summaryrefslogtreecommitdiffstats
path: root/lib/private/Security
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/Security')
-rw-r--r--lib/private/Security/Bruteforce/Throttler.php11
-rw-r--r--lib/private/Security/CSP/ContentSecurityPolicy.php1
-rw-r--r--lib/private/Security/CSP/ContentSecurityPolicyManager.php6
-rw-r--r--lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php4
-rw-r--r--lib/private/Security/CSRF/CsrfToken.php2
-rw-r--r--lib/private/Security/CSRF/CsrfTokenManager.php6
-rw-r--r--lib/private/Security/CSRF/TokenStorage/SessionStorage.php2
-rw-r--r--lib/private/Security/Certificate.php4
-rw-r--r--lib/private/Security/CertificateManager.php3
-rw-r--r--lib/private/Security/CredentialsManager.php2
-rw-r--r--lib/private/Security/Crypto.php5
-rw-r--r--lib/private/Security/FeaturePolicy/FeaturePolicy.php1
-rw-r--r--lib/private/Security/Hasher.php15
-rw-r--r--lib/private/Security/IdentityProof/Manager.php5
-rw-r--r--lib/private/Security/IdentityProof/Signer.php4
-rw-r--r--lib/private/Security/RateLimiting/Backend/MemoryCache.php6
-rw-r--r--lib/private/Security/SecureRandom.php2
-rw-r--r--lib/private/Security/TrustedDomainHelper.php4
18 files changed, 37 insertions, 46 deletions
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php
index d8e06032ef1..c04e0e1b383 100644
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -100,7 +100,7 @@ class Throttler {
$ip,
array $metadata = []) {
// No need to log if the bruteforce protection is disabled
- if($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
+ if ($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
return;
}
@@ -126,7 +126,7 @@ class Throttler {
$qb = $this->db->getQueryBuilder();
$qb->insert('bruteforce_attempts');
- foreach($values as $column => $value) {
+ foreach ($values as $column => $value) {
$qb->setValue($column, $qb->createNamedParameter($value));
}
$qb->execute();
@@ -139,7 +139,7 @@ class Throttler {
* @return bool
*/
private function isIPWhitelisted($ip) {
- if($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
+ if ($this->config->getSystemValue('auth.bruteforce.protection.enabled', true) === false) {
return true;
}
@@ -175,7 +175,7 @@ class Throttler {
$addr = inet_pton($addr);
$valid = true;
- for($i = 0; $i < $mask; $i++) {
+ for ($i = 0; $i < $mask; $i++) {
$part = ord($addr[(int)($i/8)]);
$orig = ord($ip[(int)($i/8)]);
@@ -196,7 +196,6 @@ class Throttler {
}
return false;
-
}
/**
@@ -234,7 +233,7 @@ class Throttler {
$maxDelay = 25;
$firstDelay = 0.1;
- if ($attempts > (8 * PHP_INT_SIZE - 1)) {
+ if ($attempts > (8 * PHP_INT_SIZE - 1)) {
// Don't ever overflow. Just assume the maxDelay time:s
$firstDelay = $maxDelay;
} else {
diff --git a/lib/private/Security/CSP/ContentSecurityPolicy.php b/lib/private/Security/CSP/ContentSecurityPolicy.php
index 4db1314e782..4d41bd56206 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicy.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicy.php
@@ -245,5 +245,4 @@ class ContentSecurityPolicy extends \OCP\AppFramework\Http\ContentSecurityPolicy
public function setReportTo(array $reportTo) {
$this->reportTo = $reportTo;
}
-
}
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyManager.php b/lib/private/Security/CSP/ContentSecurityPolicyManager.php
index 9f1a480ccce..4245fdcb2de 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyManager.php
@@ -59,7 +59,7 @@ class ContentSecurityPolicyManager implements IContentSecurityPolicyManager {
$this->dispatcher->dispatch(AddContentSecurityPolicyEvent::class, $event);
$defaultPolicy = new \OC\Security\CSP\ContentSecurityPolicy();
- foreach($this->policies as $policy) {
+ foreach ($this->policies as $policy) {
$defaultPolicy = $this->mergePolicies($defaultPolicy, $policy);
}
return $defaultPolicy;
@@ -74,9 +74,9 @@ class ContentSecurityPolicyManager implements IContentSecurityPolicyManager {
*/
public function mergePolicies(ContentSecurityPolicy $defaultPolicy,
EmptyContentSecurityPolicy $originalPolicy): ContentSecurityPolicy {
- foreach((object)(array)$originalPolicy as $name => $value) {
+ foreach ((object)(array)$originalPolicy as $name => $value) {
$setter = 'set'.ucfirst($name);
- if(\is_array($value)) {
+ if (\is_array($value)) {
$getter = 'get'.ucfirst($name);
$currentValues = \is_array($defaultPolicy->$getter()) ? $defaultPolicy->$getter() : [];
$defaultPolicy->$setter(array_values(array_unique(array_merge($currentValues, $value))));
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
index 9dec2907b2f..06f8faece13 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
@@ -61,7 +61,7 @@ class ContentSecurityPolicyNonceManager {
* @return string
*/
public function getNonce(): string {
- if($this->nonce === '') {
+ if ($this->nonce === '') {
if (empty($this->request->server['CSP_NONCE'])) {
$this->nonce = base64_encode($this->csrfTokenManager->getToken()->getEncryptedValue());
} else {
@@ -86,7 +86,7 @@ class ContentSecurityPolicyNonceManager {
'/^Mozilla\/5\.0 \([^)]+\) AppleWebKit\/[0-9.]+ \(KHTML, like Gecko\) Version\/(?:1[2-9]|[2-9][0-9])\.[0-9]+(?:\.[0-9]+)? Safari\/[0-9.A-Z]+$/',
];
- if($this->request->isUserAgent($browserWhitelist)) {
+ if ($this->request->isUserAgent($browserWhitelist)) {
return true;
}
diff --git a/lib/private/Security/CSRF/CsrfToken.php b/lib/private/Security/CSRF/CsrfToken.php
index 9b6b249e20f..a0ecdbd1008 100644
--- a/lib/private/Security/CSRF/CsrfToken.php
+++ b/lib/private/Security/CSRF/CsrfToken.php
@@ -55,7 +55,7 @@ class CsrfToken {
* @return string
*/
public function getEncryptedValue(): string {
- if($this->encryptedValue === '') {
+ if ($this->encryptedValue === '') {
$sharedSecret = random_bytes(\strlen($this->value));
$this->encryptedValue = base64_encode($this->value ^ $sharedSecret) . ':' . base64_encode($sharedSecret);
}
diff --git a/lib/private/Security/CSRF/CsrfTokenManager.php b/lib/private/Security/CSRF/CsrfTokenManager.php
index 8314639e8ef..2f64aeb24f4 100644
--- a/lib/private/Security/CSRF/CsrfTokenManager.php
+++ b/lib/private/Security/CSRF/CsrfTokenManager.php
@@ -57,11 +57,11 @@ class CsrfTokenManager {
* @return CsrfToken
*/
public function getToken(): CsrfToken {
- if(!\is_null($this->csrfToken)) {
+ if (!\is_null($this->csrfToken)) {
return $this->csrfToken;
}
- if($this->sessionStorage->hasToken()) {
+ if ($this->sessionStorage->hasToken()) {
$value = $this->sessionStorage->getToken();
} else {
$value = $this->tokenGenerator->generateToken();
@@ -99,7 +99,7 @@ class CsrfTokenManager {
* @return bool
*/
public function isTokenValid(CsrfToken $token): bool {
- if(!$this->sessionStorage->hasToken()) {
+ if (!$this->sessionStorage->hasToken()) {
return false;
}
diff --git a/lib/private/Security/CSRF/TokenStorage/SessionStorage.php b/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
index d73c8d94206..34adc566bf7 100644
--- a/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
+++ b/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
@@ -60,7 +60,7 @@ class SessionStorage {
*/
public function getToken(): string {
$token = $this->session->get('requesttoken');
- if(empty($token)) {
+ if (empty($token)) {
throw new \Exception('Session does not contain a requesttoken');
}
diff --git a/lib/private/Security/Certificate.php b/lib/private/Security/Certificate.php
index 5e6c425dbf7..cc4baeaa658 100644
--- a/lib/private/Security/Certificate.php
+++ b/lib/private/Security/Certificate.php
@@ -54,12 +54,12 @@ class Certificate implements ICertificate {
// If string starts with "file://" ignore the certificate
$query = 'file://';
- if(strtolower(substr($data, 0, strlen($query))) === $query) {
+ if (strtolower(substr($data, 0, strlen($query))) === $query) {
throw new \Exception('Certificate could not get parsed.');
}
$info = openssl_x509_parse($data);
- if(!is_array($info)) {
+ if (!is_array($info)) {
throw new \Exception('Certificate could not get parsed.');
}
diff --git a/lib/private/Security/CertificateManager.php b/lib/private/Security/CertificateManager.php
index 86df38625e0..e69132ff4df 100644
--- a/lib/private/Security/CertificateManager.php
+++ b/lib/private/Security/CertificateManager.php
@@ -87,7 +87,6 @@ class CertificateManager implements ICertificateManager {
* @return \OCP\ICertificate[]
*/
public function listCertificates() {
-
if (!$this->config->getSystemValue('installed', false)) {
return [];
}
@@ -187,7 +186,6 @@ class CertificateManager implements ICertificateManager {
} catch (\Exception $e) {
throw $e;
}
-
}
/**
@@ -287,5 +285,4 @@ class CertificateManager implements ICertificateManager {
protected function getFilemtimeOfCaBundle() {
return filemtime(\OC::$SERVERROOT . '/resources/config/ca-bundle.crt');
}
-
}
diff --git a/lib/private/Security/CredentialsManager.php b/lib/private/Security/CredentialsManager.php
index 0120f69e431..ab06a807613 100644
--- a/lib/private/Security/CredentialsManager.php
+++ b/lib/private/Security/CredentialsManager.php
@@ -33,7 +33,6 @@ use OCP\Security\ICrypto;
* @package OC\Security
*/
class CredentialsManager implements ICredentialsManager {
-
const DB_TABLE = 'credentials';
/** @var ICrypto */
@@ -122,5 +121,4 @@ class CredentialsManager implements ICredentialsManager {
;
return $qb->execute();
}
-
}
diff --git a/lib/private/Security/Crypto.php b/lib/private/Security/Crypto.php
index ca17b6e2b8a..19258d2018e 100644
--- a/lib/private/Security/Crypto.php
+++ b/lib/private/Security/Crypto.php
@@ -70,7 +70,7 @@ class Crypto implements ICrypto {
* @return string Calculated HMAC
*/
public function calculateHMAC(string $message, string $password = ''): string {
- if($password === '') {
+ if ($password === '') {
$password = $this->config->getSystemValue('secret');
}
@@ -89,7 +89,7 @@ class Crypto implements ICrypto {
* @return string Authenticated ciphertext
*/
public function encrypt(string $plaintext, string $password = ''): string {
- if($password === '') {
+ if ($password === '') {
$password = $this->config->getSystemValue('secret');
}
$this->cipher->setPassword($password);
@@ -139,5 +139,4 @@ class Crypto implements ICrypto {
return $result;
}
-
}
diff --git a/lib/private/Security/FeaturePolicy/FeaturePolicy.php b/lib/private/Security/FeaturePolicy/FeaturePolicy.php
index b59d873b533..93556708789 100644
--- a/lib/private/Security/FeaturePolicy/FeaturePolicy.php
+++ b/lib/private/Security/FeaturePolicy/FeaturePolicy.php
@@ -27,7 +27,6 @@ declare(strict_types=1);
namespace OC\Security\FeaturePolicy;
class FeaturePolicy extends \OCP\AppFramework\Http\FeaturePolicy {
-
public function getAutoplayDomains(): array {
return $this->autoplayDomains;
}
diff --git a/lib/private/Security/Hasher.php b/lib/private/Security/Hasher.php
index 9850dbe1467..8c081414353 100644
--- a/lib/private/Security/Hasher.php
+++ b/lib/private/Security/Hasher.php
@@ -79,7 +79,7 @@ class Hasher implements IHasher {
}
$hashingCost = $this->config->getSystemValue('hashingCost', null);
- if(!\is_null($hashingCost)) {
+ if (!\is_null($hashingCost)) {
$this->options['cost'] = $hashingCost;
}
}
@@ -113,8 +113,8 @@ class Hasher implements IHasher {
*/
protected function splitHash(string $prefixedHash) {
$explodedString = explode('|', $prefixedHash, 2);
- if(\count($explodedString) === 2) {
- if((int)$explodedString[0] > 0) {
+ if (\count($explodedString) === 2) {
+ if ((int)$explodedString[0] > 0) {
return ['version' => (int)$explodedString[0], 'hash' => $explodedString[1]];
}
}
@@ -130,13 +130,13 @@ class Hasher implements IHasher {
* @return bool Whether $hash is a valid hash of $message
*/
protected function legacyHashVerify($message, $hash, &$newHash = null): bool {
- if(empty($this->legacySalt)) {
+ if (empty($this->legacySalt)) {
$this->legacySalt = $this->config->getSystemValue('passwordsalt', '');
}
// Verify whether it matches a legacy PHPass or SHA1 string
$hashLength = \strlen($hash);
- if(($hashLength === 60 && password_verify($message.$this->legacySalt, $hash)) ||
+ if (($hashLength === 60 && password_verify($message.$this->legacySalt, $hash)) ||
($hashLength === 40 && hash_equals($hash, sha1($message)))) {
$newHash = $this->hash($message);
return true;
@@ -155,7 +155,7 @@ class Hasher implements IHasher {
* @return bool Whether $hash is a valid hash of $message
*/
protected function verifyHash(string $message, string $hash, &$newHash = null): bool {
- if(password_verify($message, $hash)) {
+ if (password_verify($message, $hash)) {
if ($this->needsRehash($hash)) {
$newHash = $this->hash($message);
}
@@ -174,7 +174,7 @@ class Hasher implements IHasher {
public function verify(string $message, string $hash, &$newHash = null): bool {
$splittedHash = $this->splitHash($hash);
- if(isset($splittedHash['version'])) {
+ if (isset($splittedHash['version'])) {
switch ($splittedHash['version']) {
case 3:
case 2:
@@ -211,5 +211,4 @@ class Hasher implements IHasher {
return $default;
}
-
}
diff --git a/lib/private/Security/IdentityProof/Manager.php b/lib/private/Security/IdentityProof/Manager.php
index 2c101769f18..abbda2f11eb 100644
--- a/lib/private/Security/IdentityProof/Manager.php
+++ b/lib/private/Security/IdentityProof/Manager.php
@@ -104,7 +104,8 @@ class Manager {
// Write the private and public key to the disk
try {
$this->appData->newFolder($id);
- } catch (\Exception $e) {}
+ } catch (\Exception $e) {
+ }
$folder = $this->appData->getFolder($id);
$folder->newFile('private')
->putContent($this->crypto->encrypt($privateKey));
@@ -167,6 +168,4 @@ class Manager {
}
$this->logger->critical('Something is wrong with your openssl setup: ' . implode(', ', $errors));
}
-
-
}
diff --git a/lib/private/Security/IdentityProof/Signer.php b/lib/private/Security/IdentityProof/Signer.php
index c5410397a27..9f6b27d358f 100644
--- a/lib/private/Security/IdentityProof/Signer.php
+++ b/lib/private/Security/IdentityProof/Signer.php
@@ -83,7 +83,7 @@ class Signer {
* @return bool
*/
public function verify(array $data): bool {
- if(isset($data['message'])
+ if (isset($data['message'])
&& isset($data['signature'])
&& isset($data['message']['signer'])
) {
@@ -91,7 +91,7 @@ class Signer {
$userId = substr($data['message']['signer'], 0, $location);
$user = $this->userManager->get($userId);
- if($user !== null) {
+ if ($user !== null) {
$key = $this->keyManager->getKey($user);
return (bool)openssl_verify(
json_encode($data['message']),
diff --git a/lib/private/Security/RateLimiting/Backend/MemoryCache.php b/lib/private/Security/RateLimiting/Backend/MemoryCache.php
index 2d4ff9812f5..ce8bacfb588 100644
--- a/lib/private/Security/RateLimiting/Backend/MemoryCache.php
+++ b/lib/private/Security/RateLimiting/Backend/MemoryCache.php
@@ -75,7 +75,7 @@ class MemoryCache implements IBackend {
}
$cachedAttempts = json_decode($cachedAttempts, true);
- if(\is_array($cachedAttempts)) {
+ if (\is_array($cachedAttempts)) {
return $cachedAttempts;
}
@@ -95,7 +95,7 @@ class MemoryCache implements IBackend {
$currentTime = $this->timeFactory->getTime();
/** @var array $existingAttempts */
foreach ($existingAttempts as $attempt) {
- if(($attempt + $seconds) > $currentTime) {
+ if (($attempt + $seconds) > $currentTime) {
$count++;
}
}
@@ -115,7 +115,7 @@ class MemoryCache implements IBackend {
// Unset all attempts older than $period
foreach ($existingAttempts as $key => $attempt) {
- if(($attempt + $period) < $currentTime) {
+ if (($attempt + $period) < $currentTime) {
unset($existingAttempts[$key]);
}
}
diff --git a/lib/private/Security/SecureRandom.php b/lib/private/Security/SecureRandom.php
index 0e3411f8ab6..4826399ff5b 100644
--- a/lib/private/Security/SecureRandom.php
+++ b/lib/private/Security/SecureRandom.php
@@ -51,7 +51,7 @@ class SecureRandom implements ISecureRandom {
$maxCharIndex = \strlen($characters) - 1;
$randomString = '';
- while($length > 0) {
+ while ($length > 0) {
$randomNumber = \random_int(0, $maxCharIndex);
$randomString .= $characters[$randomNumber];
$length--;
diff --git a/lib/private/Security/TrustedDomainHelper.php b/lib/private/Security/TrustedDomainHelper.php
index c1789da6ad7..320646e1b7f 100644
--- a/lib/private/Security/TrustedDomainHelper.php
+++ b/lib/private/Security/TrustedDomainHelper.php
@@ -98,7 +98,9 @@ class TrustedDomainHelper {
if (gettype($trusted) !== 'string') {
break;
}
- $regex = '/^' . implode('[-\.a-zA-Z0-9]*', array_map(function ($v) { return preg_quote($v, '/'); }, explode('*', $trusted))) . '$/i';
+ $regex = '/^' . implode('[-\.a-zA-Z0-9]*', array_map(function ($v) {
+ return preg_quote($v, '/');
+ }, explode('*', $trusted))) . '$/i';
if (preg_match($regex, $domain) || preg_match($regex, $domainWithPort)) {
return true;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-09 19:57:49 +0000