summaryrefslogtreecommitdiffstats
path: root/lib/private/Security
Commit message (Collapse)AuthorAgeFilesLines
* Add CSP frame-ancestors supportThomas Citharel2017-09-151-0/+14
| | | | | | Didn't set the @since annotation yet. Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* add prefix to user and system keys to avoid name collisionsBjoern Schiessle2017-08-101-2/+3
| | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* extend the identity proof manager to allow system wide key pairsBjoern Schiessle2017-08-101-11/+44
| | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* null is a valid parameterLukas Reschke2017-08-011-2/+2
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Replace wrong PHPDocsLukas Reschke2017-08-011-1/+1
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* More phpstorm inspection fixesRoeland Jago Douma2017-07-243-6/+6
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add Phan plugin to check for SQL injectionsLukas Reschke2017-07-201-0/+1
| | | | | | | | | | This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues. As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections. The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add bruteforce capabilitiesRoeland Jago Douma2017-07-131-0/+52
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Write cert bundle to tmp file firstRoeland Jago Douma2017-07-121-3/+16
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Automatic creation of Identity managerJoas Schilling2017-05-101-3/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Do not write and read rootcerts.crt at the same timeRoeland Jago Douma2017-05-091-2/+3
| | | | | | | | | | | | | | | | | (Possibly) fixes #3470 When updating the main file /files_external/rootcerts.crt we should not read from /files_external/rootcerts.crt at the same time. For 2 reasons: writing to a file and reading from it at the same time can have non deterministic results And we don't want all the certificates to appear 2 times in there. This isn't caught by our standard file locking (that does not allow this actually) because it is in a non locked path.... Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Mark IP as whitelisted if brute force protection is disabledLukas Reschke2017-05-011-0/+4
| | | | | | | | Currently, when disabling the brute force protection no new brute force attempts are logged. However, the ones logged within the last 24 hours will still be used for throttling. This is quite an unexpected behaviour and caused some support issues. With this change when the brute force protection is disabled also the existing attempts within the last 24 hours will be disregarded. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Remove unused use statementsMorris Jobke2017-04-222-3/+0
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Remove expired attemptsLukas Reschke2017-04-132-12/+32
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add support for ratelimiting via annotationsLukas Reschke2017-04-136-65/+400
| | | | | | | | | | | | | This allows adding rate limiting via annotations to controllers, as one example: ``` @UserRateThrottle(limit=5, period=100) @AnonRateThrottle(limit=1, period=100) ``` Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Respect bruteforce settings in the ThrottlerRoeland Jago Douma2017-04-021-0/+65
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* introduce brute force protection for api callsBjoern Schiessle2017-01-181-3/+10
| | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* dont write a certificate bundle if the shipped ca bundle is emptyRobin Appelman2017-01-091-3/+17
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Safari CSPv3 support is sub-parLukas Reschke2016-12-141-2/+0
| | | | | | | | With 10.0.1 CSPv3 is broken in Safari if it doesn't run from a local IP. Awesome. => Let's remove this for Safari and keep chrome and Firefox in the whitelist. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add Identityproof testsRoeland Jago Douma2016-11-241-23/+4
| | | | | | | | | * Add tests for Key * Add tests for Manager * Add tests for Signer * Removed URLGenerator from Signer Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add a signer class for signingLukas Reschke2016-11-212-9/+148
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add identity proofLukas Reschke2016-11-211-8/+7
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add privateLukas Reschke2016-11-212-0/+136
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Fix missing update of session, when it was already used.Joas Schilling2016-11-021-0/+7
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix CSRF token generation / validationLeon Klingele2016-11-021-3/+3
| | | | | | | Operate on raw bytes instead of base64-encoded strings. Issue was introduced in a977465 Signed-off-by: Leon Klingele <git@leonklingele.de>
* Identify Chromium as ChromeJoas Schilling2016-10-261-2/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Missing returns + autoloader fileLukas Reschke2016-10-251-0/+1
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Move browserSupportsCspV3 to CSPNonceManagerRoeland Jago Douma2016-10-251-1/+28
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add ContentSecurityPolicyNonceManagerLukas Reschke2016-10-241-0/+54
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add support for CSP noncesLukas Reschke2016-10-242-4/+19
| | | | | | | | | | | | | | | | | CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce. At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.) IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO. Implementing this offers the following advantages: 1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist 2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file. If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/ Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* dont get bruteforce delay twiceRobin Appelman2016-08-291-1/+4
|
* Update with robinJoas Schilling2016-07-212-2/+2
|
* Fix othersJoas Schilling2016-07-2114-15/+32
|
* JSON encode the valuesLukas Reschke2016-07-201-1/+1
|
* Implement brute force protectionLukas Reschke2016-07-201-0/+230
| | | | | | | | | Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)
* add test for needsRebundling() checkBjoern Schiessle2016-07-111-1/+11
|
* always check the mtime of the system bundle and additionally the user ↵Bjoern Schiessle2016-07-081-1/+2
| | | | specific certificate bundle if a user is given
* Disallow certain malformed domain names even if they match the trusted ↵Johannes Ernst2016-07-061-3/+6
| | | | | | domain expression Stricter checking for valid domain names
* Trusted domain wildcard checking made shorter, supporting multiple *Johannes Ernst2016-07-061-32/+8
| | | | Added test cases
* Duh, no 'next' in PHP.Johannes Ernst2016-07-061-2/+2
| | | | Use === instead of == for extra paranoia.
* Allow wildcard * to be used in trusted domains, to support setups where no ↵Johannes Ernst2016-07-051-2/+30
| | | | reliable DNS entry is available (e.g. mDNS) or for simple-to-setup aliasing (e.g. *.example.com)
* Update license headersLukas Reschke2016-05-2612-13/+13
|
* [master] Ignore certificate file if it starts with file://Lukas Reschke2016-04-211-0/+7
|
* Move \OC\Security to PSR-4Roeland Jago Douma2016-04-1413-0/+1537
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-21 08:46:59 +0000