summaryrefslogtreecommitdiffstats
path: root/tests/lib/Security
Commit message (Collapse)AuthorAgeFilesLines
* Add support for CSP_NONCE server variableSam Bull2019-07-181-2/+21
| | | | | | | Allow passing a nonce from the web server, allowing the possibility to enforce a strict CSP from the web server. Signed-off-by: Sam Bull <git@sambull.org> Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add an event to edit the CSPRoeland Jago Douma2019-07-082-2/+96
| | | | | | | | This introduces and event that can be listend to when we actually use the CSP. This means that apps no longer have to always inject their CSP but only do so when it is required. Yay for being lazy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #13327 from ↵Morris Jobke2019-03-061-0/+4
|\ | | | | | | | | nextcloud/allow-bracket-notation-for-remove-ipv6-address Allow bracket IPv6 address format inside IPAdress Normalizer
| * Allow bracket IPv6 address format inside IPAdress NormalizerThomas Citharel2019-01-031-0/+4
| | | | | | | | | | | | When run with php's build-in server (for instance on localhost:8080), IP provided through $this->server['REMOTE_ADDR'] is [::1], which is not an acceptable format for \inet_pton. This removes the brackets if there's any. Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* | Fix the thorrtler whitelist bitmaskRoeland Jago Douma2019-02-111-0/+29
| | | | | | | | | | | | Before we actually didn't check each bit of the bitmask. Now we do. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Set default frame-ancestors to 'self'Roeland Jago Douma2019-01-081-1/+1
| | | | | | | | | | | | For #13042 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | CSP: Allow fonts to be provided in dataRoeland Jago Douma2019-01-071-1/+1
|/ | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Disallow unsafe-eval by defaultRoeland Jago Douma2018-10-141-0/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix testsRoeland Jago Douma2018-05-141-1/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add ARGON2I support to the hasherRoeland Jago Douma2018-04-041-36/+86
| | | | | | | | | When on php7.2 we can use the new and improved ARGON2I hashing. This adds support for that to the hasher. When verifying an old hash we'll update rehash to move all hashes eventually to the new hash function. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix risky tests without assertionsJoas Schilling2018-01-251-0/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Make OCP\Security stricterRoeland Jago Douma2018-01-161-4/+0
| | | | | | | | | | | * Add typehints * Add return types * Opcode opts from phpstorm * Made strict * Fixed tests: No need to test bogus values anymore strict typing fixes this Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make OC\Security\RateLimiting strictRoeland Jago Douma2018-01-141-2/+2
| | | | | | | | | * Add return types * Add scalar argument types * Made strict * Cleaned up phpstorm inspections Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix testsRoeland Jago Douma2017-12-181-1/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use ::class in test mocks of encryption appMorris Jobke2017-10-261-1/+2
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Use ::class in test mocksMorris Jobke2017-10-243-4/+5
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* add prefix to user and system keys to avoid name collisionsBjoern Schiessle2017-08-101-5/+5
| | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* extend the identity proof manager to allow system wide key pairsBjoern Schiessle2017-08-101-11/+62
| | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* Add bruteforce capabilitiesRoeland Jago Douma2017-07-131-0/+68
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Write cert bundle to tmp file firstRoeland Jago Douma2017-07-121-2/+15
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Automatic creation of Identity managerJoas Schilling2017-05-101-3/+14
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add missing spaceLukas Reschke2017-05-011-1/+1
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Mark IP as whitelisted if brute force protection is disabledLukas Reschke2017-05-011-8/+51
| | | | | | | | Currently, when disabling the brute force protection no new brute force attempts are logged. However, the ones logged within the last 24 hours will still be used for throttling. This is quite an unexpected behaviour and caused some support issues. With this change when the brute force protection is disabled also the existing attempts within the last 24 hours will be disregarded. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Remove expired attemptsLukas Reschke2017-04-131-5/+13
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add support for ratelimiting via annotationsLukas Reschke2017-04-134-45/+358
| | | | | | | | | | | | | This allows adding rate limiting via annotations to controllers, as one example: ``` @UserRateThrottle(limit=5, period=100) @AnonRateThrottle(limit=1, period=100) ``` Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Respect bruteforce settings in the ThrottlerRoeland Jago Douma2017-04-021-1/+89
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix unit testsMorris Jobke2017-03-281-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Add base-uri to CSP policyLukas Reschke2017-03-161-1/+1
| | | | | | As per https://twitter.com/we1x/status/842032709543333890 a nice security hardening Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* dont write a certificate bundle if the shipped ca bundle is emptyRobin Appelman2017-01-091-3/+4
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Add Identityproof testsRoeland Jago Douma2016-11-243-1/+250
| | | | | | | | | * Add tests for Key * Add tests for Manager * Add tests for Signer * Removed URLGenerator from Signer Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add a signer class for signingLukas Reschke2016-11-211-0/+166
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add testsLukas Reschke2016-11-021-0/+13
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Inject config and loggerJoas Schilling2016-11-021-3/+9
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix CSRF token generation / validationLeon Klingele2016-11-022-4/+12
| | | | | | | Operate on raw bytes instead of base64-encoded strings. Issue was introduced in a977465 Signed-off-by: Leon Klingele <git@leonklingele.de>
* Move browserSupportsCspV3 to CSPNonceManagerRoeland Jago Douma2016-10-251-1/+3
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add ContentSecurityPolicyNonceManagerLukas Reschke2016-10-241-0/+57
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add support for CSP noncesLukas Reschke2016-10-242-0/+23
| | | | | | | | | | | | | | | | | CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce. At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.) IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO. Implementing this offers the following advantages: 1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist 2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file. If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/ Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Fix getMock CertificateMangerTestRoeland Jago Douma2016-09-131-2/+3
|
* Fix getMock SecurityRoeland Jago Douma2016-09-072-4/+4
|
* Implement brute force protectionLukas Reschke2016-07-201-0/+123
| | | | | | | | | Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)
* add test for needsRebundling() checkBjoern Schiessle2016-07-111-0/+92
|
* Disallow certain malformed domain names even if they match the trusted ↵Johannes Ernst2016-07-061-0/+4
| | | | | | domain expression Stricter checking for valid domain names
* Trusted domain wildcard checking made shorter, supporting multiple *Johannes Ernst2016-07-061-1/+26
| | | | Added test cases
* Move tests/ to PSR-4 (#24731)Joas Schilling2016-05-2012-0/+1092
* Move a-b to PSR-4 * Move c-d to PSR-4 * Move e+g to PSR-4 * Move h-l to PSR-4 * Move m-r to PSR-4 * Move s-u to PSR-4 * Move files/ to PSR-4 * Move remaining tests to PSR-4 * Remove Test\ from old autoloader
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-06 12:31:23 +0000