| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
| |
|
|
|
|
|
|
|
|
| |
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.
As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.
The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
| |\
| |
| |
| |
| | |
nextcloud/enable-acceptance-tests-again-on-drone-0.7
Enable acceptance tests again on Drone 0.7
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Running the acceptance tests on Drone relied on the pod-style networking
used by services (service containers were available at 127.0.0.1 from
the build containers). However, in Drone 0.7 service and build
containers must be accessed from each other using their domain name
instead. Thus, acceptance tests had to be disabled on Drone.
Now that the acceptance test system supports setting a different domain
for the Selenium server and for the Nextcloud test server the acceptance
tests can be enabled again on Drone.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
|
| |/
|
|
|
|
| |
Previously this container used a very old CentOS version. It has been migrated to Debian Jessie now using the deb.sury.org repositories.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
| |
|
|
| |
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
| |
|
|
| |
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
| |
|
|
| |
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
| |
|
|
| |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |
|
|
| |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |
|
|
|
|
|
|
|
| |
Fix service container host name
check current folder
fix redis for integration test
Fix more hostnames
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |
|
|
| |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |\
| |
| | |
Check language files and database schema with app code checker
|
| | |
| |
| |
| | |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| |\ \
| |/
|/| |
Add redis cluster tests to our CI jobs
|
| | |
| |
| |
| | |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| | |
| |
| |
| | |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |/
|
|
| |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |\
| |
| |
| |
| | |
nextcloud/try-to-start-browser-sessions-again-when-they-fail-in-acceptance-tests
Try to start browser sessions again when they fail in acceptance tests
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Sometimes, acceptance tests run by Drone fail due to a timeout when
starting the web browser sessions. Increasing the timeout should
minimize the possibility of the failure happening, although it can not
guarantee that it will not happen. A timeout multiplier of 10 was set
just because it looks like a reasonable margin of time, although it is
not based on any hard data.
The timeout multiplier affects too the timeout used when finding
elements. Like when starting a session, increasing the find timeout
simply gives the acceptance tests more time to find the objects before
giving up, so it does not change their behaviour when successful and can
also prevent failures due to default timeouts being too low for a
strained system.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
|
| |\ \
| | |
| | | |
Split up sharing-v1-part2.feature to avoid timeouts
|
| | |/
| |
| |
| | |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |\ \
| | |
| | | |
Consolidate all the code checkers into one job
|
| | |/
| |
| |
| | |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |/
|
|
| |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |\
| |
| | |
Check whether we can json decode the translations
|
| | |
| |
| |
| | |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| | |
| |
| |
| | |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| |/
|
|
| |
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
|
| |
|
|
| |
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
|
| |
|
|
|
|
|
|
| |
As the script modifies the Git repository a safety parameter was added
to prevent running it by mistake and messing with the local copy of the
repository.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
|
| |
|
|
| |
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of running an additional Drone service with the Nextcloud server
now the Nextcloud server is run in the same Drone step as the acceptance
tests themselves using the PHP built-in web server.
Thanks to this, the Nextcloud server control is no longer needed, as the
acceptance tests can now directly reset, start and stop the Nextcloud
server. Also, the "nextcloudci/php7.0:php7.0-7" image provides
everything needed to run and manage the Nextcloud server (including the
Git command used to restore the directory to a saved state), so the
custom image is no longer needed either.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Each acceptance test feature is run in its own Drone step. The container
of the step runs the acceptance tests themselves, but they require two
additional Drone services. One service provides the Selenium server that
performs the web browser actions specified by the tests, and the other
service provides the Nextcloud server that the tests will be run
against (due to security concerns the acceptance tests themselves can
not create Docker containers for the Nextcloud server as done when
running them in a local system, as if Drone containers had access to
Docker a malicious pull request could be used to take over the Drone
server).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
|
| |
|
|
| |
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
| |
|
|
| |
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This allows adding rate limiting via annotations to controllers, as one example:
```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```
Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
| |
|
|
| |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |
|
|
| |
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
| |
|
|
| |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |\
| |
| | |
Bundle vendor js
|
| | |
| |
| |
| | |
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| | | |
|
| | |
| |
| |
| | |
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| |/
|
|
| |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| | |
|
| |
|
|
| |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |
|
|
|
|
| |
* fixes #3729
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |
|
|
| |
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
|
| |
|
|
| |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
