diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2017-07-20 22:48:13 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2017-07-20 22:48:13 +0200 |
| commit | 3d2600b0399af0dd4521469725f5e4bdf348bd2e (patch) | |
| tree | b231906605d82e7fe537a81a9e10299ca9beb37f /lib/private/Files/Cache/Cache.php | |
| parent | 4826fd701dda218792b5072977b24da7d42a94fa (diff) | |
| download | nextcloud-server-3d2600b0399af0dd4521469725f5e4bdf348bd2e.tar.gz nextcloud-server-3d2600b0399af0dd4521469725f5e4bdf348bd2e.zip | |
Add Phan plugin to check for SQL injections
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.
As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.
The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'lib/private/Files/Cache/Cache.php')
| -rw-r--r-- | lib/private/Files/Cache/Cache.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/private/Files/Cache/Cache.php b/lib/private/Files/Cache/Cache.php index 1f3f2433e45..b2f379fe2c2 100644 --- a/lib/private/Files/Cache/Cache.php +++ b/lib/private/Files/Cache/Cache.php @@ -502,6 +502,7 @@ class Cache implements ICache { * @param string $targetPath * @throws \OC\DatabaseException * @throws \Exception if the given storages have an invalid id + * @suppress SqlInjectionChecker */ public function moveFromCache(ICache $sourceCache, $sourcePath, $targetPath) { if ($sourceCache instanceof Cache) { |