mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
nextcloud/build
History
Lukas Reschke 3d2600b039
Add Phan plugin to check for SQL injections 
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 		2017-07-20 22:48:13 +02:00
..
.ci-conf Adding magic file to enable oci on pull request testing on ci.owncloud.org 2015-03-20 15:00:51 +01:00
.phan Add Phan plugin to check for SQL injections 2017-07-20 22:48:13 +02:00
integration Prevent sending second WWW-Authenticate header 2017-06-13 13:54:52 +02:00
.htaccess Only request "IndexIgnore" if mod_autoindex is loaded 2017-02-20 13:09:15 +01:00
OCPSinceChecker.php $this->blackListedClassNames is unknown 2016-09-07 22:09:08 +02:00
autoloaderchecker.sh Allow to use a global composer instance 2017-01-05 11:01:59 +01:00
build.xml cleaning up the build directory 2014-12-10 10:07:22 +01:00
files-checker.php Add test to check if new files are added to the root of the repository 2017-07-12 11:52:42 +02:00
gen-coverage-badge.php Add script to generate coverage badges 2016-02-16 10:07:00 +01:00
htaccess-checker.php Add .htaccess checker as CI step 2016-11-02 20:11:30 +01:00
jsdocs9.tar.bz2 Update integration tests for system tags with groups 2016-05-20 17:56:02 +02:00
l10nParseAppInfo.php Extract app name and navigation entries for l10n 2017-05-08 23:24:28 -05:00
license.php Make sure to also detect their new copy right line 2016-08-18 10:59:59 +02:00
mergejs.php mergejs should print a newline between imports 2017-03-31 17:06:38 +02:00
mergejschecker.sh Add CI step to verify merged vendor js 2017-03-23 13:40:30 +01:00
package.json Fix JS unit failure because of Jasmine 2.6 and the phantomjs launcher 2017-04-25 10:26:46 -03:00
signed-off-checker.php Add codecov 2016-09-28 21:08:17 +02:00
translation-checker.php Loop over the apps directory and add the task 2017-04-25 14:35:51 +02:00