diff options
| author | Joas Schilling <coding@schilljs.com> | 2024-10-01 00:09:15 +0200 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2024-10-01 00:11:07 +0200 |
| commit | 570a9e208fa638c35f5ec1c9754acf2a66aa587d (patch) | |
| tree | f1242f593b5afe10596cc7b599a3e444fd056f2c /build | |
| parent | 990ee44015da720acbcf22dfe583b181dd1655fd (diff) | |
| download | nextcloud-server-570a9e208fa638c35f5ec1c9754acf2a66aa587d.tar.gz nextcloud-server-570a9e208fa638c35f5ec1c9754acf2a66aa587d.zip | |
ci: Add psalm baseline for security and make CI fail on changeci/noid/improve-running-psalm-locally
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'build')
| -rw-r--r-- | build/psalm-baseline-security.xml | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/build/psalm-baseline-security.xml b/build/psalm-baseline-security.xml new file mode 100644 index 00000000000..c42b10d75c6 --- /dev/null +++ b/build/psalm-baseline-security.xml @@ -0,0 +1,138 @@ +<?xml version="1.0" encoding="UTF-8"?> +<files psalm-version="5.26.1@d747f6500b38ac4f7dfc5edbcae6e4b637d7add0"> + <file src="apps/admin_audit/lib/Actions/Action.php"> + <TaintedHtml> + <code><![CDATA[$params]]></code> + </TaintedHtml> + </file> + <file src="apps/files_external/lib/Config/ConfigAdapter.php"> + <TaintedCallable> + <code><![CDATA[$objectClass]]></code> + </TaintedCallable> + </file> + <file src="apps/theming/lib/IconBuilder.php"> + <TaintedFile> + <code><![CDATA[$appIcon]]></code> + <code><![CDATA[$imageFile]]></code> + </TaintedFile> + </file> + <file src="lib/base.php"> + <TaintedHeader> + <code><![CDATA['Location: ' . $url]]></code> + <code><![CDATA['Location: ' . \OC::$WEBROOT . '/']]></code> + </TaintedHeader> + </file> + <file src="lib/private/App/InfoParser.php"> + <TaintedFile> + <code><![CDATA[$file]]></code> + </TaintedFile> + </file> + <file src="lib/private/AppFramework/Utility/SimpleContainer.php"> + <TaintedCallable> + <code><![CDATA[$name]]></code> + </TaintedCallable> + </file> + <file src="lib/private/Config.php"> + <TaintedHtml> + <code><![CDATA[$this->cache]]></code> + </TaintedHtml> + </file> + <file src="lib/private/EventSource.php"> + <TaintedHeader> + <code><![CDATA['Location: ' . \OC::$WEBROOT]]></code> + </TaintedHeader> + </file> + <file src="lib/private/Http/CookieHelper.php"> + <TaintedHeader> + <code><![CDATA[$header]]></code> + </TaintedHeader> + </file> + <file src="lib/private/Installer.php"> + <TaintedFile> + <code><![CDATA[$baseDir]]></code> + </TaintedFile> + </file> + <file src="lib/private/OCS/ApiHelper.php"> + <TaintedHtml> + <code><![CDATA[$body]]></code> + </TaintedHtml> + <TaintedTextWithQuotes> + <code><![CDATA[$body]]></code> + </TaintedTextWithQuotes> + </file> + <file src="lib/private/Route/Router.php"> + <TaintedCallable> + <code><![CDATA[$appNameSpace . '\\Controller\\' . basename($file->getPathname(), '.php')]]></code> + </TaintedCallable> + </file> + <file src="lib/private/ServerContainer.php"> + <TaintedCallable> + <code><![CDATA[$applicationClassName]]></code> + </TaintedCallable> + </file> + <file src="lib/private/Session/CryptoWrapper.php"> + <TaintedCookie> + <code><![CDATA[$this->passphrase]]></code> + </TaintedCookie> + </file> + <file src="lib/private/Setup.php"> + <TaintedFile> + <code><![CDATA[$dataDir]]></code> + </TaintedFile> + </file> + <file src="lib/private/Setup/Sqlite.php"> + <TaintedFile> + <code><![CDATA[$sqliteFile]]></code> + </TaintedFile> + </file> + <file src="lib/private/legacy/OC_Helper.php"> + <TaintedFile> + <code><![CDATA[$dest]]></code> + <code><![CDATA[$dest]]></code> + <code><![CDATA[$dir]]></code> + <code><![CDATA[$dir]]></code> + </TaintedFile> + </file> + <file src="lib/private/legacy/OC_JSON.php"> + <TaintedHeader> + <code><![CDATA['Location: ' . \OC::$WEBROOT]]></code> + </TaintedHeader> + <TaintedHtml> + <code><![CDATA[self::encode($data)]]></code> + <code><![CDATA[self::encode($data)]]></code> + </TaintedHtml> + <TaintedTextWithQuotes> + <code><![CDATA[self::encode($data)]]></code> + <code><![CDATA[self::encode($data)]]></code> + </TaintedTextWithQuotes> + </file> + <file src="lib/private/legacy/OC_Template.php"> + <TaintedHtml> + <code><![CDATA[$exception->getTraceAsString()]]></code> + </TaintedHtml> + <TaintedTextWithQuotes> + <code><![CDATA[$exception->getTraceAsString()]]></code> + </TaintedTextWithQuotes> + </file> + <file src="lib/public/DB/QueryBuilder/IQueryBuilder.php"> + <TaintedSql> + <code><![CDATA[$column]]></code> + </TaintedSql> + </file> + <file src="lib/public/IDBConnection.php"> + <TaintedSql> + <code><![CDATA[$sql]]></code> + <code><![CDATA[$sql]]></code> + <code><![CDATA[$sql]]></code> + <code><![CDATA[$sql]]></code> + </TaintedSql> + </file> + <file src="ocs-provider/index.php"> + <TaintedHtml> + <code><![CDATA[$controller->buildProviderList()->render()]]></code> + </TaintedHtml> + <TaintedTextWithQuotes> + <code><![CDATA[$controller->buildProviderList()->render()]]></code> + </TaintedTextWithQuotes> + </file> +</files> |