summaryrefslogtreecommitdiffstats
path: root/build
Commit message (Collapse)AuthorAgeFilesLines
* Update psalm baselineNextcloud-PR-Bot2020-12-011-21/+2
| | | | Signed-off-by: GitHub <noreply@github.com>
* Update psalm baselineNextcloud-PR-Bot2020-11-291-3/+0
| | | | Signed-off-by: GitHub <noreply@github.com>
* Update psalm baselineNextcloud-PR-Bot2020-11-241-6/+1
| | | | Signed-off-by: GitHub <noreply@github.com>
* Add Psalm Taint Flow AnalysisLukas Reschke2020-11-201-0/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the Psalm Security Analysis, as described at https://psalm.dev/docs/security_analysis/ It also adds a plugin for adding input into AppFramework. The results can be viewed in the GitHub Security tab at https://github.com/nextcloud/server/security/code-scanning **Q&A:** Q: Why do you not use the shipped Psalm version? A: I do a lot of changes to the Psalm Taint behaviour. Using released versions is not gonna get us the results we want. Q: How do I improve false positives? A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/ Q: How do I add custom sources? A: https://psalm.dev/docs/security_analysis/custom_taint_sources/ Q: We should run this on apps! A: Yes. Q: What will change in Psalm? A: Quite some of the PHP core functions are not yet marked to propagate the taint. This leads to results where the taint flow is lost. That's something that I am currently working on. Q: Why is the plugin MIT licensed? A: Because its the first of its kind (based on GitHub Code Search) and I want other people to copy it if they want to. Security is for all :) Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Bump vimeo/psalm from 4.1.1 to 4.2.0dependabot-preview[bot]2020-11-201-117/+28
| | | | | | | | | Bumps [vimeo/psalm](https://github.com/vimeo/psalm) from 4.1.1 to 4.2.0. - [Release notes](https://github.com/vimeo/psalm/releases) - [Commits](https://github.com/vimeo/psalm/compare/4.1.1...4.2.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Set frame-ancestors to none if none are filledRoeland Jago Douma2020-11-181-1/+1
| | | | | | | | frame-ancestors doesn't fall back to default-src. So when we apply a very restricted CSP we should make sure to set it to 'none' and not leave it empty. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update psalm baselineNextcloud-PR-Bot2020-11-171-1/+1
| | | | Signed-off-by: GitHub <noreply@github.com>
* Merge pull request #24069 from nextcloud/fix-default-internal-expiration-dateRoeland Jago Douma2020-11-166-18/+143
|\ | | | | Fix default internal expiration date
| * Add integration tests for creating shares with default expiration datesDaniel Calviño Sánchez2020-11-162-0/+112
| | | | | | | | Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
| * Reset app configs by deleting the values instead of setting the defaultsDaniel Calviño Sánchez2020-11-165-18/+31
| | | | | | | | | | | | | | | | This avoids the need to keep the default values in the integration tests in sync with the code, and also makes possible to reset values with "dynamic" defaults (defaults that depend on other values). Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
* | Update psalm baselineNextcloud-PR-Bot2020-11-141-4/+0
| | | | | | | | Signed-off-by: GitHub <noreply@github.com>
* | Update psalm baselineNextcloud-PR-Bot2020-11-131-9/+0
|/ | | | Signed-off-by: GitHub <noreply@github.com>
* Merge pull request #23882 from nextcloud/tests/oracleJoas Schilling2020-11-111-5/+19
|\ | | | | Run unit tests against oracle
| * Update baseline, I'm sorryJoas Schilling2020-11-101-5/+19
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Add integration tests for default share permissionsDaniel Calviño Sánchez2020-11-112-0/+35
|/ | | | Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
* Update psalm baselineNextcloud-PR-Bot2020-11-101-3/+0
| | | | Signed-off-by: GitHub <noreply@github.com>
* Merge pull request #23967 from ↵Roeland Jago Douma2020-11-091-1/+1
|\ | | | | | | | | nextcloud/dependabot/composer/build/integration/behat/behat-approx-3.8.0 Update behat/behat requirement from ~3.7.0 to ~3.8.0 in /build/integration
| * Update behat/behat requirement in /build/integrationdependabot-preview[bot]2020-11-071-1/+1
| | | | | | | | | | | | | | | | Updates the requirements on [behat/behat](https://github.com/Behat/Behat) to permit the latest version. - [Release notes](https://github.com/Behat/Behat/releases) - [Changelog](https://github.com/Behat/Behat/blob/master/CHANGELOG.md) - [Commits](https://github.com/Behat/Behat/compare/v3.7.0...v3.8.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* | Update psalm baselineNextcloud-PR-Bot2020-11-081-6/+0
| | | | | | | | Signed-off-by: GitHub <noreply@github.com>
* | Update psalm baselineNextcloud-PR-Bot2020-11-071-5/+0
|/ | | | Signed-off-by: GitHub <noreply@github.com>
* Update psalm baselineNextcloud-PR-Bot2020-11-061-11/+1
| | | | Signed-off-by: GitHub <noreply@github.com>
* Check InvalidArgument psalm error into baseline - PHPDoc needs to be improvedMorris Jobke2020-11-051-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Update psalm baselineNextcloud-PR-Bot2020-11-041-24/+0
| | | | Signed-off-by: GitHub <noreply@github.com>
* Update psalm baselineNextcloud-PR-Bot2020-11-031-31/+3
| | | | Signed-off-by: GitHub <noreply@github.com>
* Update psalm-baseline.xmlMorris Jobke2020-11-021-0/+21
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Update psalm baselineMorris Jobke2020-10-301-35/+0
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Revert "[Automated] Update psalm-baseline.xml"Morris Jobke2020-10-301-0/+35
|
* Update psalm baselineNextcloud-PR-Bot2020-10-301-35/+0
| | | | Signed-off-by: GitHub <noreply@github.com>
* Fix the expected outputJoas Schilling2020-10-271-6/+6
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Simplify the function looking for outputJoas Schilling2020-10-271-27/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* This is not javascriptJoas Schilling2020-10-261-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix undefined variableJoas Schilling2020-10-261-2/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Update baselineDaniel Kesselberg2020-10-221-19/+52
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Update psalm baselineNextcloud-PR-Bot2020-10-211-1/+1
| | | | Signed-off-by: GitHub <noreply@github.com>
* Update psalm baselineNextcloud-PR-Bot2020-10-201-50/+4
| | | | Signed-off-by: GitHub <noreply@github.com>
* Update psalm baselineNextcloud-PR-Bot2020-10-161-27/+0
| | | | Signed-off-by: GitHub <noreply@github.com>
* Bump vimeo/psalm from 3.15 to 3.17.1Christoph Wurst2020-10-141-542/+482
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use own psalm instead of a global oneChristoph Wurst2020-10-131-9/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update psalm baselineNextcloud-PR-Bot2020-10-131-5/+0
| | | | Signed-off-by: GitHub <noreply@github.com>
* Update psalm baselineNextcloud-PR-Bot2020-10-111-6/+0
| | | | Signed-off-by: GitHub <noreply@github.com>
* Update psalm baselineNextcloud-PR-Bot2020-10-091-33/+0
| | | | Signed-off-by: GitHub <noreply@github.com>
* Update psalm baselineNextcloud-PR-Bot2020-10-071-222/+1
| | | | Signed-off-by: GitHub <noreply@github.com>
* Update psalm baselineNextcloud-PR-Bot2020-10-061-9/+3
| | | | Signed-off-by: GitHub <noreply@github.com>
* Merge pull request #22891 from ↵Morris Jobke2020-10-051-5/+0
|\ | | | | | | | | nextcloud/techdebt/18680/improve-ProvisioningApiMiddleware-service-logic Improve registerService logic for ProvisioningApiMiddleware for static code analysis
| * Update baselineMorris Jobke2020-09-161-5/+0
| | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Format code to a single space around binary operatorsChristoph Wurst2020-10-054-7/+7
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Bump jsdoc from 3.6.5 to 3.6.6 in /builddependabot-preview[bot]2020-09-262-4/+4
| | | | | | | | | | | | | | | | Bumps [jsdoc](https://github.com/jsdoc/jsdoc) from 3.6.5 to 3.6.6. - [Release notes](https://github.com/jsdoc/jsdoc/releases) - [Changelog](https://github.com/jsdoc/jsdoc/blob/3.6.6/CHANGES.md) - [Commits](https://github.com/jsdoc/jsdoc/compare/3.6.5...3.6.6) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* | Update psalm baselineNextcloud-PR-Bot2020-09-251-8/+0
| | | | | | | | Signed-off-by: GitHub <noreply@github.com>
* | Add integration tests to check that only the given path is transferredDaniel Calviño Sánchez2020-09-181-0/+51
| | | | | | | | | | | | | | | | | | | | | | | | Until recently (it was fixed in ac2999a26a) when a path was transferred other shares with the target user were removed, so a test was added to ensure that it does not happen again. Besides that a test to ensure that other files with the target user are not transferred was added too (it did not fail before, but seemed convenient to have that covered too :-) ). Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
* | Add integration tests for transferring files of a user with a risky nameDaniel Calviño Sánchez2020-09-183-1/+41
| | | | | | | | | | | | | | | | | | | | | | The files:transfer-ownership performs a sanitization of users with "risky" display names (including characters like "\" or "/"). In order to allow (escaped) double quotes in the display name the regular expression used in the "user XXX with displayname YYY exists" step had to be adjusted. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-25 09:29:27 +0000