Make OC\Security\CSP strict

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
author: Roeland Jago Douma <roeland@famdouma.nl> 2018-03-05 15:27:05 +0100
committer: Roeland Jago Douma <roeland@famdouma.nl> 2018-03-05 15:27:05 +0100
commit: 4ed9b74a6b2b9f0bb79879ee725c133f3ff299c9 (patch)
tree: b19961b477ad1b03e431e56e5d6edb383a8ec2f8 /lib/private/Security/CSP
parent: c85c64c787057afac7000c0c24a7b791f4788c55 (diff)
download: nextcloud-server-4ed9b74a6b2b9f0bb79879ee725c133f3ff299c9.tar.gz
nextcloud-server-4ed9b74a6b2b9f0bb79879ee725c133f3ff299c9.zip
3 files changed, 33 insertions, 30 deletions
diff --git a/lib/private/Security/CSP/ContentSecurityPolicy.php b/lib/private/Security/CSP/ContentSecurityPolicy.php
index 2adc3d3d12c..77e20dedf44 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicy.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicy.php
@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 /**
  * @copyright Copyright (c) 2016, ownCloud, Inc.
  *
@@ -33,147 +34,147 @@ class ContentSecurityPolicy extends \OCP\AppFramework\Http\ContentSecurityPolicy
 	/**
 	 * @return boolean
 	 */
-	public function isInlineScriptAllowed() {
+	public function isInlineScriptAllowed(): bool {
 		return $this->inlineScriptAllowed;
 	}
 
 	/**
 	 * @param boolean $inlineScriptAllowed
 	 */
-	public function setInlineScriptAllowed($inlineScriptAllowed) {
+	public function setInlineScriptAllowed(bool $inlineScriptAllowed) {
 		$this->inlineScriptAllowed = $inlineScriptAllowed;
 	}
 
 	/**
 	 * @return boolean
 	 */
-	public function isEvalScriptAllowed() {
+	public function isEvalScriptAllowed(): bool {
 		return $this->evalScriptAllowed;
 	}
 
 	/**
 	 * @param boolean $evalScriptAllowed
 	 */
-	public function setEvalScriptAllowed($evalScriptAllowed) {
+	public function setEvalScriptAllowed(bool $evalScriptAllowed) {
 		$this->evalScriptAllowed = $evalScriptAllowed;
 	}
 
 	/**
 	 * @return array
 	 */
-	public function getAllowedScriptDomains() {
+	public function getAllowedScriptDomains(): array {
 		return $this->allowedScriptDomains;
 	}
 
 	/**
 	 * @param array $allowedScriptDomains
 	 */
-	public function setAllowedScriptDomains($allowedScriptDomains) {
+	public function setAllowedScriptDomains(array $allowedScriptDomains) {
 		$this->allowedScriptDomains = $allowedScriptDomains;
 	}
 
 	/**
 	 * @return boolean
 	 */
-	public function isInlineStyleAllowed() {
+	public function isInlineStyleAllowed(): bool {
 		return $this->inlineStyleAllowed;
 	}
 
 	/**
 	 * @param boolean $inlineStyleAllowed
 	 */
-	public function setInlineStyleAllowed($inlineStyleAllowed) {
+	public function setInlineStyleAllowed(bool $inlineStyleAllowed) {
 		$this->inlineStyleAllowed = $inlineStyleAllowed;
 	}
 
 	/**
 	 * @return array
 	 */
-	public function getAllowedStyleDomains() {
+	public function getAllowedStyleDomains(): array {
 		return $this->allowedStyleDomains;
 	}
 
 	/**
 	 * @param array $allowedStyleDomains
 	 */
-	public function setAllowedStyleDomains($allowedStyleDomains) {
+	public function setAllowedStyleDomains(array $allowedStyleDomains) {
 		$this->allowedStyleDomains = $allowedStyleDomains;
 	}
 
 	/**
 	 * @return array
 	 */
-	public function getAllowedImageDomains() {
+	public function getAllowedImageDomains(): array {
 		return $this->allowedImageDomains;
 	}
 
 	/**
 	 * @param array $allowedImageDomains
 	 */
-	public function setAllowedImageDomains($allowedImageDomains) {
+	public function setAllowedImageDomains(array $allowedImageDomains) {
 		$this->allowedImageDomains = $allowedImageDomains;
 	}
 
 	/**
 	 * @return array
 	 */
-	public function getAllowedConnectDomains() {
+	public function getAllowedConnectDomains(): array {
 		return $this->allowedConnectDomains;
 	}
 
 	/**
 	 * @param array $allowedConnectDomains
 	 */
-	public function setAllowedConnectDomains($allowedConnectDomains) {
+	public function setAllowedConnectDomains(array $allowedConnectDomains) {
 		$this->allowedConnectDomains = $allowedConnectDomains;
 	}
 
 	/**
 	 * @return array
 	 */
-	public function getAllowedMediaDomains() {
+	public function getAllowedMediaDomains(): array {
 		return $this->allowedMediaDomains;
 	}
 
 	/**
 	 * @param array $allowedMediaDomains
 	 */
-	public function setAllowedMediaDomains($allowedMediaDomains) {
+	public function setAllowedMediaDomains(array $allowedMediaDomains) {
 		$this->allowedMediaDomains = $allowedMediaDomains;
 	}
 
 	/**
 	 * @return array
 	 */
-	public function getAllowedObjectDomains() {
+	public function getAllowedObjectDomains(): array {
 		return $this->allowedObjectDomains;
 	}
 
 	/**
 	 * @param array $allowedObjectDomains
 	 */
-	public function setAllowedObjectDomains($allowedObjectDomains) {
+	public function setAllowedObjectDomains(array $allowedObjectDomains) {
 		$this->allowedObjectDomains = $allowedObjectDomains;
 	}
 
 	/**
 	 * @return array
 	 */
-	public function getAllowedFrameDomains() {
+	public function getAllowedFrameDomains(): array {
 		return $this->allowedFrameDomains;
 	}
 
 	/**
 	 * @param array $allowedFrameDomains
 	 */
-	public function setAllowedFrameDomains($allowedFrameDomains) {
+	public function setAllowedFrameDomains(array $allowedFrameDomains) {
 		$this->allowedFrameDomains = $allowedFrameDomains;
 	}
 
 	/**
 	 * @return array
 	 */
-	public function getAllowedFontDomains() {
+	public function getAllowedFontDomains(): array {
 		return $this->allowedFontDomains;
 	}
 
@@ -187,7 +188,7 @@ class ContentSecurityPolicy extends \OCP\AppFramework\Http\ContentSecurityPolicy
 	/**
 	 * @return array
 	 */
-	public function getAllowedChildSrcDomains() {
+	public function getAllowedChildSrcDomains(): array {
 		return $this->allowedChildSrcDomains;
 	}
 
@@ -201,7 +202,7 @@ class ContentSecurityPolicy extends \OCP\AppFramework\Http\ContentSecurityPolicy
 	/**
 	 * @return array
 	 */
-	public function getAllowedFrameAncestors() {
+	public function getAllowedFrameAncestors(): array {
 		return $this->allowedFrameAncestors;
 	}
 
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyManager.php b/lib/private/Security/CSP/ContentSecurityPolicyManager.php
index 0e6f0ac6152..27a0524d3f3 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyManager.php
@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 /**
  * @copyright Copyright (c) 2016, ownCloud, Inc.
  *
@@ -41,7 +42,7 @@ class ContentSecurityPolicyManager implements IContentSecurityPolicyManager {
 	 *
 	 * @return ContentSecurityPolicy
 	 */
-	public function getDefaultPolicy() {
+	public function getDefaultPolicy(): ContentSecurityPolicy {
 		$defaultPolicy = new \OC\Security\CSP\ContentSecurityPolicy();
 		foreach($this->policies as $policy) {
 			$defaultPolicy = $this->mergePolicies($defaultPolicy, $policy);
@@ -57,14 +58,14 @@ class ContentSecurityPolicyManager implements IContentSecurityPolicyManager {
 	 * @return ContentSecurityPolicy
 	 */
 	public function mergePolicies(ContentSecurityPolicy $defaultPolicy,
-								  EmptyContentSecurityPolicy $originalPolicy) {
+								  EmptyContentSecurityPolicy $originalPolicy): ContentSecurityPolicy {
 		foreach((object)(array)$originalPolicy as $name => $value) {
 			$setter = 'set'.ucfirst($name);
-			if(is_array($value)) {
+			if(\is_array($value)) {
 				$getter = 'get'.ucfirst($name);
-				$currentValues = is_array($defaultPolicy->$getter()) ? $defaultPolicy->$getter() : [];
+				$currentValues = \is_array($defaultPolicy->$getter()) ? $defaultPolicy->$getter() : [];
 				$defaultPolicy->$setter(array_values(array_unique(array_merge($currentValues, $value))));
-			} elseif (is_bool($value)) {
+			} elseif (\is_bool($value)) {
 				$defaultPolicy->$setter($value);
 			}
 		}
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
index 266e5809c24..088fb2d859d 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 /**
  * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
  *
@@ -55,7 +56,7 @@ class ContentSecurityPolicyNonceManager {
 	 *
 	 * @return string
 	 */
-	public function getNonce() {
+	public function getNonce(): string {
 		if($this->nonce === '') {
 			$this->nonce = base64_encode($this->csrfTokenManager->getToken()->getEncryptedValue());
 		}
@@ -68,7 +69,7 @@ class ContentSecurityPolicyNonceManager {
 	 *
 	 * @return bool
 	 */
-	public function browserSupportsCspV3() {
+	public function browserSupportsCspV3(): bool {
 		$browserWhitelist = [
 			Request::USER_AGENT_CHROME,
 			// Firefox 45+
author	Roeland Jago Douma <roeland@famdouma.nl>	2018-03-05 15:27:05 +0100
committer	Roeland Jago Douma <roeland@famdouma.nl>	2018-03-05 15:27:05 +0100
commit	4ed9b74a6b2b9f0bb79879ee725c133f3ff299c9 (patch)
tree	b19961b477ad1b03e431e56e5d6edb383a8ec2f8 /lib/private/Security/CSP
parent	c85c64c787057afac7000c0c24a7b791f4788c55 (diff)
download	nextcloud-server-4ed9b74a6b2b9f0bb79879ee725c133f3ff299c9.tar.gz nextcloud-server-4ed9b74a6b2b9f0bb79879ee725c133f3ff299c9.zip