summaryrefslogtreecommitdiffstats
path: root/lib/private/Security
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@winzerhof-wurst.at>2020-04-10 14:19:56 +0200
committerChristoph Wurst <christoph@winzerhof-wurst.at>2020-04-10 14:19:56 +0200
commitcaff1023ea72bb2ea94130e18a2a6e2ccf819e5f (patch)
tree186d494c2aea5dea7255d3584ef5d595fc6e6194 /lib/private/Security
parentedf8ce32cffdb920e8171207b342abbd7f1fbe73 (diff)
downloadnextcloud-server-caff1023ea72bb2ea94130e18a2a6e2ccf819e5f.tar.gz
nextcloud-server-caff1023ea72bb2ea94130e18a2a6e2ccf819e5f.zip
Format control structures, classes, methods and function
To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'lib/private/Security')
-rw-r--r--lib/private/Security/Bruteforce/Throttler.php11
-rw-r--r--lib/private/Security/CSP/ContentSecurityPolicy.php1
-rw-r--r--lib/private/Security/CSP/ContentSecurityPolicyManager.php6
-rw-r--r--lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php4
-rw-r--r--lib/private/Security/CSRF/CsrfToken.php2
-rw-r--r--lib/private/Security/CSRF/CsrfTokenManager.php6
-rw-r--r--lib/private/Security/CSRF/TokenStorage/SessionStorage.php2
-rw-r--r--lib/private/Security/Certificate.php4
-rw-r--r--lib/private/Security/CertificateManager.php3
-rw-r--r--lib/private/Security/CredentialsManager.php2
-rw-r--r--lib/private/Security/Crypto.php5
-rw-r--r--lib/private/Security/FeaturePolicy/FeaturePolicy.php1
-rw-r--r--lib/private/Security/Hasher.php15
-rw-r--r--lib/private/Security/IdentityProof/Manager.php5
-rw-r--r--lib/private/Security/IdentityProof/Signer.php4
-rw-r--r--lib/private/Security/RateLimiting/Backend/MemoryCache.php6
-rw-r--r--lib/private/Security/SecureRandom.php2
-rw-r--r--lib/private/Security/TrustedDomainHelper.php4
18 files changed, 37 insertions, 46 deletions
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php
index d8e06032ef1..c04e0e1b383 100644
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -100,7 +100,7 @@ class Throttler {
$ip,
array $metadata = []) {
// No need to log if the bruteforce protection is disabled
- if($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
+ if ($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
return;
}
@@ -126,7 +126,7 @@ class Throttler {
$qb = $this->db->getQueryBuilder();
$qb->insert('bruteforce_attempts');
- foreach($values as $column => $value) {
+ foreach ($values as $column => $value) {
$qb->setValue($column, $qb->createNamedParameter($value));
}
$qb->execute();
@@ -139,7 +139,7 @@ class Throttler {
* @return bool
*/
private function isIPWhitelisted($ip) {
- if($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
+ if ($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
return true;
}
@@ -175,7 +175,7 @@ class Throttler {
$addr = inet_pton($addr);
$valid = true;
- for($i = 0; $i < $mask; $i++) {
+ for ($i = 0; $i < $mask; $i++) {
$part = ord($addr[(int)($i/8)]);
$orig = ord($ip[(int)($i/8)]);
@@ -196,7 +196,6 @@ class Throttler {
}
return false;
-
}
/**
@@ -234,7 +233,7 @@ class Throttler {
$maxDelay = 25;
$firstDelay = 0.1;
- if ($attempts > (8 * PHP_INT_SIZE - 1)) {
+ if ($attempts > (8 * PHP_INT_SIZE - 1)) {
// Don't ever overflow. Just assume the maxDelay time:s
$firstDelay = $maxDelay;
} else {
diff --git a/lib/private/Security/CSP/ContentSecurityPolicy.php b/lib/private/Security/CSP/ContentSecurityPolicy.php
index 4db1314e782..4d41bd56206 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicy.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicy.php
@@ -245,5 +245,4 @@ class ContentSecurityPolicy extends \OCP\AppFramework\Http\ContentSecurityPolicy
public function setReportTo(array $reportTo) {
$this->reportTo = $reportTo;
}
-
}
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyManager.php b/lib/private/Security/CSP/ContentSecurityPolicyManager.php
index 9f1a480ccce..4245fdcb2de 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyManager.php
@@ -59,7 +59,7 @@ class ContentSecurityPolicyManager implements IContentSecurityPolicyManager {
$this->dispatcher->dispatch(AddContentSecurityPolicyEvent::class, $event);
$defaultPolicy = new \OC\Security\CSP\ContentSecurityPolicy();
- foreach($this->policies as $policy) {
+ foreach ($this->policies as $policy) {
$defaultPolicy = $this->mergePolicies($defaultPolicy, $policy);
}
return $defaultPolicy;
@@ -74,9 +74,9 @@ class ContentSecurityPolicyManager implements IContentSecurityPolicyManager {
*/
public function mergePolicies(ContentSecurityPolicy $defaultPolicy,
EmptyContentSecurityPolicy $originalPolicy): ContentSecurityPolicy {
- foreach((object)(array)$originalPolicy as $name => $value) {
+ foreach ((object)(array)$originalPolicy as $name => $value) {
$setter = 'set'.ucfirst($name);
- if(\is_array($value)) {
+ if (\is_array($value)) {
$getter = 'get'.ucfirst($name);
$currentValues = \is_array($defaultPolicy->$getter()) ? $defaultPolicy->$getter() : [];
$defaultPolicy->$setter(array_values(array_unique(array_merge($currentValues, $value))));
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
index 9dec2907b2f..06f8faece13 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
@@ -61,7 +61,7 @@ class ContentSecurityPolicyNonceManager {
* @return string
*/
public function getNonce(): string {
- if($this->nonce === '') {
+ if ($this->nonce === '') {
if (empty($this->request->server['CSP_NONCE'])) {
$this->nonce = base64_encode($this->csrfTokenManager->getToken()->getEncryptedValue());
} else {
@@ -86,7 +86,7 @@ class ContentSecurityPolicyNonceManager {
'/^Mozilla\/5\.0 \([^)]+\) AppleWebKit\/[0-9.]+ \(KHTML, like Gecko\) Version\/(?:1[2-9]|[2-9][0-9])\.[0-9]+(?:\.[0-9]+)? Safari\/[0-9.A-Z]+$/',
];
- if($this->request->isUserAgent($browserWhitelist)) {
+ if ($this->request->isUserAgent($browserWhitelist)) {
return true;
}
diff --git a/lib/private/Security/CSRF/CsrfToken.php b/lib/private/Security/CSRF/CsrfToken.php
index 9b6b249e20f..a0ecdbd1008 100644
--- a/lib/private/Security/CSRF/CsrfToken.php
+++ b/lib/private/Security/CSRF/CsrfToken.php
@@ -55,7 +55,7 @@ class CsrfToken {
* @return string
*/
public function getEncryptedValue(): string {
- if($this->encryptedValue === '') {
+ if ($this->encryptedValue === '') {
$sharedSecret = random_bytes(\strlen($this->value));
$this->encryptedValue = base64_encode($this->value ^ $sharedSecret) . ':' . base64_encode($sharedSecret);
}
diff --git a/lib/private/Security/CSRF/CsrfTokenManager.php b/lib/private/Security/CSRF/CsrfTokenManager.php
index 8314639e8ef..2f64aeb24f4 100644
--- a/lib/private/Security/CSRF/CsrfTokenManager.php
+++ b/lib/private/Security/CSRF/CsrfTokenManager.php
@@ -57,11 +57,11 @@ class CsrfTokenManager {
* @return CsrfToken
*/
public function getToken(): CsrfToken {
- if(!\is_null($this->csrfToken)) {
+ if (!\is_null($this->csrfToken)) {
return $this->csrfToken;
}
- if($this->sessionStorage->hasToken()) {
+ if ($this->sessionStorage->hasToken()) {
$value = $this->sessionStorage->getToken();
} else {
$value = $this->tokenGenerator->generateToken();
@@ -99,7 +99,7 @@ class CsrfTokenManager {
* @return bool
*/
public function isTokenValid(CsrfToken $token): bool {
- if(!$this->sessionStorage->hasToken()) {
+ if (!$this->sessionStorage->hasToken()) {
return false;
}
diff --git a/lib/private/Security/CSRF/TokenStorage/SessionStorage.php b/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
index d73c8d94206..34adc566bf7 100644
--- a/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
+++ b/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
@@ -60,7 +60,7 @@ class SessionStorage {
*/
public function getToken(): string {
$token = $this->session->get('requesttoken');
- if(empty($token)) {
+ if (empty($token)) {
throw new \Exception('Session does not contain a requesttoken');
}
diff --git a/lib/private/Security/Certificate.php b/lib/private/Security/Certificate.php
index 5e6c425dbf7..cc4baeaa658 100644
--- a/lib/private/Security/Certificate.php
+++ b/lib/private/Security/Certificate.php
@@ -54,12 +54,12 @@ class Certificate implements ICertificate {
// If string starts with "file://" ignore the certificate
$query = 'file://';
- if(strtolower(substr($data, 0, strlen($query))) === $query) {
+ if (strtolower(substr($data, 0, strlen($query))) === $query) {
throw new \Exception('Certificate could not get parsed.');
}
$info = openssl_x509_parse($data);
- if(!is_array($info)) {
+ if (!is_array($info)) {
throw new \Exception('Certificate could not get parsed.');
}
diff --git a/lib/private/Security/CertificateManager.php b/lib/private/Security/CertificateManager.php
index 86df38625e0..e69132ff4df 100644
--- a/lib/private/Security/CertificateManager.php
+++ b/lib/private/Security/CertificateManager.php
@@ -87,7 +87,6 @@ class CertificateManager implements ICertificateManager {
* @return \OCP\ICertificate[]
*/
public function listCertificates() {
-
if (!$this->config->getSystemValue('installed', false)) {
return [];
}
@@ -187,7 +186,6 @@ class CertificateManager implements ICertificateManager {
} catch (\Exception $e) {
throw $e;
}
-
}
/**
@@ -287,5 +285,4 @@ class CertificateManager implements ICertificateManager {
protected function getFilemtimeOfCaBundle() {
return filemtime(\OC::$SERVERROOT . '/resources/config/ca-bundle.crt');
}
-
}
diff --git a/lib/private/Security/CredentialsManager.php b/lib/private/Security/CredentialsManager.php
index 0120f69e431..ab06a807613 100644
--- a/lib/private/Security/CredentialsManager.php
+++ b/lib/private/Security/CredentialsManager.php
@@ -33,7 +33,6 @@ use OCP\Security\ICrypto;
* @package OC\Security
*/
class CredentialsManager implements ICredentialsManager {
-
const DB_TABLE = 'credentials';
/** @var ICrypto */
@@ -122,5 +121,4 @@ class CredentialsManager implements ICredentialsManager {
;
return $qb->execute();
}
-
}
diff --git a/lib/private/Security/Crypto.php b/lib/private/Security/Crypto.php
index ca17b6e2b8a..19258d2018e 100644
--- a/lib/private/Security/Crypto.php
+++ b/lib/private/Security/Crypto.php
@@ -70,7 +70,7 @@ class Crypto implements ICrypto {
* @return string Calculated HMAC
*/
public function calculateHMAC(string $message, string $password = ''): string {
- if($password === '') {
+ if ($password === '') {
$password = $this->config->getSystemValue('secret');
}
@@ -89,7 +89,7 @@ class Crypto implements ICrypto {
* @return string Authenticated ciphertext
*/
public function encrypt(string $plaintext, string $password = ''): string {
- if($password === '') {
+ if ($password === '') {
$password = $this->config->getSystemValue('secret');
}
$this->cipher->setPassword($password);
@@ -139,5 +139,4 @@ class Crypto implements ICrypto {
return $result;
}
-
}
diff --git a/lib/private/Security/FeaturePolicy/FeaturePolicy.php b/lib/private/Security/FeaturePolicy/FeaturePolicy.php
index b59d873b533..93556708789 100644
--- a/lib/private/Security/FeaturePolicy/FeaturePolicy.php
+++ b/lib/private/Security/FeaturePolicy/FeaturePolicy.php
@@ -27,7 +27,6 @@ declare(strict_types=1);
namespace OC\Security\FeaturePolicy;
class FeaturePolicy extends \OCP\AppFramework\Http\FeaturePolicy {
-
public function getAutoplayDomains(): array {
return $this->autoplayDomains;
}
diff --git a/lib/private/Security/Hasher.php b/lib/private/Security/Hasher.php
index 9850dbe1467..8c081414353 100644
--- a/lib/private/Security/Hasher.php
+++ b/lib/private/Security/Hasher.php
@@ -79,7 +79,7 @@ class Hasher implements IHasher {
}
$hashingCost = $this->config->getSystemValue('hashingCost', null);
- if(!\is_null($hashingCost)) {
+ if (!\is_null($hashingCost)) {
$this->options['cost'] = $hashingCost;
}
}
@@ -113,8 +113,8 @@ class Hasher implements IHasher {
*/
protected function splitHash(string $prefixedHash) {
$explodedString = explode('|', $prefixedHash, 2);
- if(\count($explodedString) === 2) {
- if((int)$explodedString[0] > 0) {
+ if (\count($explodedString) === 2) {
+ if ((int)$explodedString[0] > 0) {
return ['version' => (int)$explodedString[0], 'hash' => $explodedString[1]];
}
}
@@ -130,13 +130,13 @@ class Hasher implements IHasher {
* @return bool Whether $hash is a valid hash of $message
*/
protected function legacyHashVerify($message, $hash, &$newHash = null): bool {
- if(empty($this->legacySalt)) {
+ if (empty($this->legacySalt)) {
$this->legacySalt = $this->config->getSystemValue('passwordsalt', '');
}
// Verify whether it matches a legacy PHPass or SHA1 string
$hashLength = \strlen($hash);
- if(($hashLength === 60 && password_verify($message.$this->legacySalt, $hash)) ||
+ if (($hashLength === 60 && password_verify($message.$this->legacySalt, $hash)) ||
($hashLength === 40 && hash_equals($hash, sha1($message)))) {
$newHash = $this->hash($message);
return true;
@@ -155,7 +155,7 @@ class Hasher implements IHasher {
* @return bool Whether $hash is a valid hash of $message
*/
protected function verifyHash(string $message, string $hash, &$newHash = null): bool {
- if(password_verify($message, $hash)) {
+ if (password_verify($message, $hash)) {
if ($this->needsRehash($hash)) {
$newHash = $this->hash($message);
}
@@ -174,7 +174,7 @@ class Hasher implements IHasher {
public function verify(string $message, string $hash, &$newHash = null): bool {
$splittedHash = $this->splitHash($hash);
- if(isset($splittedHash['version'])) {
+ if (isset($splittedHash['version'])) {
switch ($splittedHash['version']) {
case 3:
case 2:
@@ -211,5 +211,4 @@ class Hasher implements IHasher {
return $default;
}
-
}
diff --git a/lib/private/Security/IdentityProof/Manager.php b/lib/private/Security/IdentityProof/Manager.php
index 2c101769f18..abbda2f11eb 100644
--- a/lib/private/Security/IdentityProof/Manager.php
+++ b/lib/private/Security/IdentityProof/Manager.php
@@ -104,7 +104,8 @@ class Manager {
// Write the private and public key to the disk
try {
$this->appData->newFolder($id);
- } catch (\Exception $e) {}
+ } catch (\Exception $e) {
+ }
$folder = $this->appData->getFolder($id);
$folder->newFile('private')
->putContent($this->crypto->encrypt($privateKey));
@@ -167,6 +168,4 @@ class Manager {
}
$this->logger->critical('Something is wrong with your openssl setup: ' . implode(', ', $errors));
}
-
-
}
diff --git a/lib/private/Security/IdentityProof/Signer.php b/lib/private/Security/IdentityProof/Signer.php
index c5410397a27..9f6b27d358f 100644
--- a/lib/private/Security/IdentityProof/Signer.php
+++ b/lib/private/Security/IdentityProof/Signer.php
@@ -83,7 +83,7 @@ class Signer {
* @return bool
*/
public function verify(array $data): bool {
- if(isset($data['message'])
+ if (isset($data['message'])
&& isset($data['signature'])
&& isset($data['message']['signer'])
) {
@@ -91,7 +91,7 @@ class Signer {
$userId = substr($data['message']['signer'], 0, $location);
$user = $this->userManager->get($userId);
- if($user !== null) {
+ if ($user !== null) {
$key = $this->keyManager->getKey($user);
return (bool)openssl_verify(
json_encode($data['message']),
diff --git a/lib/private/Security/RateLimiting/Backend/MemoryCache.php b/lib/private/Security/RateLimiting/Backend/MemoryCache.php
index 2d4ff9812f5..ce8bacfb588 100644
--- a/lib/private/Security/RateLimiting/Backend/MemoryCache.php
+++ b/lib/private/Security/RateLimiting/Backend/MemoryCache.php
@@ -75,7 +75,7 @@ class MemoryCache implements IBackend {
}
$cachedAttempts = json_decode($cachedAttempts, true);
- if(\is_array($cachedAttempts)) {
+ if (\is_array($cachedAttempts)) {
return $cachedAttempts;
}
@@ -95,7 +95,7 @@ class MemoryCache implements IBackend {
$currentTime = $this->timeFactory->getTime();
/** @var array $existingAttempts */
foreach ($existingAttempts as $attempt) {
- if(($attempt + $seconds) > $currentTime) {
+ if (($attempt + $seconds) > $currentTime) {
$count++;
}
}
@@ -115,7 +115,7 @@ class MemoryCache implements IBackend {
// Unset all attempts older than $period
foreach ($existingAttempts as $key => $attempt) {
- if(($attempt + $period) < $currentTime) {
+ if (($attempt + $period) < $currentTime) {
unset($existingAttempts[$key]);
}
}
diff --git a/lib/private/Security/SecureRandom.php b/lib/private/Security/SecureRandom.php
index 0e3411f8ab6..4826399ff5b 100644
--- a/lib/private/Security/SecureRandom.php
+++ b/lib/private/Security/SecureRandom.php
@@ -51,7 +51,7 @@ class SecureRandom implements ISecureRandom {
$maxCharIndex = \strlen($characters) - 1;
$randomString = '';
- while($length > 0) {
+ while ($length > 0) {
$randomNumber = \random_int(0, $maxCharIndex);
$randomString .= $characters[$randomNumber];
$length--;
diff --git a/lib/private/Security/TrustedDomainHelper.php b/lib/private/Security/TrustedDomainHelper.php
index c1789da6ad7..320646e1b7f 100644
--- a/lib/private/Security/TrustedDomainHelper.php
+++ b/lib/private/Security/TrustedDomainHelper.php
@@ -98,7 +98,9 @@ class TrustedDomainHelper {
if (gettype($trusted) !== 'string') {
break;
}
- $regex = '/^' . implode('[-\.a-zA-Z0-9]*', array_map(function ($v) { return preg_quote($v, '/'); }, explode('*', $trusted))) . '$/i';
+ $regex = '/^' . implode('[-\.a-zA-Z0-9]*', array_map(function ($v) {
+ return preg_quote($v, '/');
+ }, explode('*', $trusted))) . '$/i';
if (preg_match($regex, $domain) || preg_match($regex, $domainWithPort)) {
return true;
}