Commit Graph

19 Commits

Author SHA1 Message Date
Roeland Jago Douma 032de4f333
Merge pull request #24269 from nextcloud/taint-specialize
Mark getAppPath as specialized taint
2020-11-22 13:39:46 +01:00
Lukas Reschke d25ca1976b Mark getAppPath as specialized taint
Should remove some false positives.

https://psalm.dev/docs/security_analysis/avoiding_false_positives/

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-21 01:15:15 +00:00
Lukas Reschke 98ddfdd1e8 Mark cleanAppId as sanitizer for include
Should remove a bunch of false positive code scanning results.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-21 00:57:25 +00:00
Lukas Reschke 47ac8e0028
Add Psalm Taint Flow Analysis
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/

It also adds a plugin for adding input into AppFramework.

The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning

**Q&A:**

Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.

Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/

Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/

Q: We should run this on apps!
A: Yes.

Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.

Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-20 23:12:00 +01:00
Roeland Jago Douma d8637c62e0
Reduce the getAppPath and autoloader calls
The getAppPath will always return the same data for the same appId. It
is actually already cached. However we do some cleanup of the appId
(again). Same for the autoloading it is actually already checked.

This just removes the unneeded calls. Which can add up if you have a lot
of incomming shares.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-07 17:24:41 +01:00
Roeland Jago Douma 0dece78617
Skip already loaded apps in loadApps
Otherwise you might end up calling a lot of functions unneeded.
And while the individual calls are cheap if you multiply them by 20k
they still get somewhat expensive.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-06 14:56:06 +01:00
Christoph Wurst d9015a8c94
Format code to a single space around binary operators
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-05 20:25:24 +02:00
Joas Schilling 0dfcc132ca
Allow to register AlternativeLogin on RegistrationContext
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-07-16 14:20:24 +02:00
Morris Jobke d9cc2f0213
Do not load app.php if Application implements IBootstrap
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-07-14 15:55:23 +02:00
Christoph Wurst 8e9726be5c
Log usages of the deprecated app.php file
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-30 09:43:40 +02:00
Christoph Wurst 5bc8510b3b
Load the app.php before running apps' boot method
Some apps require the composer autoloader from app.php. If we run boot
before including that file, classes and functions from dependencies
won't be found.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-17 14:44:02 +02:00
Christoph Wurst 69571fb536
Add dedicated API for apps' bootstrapping process
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-17 09:22:21 +02:00
Christoph Wurst 97e9823787
Document \OC_App::getAllApps return type
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-05-28 20:37:24 +02:00
Christoph Wurst 0556fe351a
Add a message to the log entry of an app being disabled
As an admin, it's always a surprise to see that an app got disabled. On
a busy server with many log entries, it's hard to locate the entry that
explains why Nextcloud disabled an app. Adding a message will make it
more obvious, allowing admins and developers to grep for the string.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-05-19 11:44:51 +02:00
Christoph Wurst 28f8eb5dba
Add visibility to all constants
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:54:27 +02:00
Christoph Wurst a7c8d26d31
Add visibility to all properties and move static keyword
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:48:31 +02:00
Christoph Wurst caff1023ea
Format control structures, classes, methods and function
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +02:00
Christoph Wurst 14c996d982
Use elseif instead of else if
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 10:35:09 +02:00
Christoph Wurst 1e086064f5
Move legacy classes from PSR0 to PSR4
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-07 08:48:00 +02:00