sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
84,646 Commits
629 Branches
1167 Tags
9.1 GiB
Commit Graph

10 Commits (feat/allow-decrypt-all-with-encryption-disabled)

Author SHA1 Message Date
Côme Chilliet e757b649b7
fix: Fix psalm taint false-positives by small refactorings 
Mostly make it clear that we trust admin input or that we correctly
 escape strings.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-17 18:08:23 +07:00
Côme Chilliet 640dbd0b5e
fix: Fix false-positive psalm taint errors when outputting plain text 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-17 15:26:23 +07:00
Côme Chilliet 7c907223d2
fix: Fix psalm taint false-positive by escaping trusted input 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-17 15:26:22 +07:00
Côme Chilliet fa108d5b54
fix: Correctly tag json encoding in BaseResponse to fix false-positive 
…in psalm taint analysis

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-17 15:26:22 +07:00
Côme Chilliet aac79bad9b
fix: Move config.php taint trust upstream directly in OC\Config class 
This solves some false-positive psalm taint errors

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-17 15:26:20 +07:00
Côme Chilliet 25f38883f1
fix: Work around false-positive psalm taint error calling print_r in admin_audit 
Same issue as var_export, print_r is listed as sink but it’s not when
 using return:true. Anyway, using the logger context feature is better.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-17 15:24:08 +07:00
Côme Chilliet fec865cc29
chore: Correctly flag json encoding methods as escaping html and quotes 
Especially with JSON_HEX_TAG it’s perfectly fine to echo JSON, and we
 only use it in JSON output anyway.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-17 15:24:07 +07:00
Côme Chilliet 964bc960f8
chore: Update psalm-baseline-security.xml 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-13 16:27:13 +07:00
Joas Schilling 07449847e1
fix(appmanager): Fix tainted file path when loading appinfos 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-10-14 14:33:19 +07:00
Joas Schilling 570a9e208f
ci: Add psalm baseline for security and make CI fail on change 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-10-01 00:11:07 +07:00