Should remove some false positives.

https://psalm.dev/docs/security_analysis/avoiding_false_positives/



Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

Also cleans up only non-classname services in the server container

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/

It also adds a plugin for adding input into AppFramework.

The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning

**Q&A:**

Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.

Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/

Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/



Q: We should run this on apps!
A: Yes.

Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.

Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Signed-off-by: medcloud <42641918+medcloud@users.noreply.github.com>

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>

During app installation we run migration steps. Those steps may use
services the app registers or classes from composer. Hence we have to
make sure the app runs through the registration.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

This is not the end. IRouter needs to burn.
But it is a start.

 we didn't start the fire 



Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Signed-off-by: Joas Schilling <coding@schilljs.com>

Signed-off-by: Joas Schilling <coding@schilljs.com>

Signed-off-by: Robin Appelman <robin@icewind.nl>

The default expiration date for internal shares was set from the default
link expiration date instead of the internal one.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

Signed-off-by: Joas Schilling <coding@schilljs.com>

The personal info section of the personal settings is querying the
storage quota information. For this it requires the FS to be setup which
is not always guaranteed.

This fixes an issue where refreshing the settings page would cause it to
fail after Redis caches are full. It is likely that when Redis cache is
populated, some code path is initializing the FS, so it works so far.
But when the cache is populated, that code path is skipped so the FS is
not guaranteed to be setup...

Signed-off-by: Vincent Petry <vincent@nextcloud.com>

Signed-off-by: Julius Härtl <jus@bitgrid.net>

In php8 this starts throwing warnings. And since we use it quite often
we flood the log. This moves it to getType which does the same. Only non
deprecated now.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Signed-off-by: Joas Schilling <coding@schilljs.com>

Signed-off-by: Joas Schilling <coding@schilljs.com>

Signed-off-by: Joas Schilling <coding@schilljs.com>

Those mappings exist and we will remove the first ones (labeled as `old`):

old: `\OC_Hook::listen('OC_Group', 'pre_createGroup', array('run' => true, 'gid' => $gid));`
since OC 8 (owncloud/core#12618): `$groupManager->listen('\OC\Group', 'preCreate', function ($gid) { ... });`
since NC 17 (#18350): `OCP\Group\Events\BeforeGroupCreatedEvent`

old: `\OC_Hook::emit('OC_User', 'post_createGroup', array('gid' => $gid->getGID()));`
since OC 8 (owncloud/core#12618): `$groupManager->listen('\OC\Group', 'postCreate', function (\OC\Group\Group $gid) { ... });`
since NC 17 (#18350): `OCP\Group\Events\GroupCreatedEvent`

old: `\OC_Hook::emit('OC_Group', 'pre_deleteGroup', array('run' => true, 'gid' => $group->getGID()));`
since OC 8 (owncloud/core#12618): `$groupManager->listen('\OC\Group', 'preDelete', function (\OC\Group\Group $group) { ... });`
since NC 17 (#18350): `OCP\Group\Events\BeforeGroupDeletedEvent`

old: `\OC_Hook::emit('OC_User', 'post_deleteGroup', array('gid' => $group->getGID()));`
since OC 8 (owncloud/core#12618): `$groupManager->listen('\OC\Group', 'postDelete', function (\OC\Group\Group $group) { ... });`
since NC 17 (#18350): `OCP\Group\Events\GroupDeletedEvent`

old: `\OC_Hook::emit('OC_Group', 'pre_addToGroup', array('run' => true, 'uid' => $user->getUID(), 'gid' => $group->getGID()));`
since OC 8 (owncloud/core#12618): `$groupManager->listen('\OC\Group', 'preAddUser', function (\OC\Group\Group $group, \OC\User\User $user) { ... });`
since NC 17 (#18350): `OCP\Group\Events\BeforeUserAddedEvent`

old: `\OC_Hook::emit('OC_Group', 'post_addToGroup', array('uid' => $user->getUID(), 'gid' => $group->getGID()));`
since OC 8 (owncloud/core#12618): `$groupManager->listen('\OC\Group', 'postAddUser', function (\OC\Group\Group $group, \OC\User\User $user) { ... });`
since NC 17 (#18350): `OCP\Group\Events\UserAddedEvent`

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Signed-off-by: Joas Schilling <coding@schilljs.com>

Primary key columns on Oracle can not have empty strings

Signed-off-by: Joas Schilling <coding@schilljs.com>

Signed-off-by: Joas Schilling <coding@schilljs.com>

Signed-off-by: Joas Schilling <coding@schilljs.com>

Signed-off-by: Joas Schilling <coding@schilljs.com>

Because often we catch the exception at some point and then the trace is
misleading. What's really interesting is the trace of the *previous*
exception.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

Signed-off-by: Joas Schilling <coding@schilljs.com>

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Signed-off-by: Joas Schilling <coding@schilljs.com>

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>

When the servercontainer wants to obtain something changes are very high
this is something from the server container. Esp on setups with a lot of
shares this can change quite a bit as it avoid a needless check on the
strpos OCA\\ etc.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

The getAppPath will always return the same data for the same appId. It
is actually already cached. However we do some cleanup of the appId
(again). Same for the autoloading it is actually already checked.

This just removes the unneeded calls. Which can add up if you have a lot
of incomming shares.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

In certain cases changeLock to EXCLUSIVE fails
and throws LockedException. This leaves the
file locked as SHARED in file_put_contents,
which prevents retrying (because on second
call file_put_contents takes another SHARED
lock on the same file, and changeLock doesn't
allow more than a single SHARED lock to promote
to EXCLUSIVE).

To avoid this case, we catch the LockedException
and unlock before re-throwing.

Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>

Signed-off-by: Joas Schilling <coding@schilljs.com>

Signed-off-by: Joas Schilling <coding@schilljs.com>

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

Otherwise you might end up calling a lot of functions unneeded.
And while the individual calls are cheap if you multiply them by 20k
they still get somewhat expensive.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>