Commits · 6bc4561f097e0b3a14a6ad78bf5d9ab181d5311a · TeDomum / Nextcloud

Dec 30, 2020
- Add dedicated baseline for OCP · fe65f8fa
  Roeland Jago Douma authored 4 years ago
  
  Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
  fe65f8fa
Dec 29, 2020
- Cleanup bundle files before checking the rebuild · c42385ef
  Julius Härtl authored 4 years ago
  
  Signed-off-by: Julius Härtl <jus@bitgrid.net>
  c42385ef
- jsunit: Run jsunit with chromium/puppeteer on github actions · c7a320d8
  Julius Härtl authored 4 years ago
  
  Signed-off-by: Julius Härtl <jus@bitgrid.net>
  c7a320d8
Nov 20, 2020

Add Psalm Taint Flow Analysis · 47ac8e00

Lukas Reschke authored 4 years ago

This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/

It also adds a plugin for adding input into AppFramework.

The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning

**Q&A:**

Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.

Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/

Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/



Q: We should run this on apps!
A: Yes.

Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.

Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

47ac8e00

Also lint php8 · 12f322d8
Roeland Jago Douma authored 4 years ago
```
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
```
12f322d8

Nov 10, 2020
- Fix naming of jobs and steps · a524e83b
  Joas Schilling authored 4 years ago
  
  Signed-off-by: Joas Schilling <coding@schilljs.com>
  a524e83b
- Add github action for oci8 · 2050517d
  Julius Härtl authored 4 years ago
  
  Signed-off-by: Julius Härtl <jus@bitgrid.net>
  2050517d
Nov 05, 2020
- Fix php lint action · 1e7a82d9
  John Molakvoæ authored 4 years ago
  
  1e7a82d9
Oct 30, 2020
- Do not commit updated composer dependencies in psalm baseline update · bb05f0e4
  Morris Jobke authored 4 years ago
  
  Signed-off-by: Morris Jobke <hey@morrisjobke.de>
  bb05f0e4
Oct 29, 2020
- Update daily "update psalm baseline" job to composer psalm · f18d9cd3
  Morris Jobke authored 4 years ago
  
  Signed-off-by: Morris Jobke <hey@morrisjobke.de>
  f18d9cd3
Oct 13, 2020
- Do not fail on changes to baseline.xml · 106c8d71
  Morris Jobke authored 4 years ago
  
  Signed-off-by: Morris Jobke <hey@morrisjobke.de>
  106c8d71
- Use own psalm instead of a global one · 081e9ac4
  Christoph Wurst authored 4 years ago
  
  Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
  081e9ac4
Sep 08, 2020
- Delete dependabot.yml · 28df9239
  John Molakvoæ authored 4 years ago
  
  28df9239
- Split target-branch between stablexx branches until it supports Arrays · d939f2fa
  John Molakvoæ authored 4 years ago
  
  Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
  d939f2fa
Sep 07, 2020
- Move to automated dependabot merging · 91e463ff
  John Molakvoæ authored 4 years ago
  
  Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
  91e463ff
Aug 20, 2020
- Run psalm-baseline.xml update once a day · 886466d5
  Morris Jobke authored 4 years ago
  
  Signed-off-by: Morris Jobke <hey@morrisjobke.de>
  886466d5
- Revert "This is just to trigger the GitHub scheduled actions registration" · 458320e8
  Morris Jobke authored 4 years ago
  
  This reverts commit 2e912990.
  458320e8
- This is just to trigger the GitHub scheduled actions registration · 2e912990
  Morris Jobke authored 4 years ago
  
  It is needed for #22314 and I will revert it right away afterwards. Sorry for the trouble. See the answer in https://stackoverflow.com/questions/59560214/github-action-works-on-push-but-not-scheduled
  2e912990
- Run update-psalm-baseline action every 5 minutes · ebc80dba
  Morris Jobke authored 4 years ago
  
  For debugging purposed due to a GitHub bug. See #22325 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
  ebc80dba
- Revert "This is just to trigger the GitHub scheduled actions registration" · 27157051
  Morris Jobke authored 4 years ago
  
  27157051
- This is just to trigger the GitHub scheduled actions · f255f429
  Morris Jobke authored 4 years ago
  
  It is needed for https://github.com/nextcloud/server/pull/22314 and I will revert it right away afterwards. Sorry for the trouble.
  f255f429
- Generate psalm-baseline.xml PR instead of requiring this from the PR author itself · 50784a7c
  Morris Jobke authored 4 years ago
  
  Signed-off-by: Morris Jobke <hey@morrisjobke.de>
  50784a7c
Aug 19, 2020
- Better psalm CI output · 4db7829f
  Morris Jobke authored 4 years ago
  
  Signed-off-by: Morris Jobke <hey@morrisjobke.de>
  4db7829f
Aug 18, 2020
- Check only the baseline.xml and exclude the psalm.xml from the file check · 42bb6cd7
  Morris Jobke authored 4 years ago
  
  Signed-off-by: Morris Jobke <hey@morrisjobke.de>
  42bb6cd7
- Add a check for fixes in the psalm baseline · 80056e08
  Morris Jobke authored 4 years ago
  
  Signed-off-by: Morris Jobke <hey@morrisjobke.de>
  80056e08
- Hello psalm · 7257793f
  Daniel Kesselberg authored 4 years ago
  
  Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  7257793f
Jul 15, 2020
- Run cs:check a second time to show diff · 08cb4b81
  Daniel Kesselberg authored 4 years ago
  
  Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  08cb4b81
Jul 13, 2020
- Report php-cs-fixer errors to GitHub · f64b47c3
  Daniel Kesselberg authored 4 years ago
  
  Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  f64b47c3
Jun 17, 2020
- Delete FUNDING.yml · 7f92bd9d
  Joas Schilling authored 4 years ago
  
  7f92bd9d
Apr 14, 2020
- Show a hint for the php-cs fix when the check fails · 9e6fcd58
  Christoph Wurst authored 4 years ago
  
  Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
  9e6fcd58
- Add php-cs check action · c9980ed0
  Christoph Wurst authored 4 years ago
  
  Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
  c9980ed0
Mar 20, 2020
- We don't use IRC anymore · f88ee3a5
  Christoph Wurst authored 5 years ago
  
  Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
  f88ee3a5
Mar 15, 2020
- Add text about subscribing issues and sync introduction to feature request · 98a2e3b6
  Daniel Kesselberg authored 5 years ago
  
  Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  98a2e3b6
Mar 12, 2020
- Change Portalm to Portal · df013153
  Daniel Kesselberg authored 5 years ago
  
  Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  df013153
- Add a link to the portal directly · 190eabf2
  Joas Schilling authored 5 years ago
  
  Signed-off-by: Joas Schilling <coding@schilljs.com>
  190eabf2
Feb 24, 2020
- Let people know that the logs not optional · feb642d5
  Daniel Kesselberg authored 5 years ago
  
  Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  feb642d5
- Add short explanation how to use the organization search to find issues with all nextcloud repos. · 3e9bd97c
  Daniel Kesselberg authored 5 years ago
  
  Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  3e9bd97c
- Add guidelines for submitting issues to template · aaa1506a
  Daniel Kesselberg authored 5 years ago
  
  Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  aaa1506a
Feb 23, 2020
- Move Compile Handlebars CI to GitHub Actions · 907a2789
  Gary Kim authored 5 years ago
  
  Signed-off-by: Gary Kim <gary@garykim.dev>
  907a2789
Feb 10, 2020
- Lint on github actions · 64665c98
  Roeland Jago Douma authored 5 years ago
  
  Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
  64665c98