +01:00
220bc1f218
Make the expire shares cron job actually expire the shares
...
Right now we just delete the shares from the DB. Which is efficient
sure. But doesn't trigger any real cleanup. So no Admin audit entries or
any other post processing is done.
This makes sure we really trigger this.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-19 10:51:51 +01:00
d602aa1825
Merge pull request #24135 from medical-cloud/fix/23357-nextcloud-logo-in-email-notifications-is-misaligned-in-version-20
...
Fix nextcloud logo in email notifications misalignment
2020-11-19 10:48:18 +01:00
eab4f3dc76
Limit shared cache search if it is just a file
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-19 09:15:02 +01:00
ecbc7f62be
Merge pull request #24207 from nextcloud/bugfix/noid/missing-level-psrlogged
...
missing level in ScopedPsrLogger
2020-11-19 08:38:05 +01:00
9b7bdfef79
Fix setting images through occ for theming
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-11-19 08:31:24 +01:00
c773cee305
[tx-robot] updated from transifex
2020-11-19 02:20:10 +00:00
87ec4a0da3
Fix #23357
...
Signed-off-by: medcloud <42641918+medcloud@users.noreply.github.com>
2020-11-18 22:29:02 +01:00
a0d9b15a80
missing level
...
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2020-11-18 18:30:07 -01:00
Morris Jobke
Roeland Jago Douma
Nextcloud bot
John Molakvoæ
dependabot-preview[bot]
Lukas Reschke
Carlos Ferreira
Roeland Jago Douma
Christoph Wurst
essys
Nextcloud-PR-Bot
Christoph Wurst
Julius Härtl
medcloud
Maxence Lange