sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
59,886 Commits
616 Branches
1167 Tags
8.9 GiB
Commit Graph

125 Commits (b3766fc99bdef65d185f8a94071c50a96d313331)

Author SHA1 Message Date
Robin Appelman 7ec80b3957
ftp logs 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2021-10-07 17:19:30 +07:00
Robin Appelman 10b613810f
run ftp external storage tests against multiple ftp servers 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2021-10-07 17:19:18 +07:00
Daniel Kesselberg 6cfc7f5dd3
Reset composer for automated psalm baseline update 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2021-10-07 09:27:21 +07:00
Vincent Petry 442eb6cc0e
Merge pull request #29050 from nextcloud/debt/noid/job-to-update-psalm-baseline-broken 
Fix job to update psalm baseline
 2021-10-06 09:21:45 +07:00
Daniel Kesselberg 20da1080fa
Fix job to update psalm baseline 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2021-10-03 20:31:10 +07:00
Morris Jobke b4403201dc
Change output format of Psalm to Github 
This automatically inlines the errors into the diff view.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2021-10-03 14:41:31 +07:00
Julius Härtl 1e266e8b38 Run oci against all php versions 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-09-27 14:24:05 +07:00
Julius Härtl cab44b6311 Run oci tests against phpunit9/php8 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-09-27 14:24:05 +07:00
Christoph Wurst 7559a4a97d
Pin Psalm version for security analysis 
The action will otherwise pull dev-master and this can break easily as
we just experience.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-09-03 13:52:04 +07:00
Nextcloud bot ed36b8b7f0 Updating command-compile.yml workflow from template 
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
 2021-08-06 07:33:28 +07:00
Nextcloud bot c854a3fd38 Updating command-rebase.yml workflow from template 
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
 2021-08-02 08:44:50 +07:00
John Molakvoæ fabd0a87b3
Update update-psalm-baseline.yml 2021-07-28 18:04:40 +07:00
John Molakvoæ 640f339b7d
Add checkout token 2021-07-28 07:40:58 +07:00
John Molakvoæ 525460c04d
Use COMMAND_BOT_PAT 2021-07-28 07:34:47 +07:00
John Molakvoæ 39931cab94
Update dependabot-approve-merge.yml 2021-07-27 08:16:41 +07:00
John Molakvoæ f304633fbc
Add command-compile 2021-07-26 18:44:29 +07:00
John Molakvoæ (skjnldsv) 00105dca82
Add proper node testing 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-07-22 13:30:56 +07:00
John Molakvoæ (skjnldsv) 49b490ce6d
Migrate to npm 7 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-07-22 13:06:17 +07:00
John Molakvoæ 3508976156
Add files via upload 2021-07-16 09:13:20 +07:00
Nextcloud bot 472a51e845 Updating dependabot-approve-merge.yml workflow from template 
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
 2021-07-02 15:43:33 +07:00
Nextcloud bot b4cb5e2cff Updating dependabot-approve-merge.yml workflow from template 
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
 2021-06-29 19:06:49 +07:00
skjnldsv 2fdd8c40ef Updating command-rebase.yml workflow from template 
Signed-off-by: GitHub <noreply@github.com>
 2021-06-29 07:46:40 +07:00
Lukas Reschke 53695dac53
Merge pull request #27687 from nextcloud/szaimen-patch-1 
Create rebase command
 2021-06-28 19:09:49 +07:00
Julius Härtl b18a7b8d22
Auto approve/merge also on stable branches 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-06-28 12:11:12 +07:00
szaimen 716dd54af2
Create rebase command 
Signed-off-by: szaimen <szaimen@e.mail.de>
 2021-06-26 13:36:32 +07:00
Joas Schilling 15e59a686d
Update dependabot config too 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-06-24 13:20:37 +07:00
Morris Jobke deaf0f3aa2
Change reviewers of Psalm baseline update 
Change reviewers from Roeland and Me to Julius and Louis

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2021-06-16 09:19:43 +07:00
John Molakvoæ 8c8777a841
Fix name 2021-05-29 09:12:37 +07:00
John Molakvoæ 38a19c263b
Add fixup.yml 2021-05-29 09:09:03 +07:00
John Molakvoæ 162229dbff
Fix psalm action 2021-05-28 18:17:58 +07:00
John Molakvoæ fb583d5665
Fix psalm action 2021-05-28 18:17:42 +07:00
John Molakvoæ f2e731e017
Add dependabot reviewer team and remove saturday for stable branches 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-05-28 12:36:26 +07:00
John Molakvoæ 018e18bf8a
Fix dependabot config 2021-05-28 12:25:03 +07:00
John Molakvoæ (skjnldsv) c3f9f09fb0
Add dependabot config with proper ignore for stable branches 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-05-26 15:51:11 +07:00
Christoph Wurst ab3424ad44
Add ext-zip as platform dependency 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-05-03 10:10:28 +07:00
Joas Schilling 6a43948a6e
FIx Oracle by testing on Ubuntu 20.04 until oci8.so is available for 21.04 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-22 16:57:00 +07:00
acsfer 2e41939ece
Typo 2021-04-22 13:15:10 +07:00
acsfer 9f56646694
Redirect users to forum for questions 
Be more specific so more users will go directly to the forum instead using Github for non-bug reports.
 2021-04-22 13:13:06 +07:00
John Molakvoæ (skjnldsv) fb183b457c
Add eslint testing 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-03-17 13:03:38 +07:00
tobiasKaminsky bfb535b2b2
Add funding info 
Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
 2021-03-16 11:44:59 +07:00
Roeland Jago Douma da652ded26 Move fixup check to action 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-03-07 19:42:40 +07:00
Roeland Jago Douma cc18213c98 Have psalm analysis directly on github 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-02-10 14:57:36 +07:00
Roeland Jago Douma 08cae2ec44
Revert "Pin Psalm version to an older one" 2021-02-02 22:08:01 +07:00
Lukas Reschke f1d2dcdaa5 Pin Psalm version to an older one 
Ref https://github.com/vimeo/psalm/issues/5144

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-02-02 13:54:18 +07:00
Roeland Jago Douma c96bb21ab9
Merge pull request #24903 from nextcloud/enh/psalm-ocp 
Add dedicated baseline for OCP
 2020-12-30 13:23:25 +07:00
Roeland Jago Douma fe65f8facf
Add dedicated baseline for OCP 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-12-30 11:06:00 +07:00
Julius Härtl c42385ef0f
Cleanup bundle files before checking the rebuild 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-29 12:20:32 +07:00
Julius Härtl c7a320d880 jsunit: Run jsunit with chromium/puppeteer on github actions 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-29 08:42:27 +07:00
Morris Jobke 6811274cfd
Merge pull request #24246 from LukasReschke/add-taint-flow-analysis 
Add Psalm Security Analysis
 2020-11-21 00:04:37 +07:00
Lukas Reschke 47ac8e0028
Add Psalm Taint Flow Analysis 
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/

It also adds a plugin for adding input into AppFramework.

The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning

**Q&A:**

Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.

Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/

Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/

Q: We should run this on apps!
A: Yes.

Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.

Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2020-11-20 23:12:00 +07:00