Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add missing taint analysis docblock comments, and improve escaping in… #36378

Merged
merged 1 commit into from
Apr 25, 2023

Conversation

come-nc
Copy link
Contributor

@come-nc come-nc commented Jan 26, 2023

Summary

Imported changes from #33779 that should fix some of the detected psalm taint errors.
Then we can see if we need a baseline or not.

Checklist

@come-nc come-nc added the 2. developing Work in progress label Jan 26, 2023
@come-nc come-nc self-assigned this Jan 26, 2023
@come-nc
Copy link
Contributor Author

come-nc commented Jan 26, 2023

5,007 new alerts including 48 errors

Which is better than master:

5,012 new alerts including 53 errors

But still, I would like to see those numbers lower.

@szaimen
Copy link
Contributor

szaimen commented Jan 28, 2023

Just create a new baseline for now?

@come-nc
Copy link
Contributor Author

come-nc commented Apr 24, 2023

/rebase

@nextcloud-command nextcloud-command force-pushed the fix/improve-taint-analysis branch from 360c837 to de92baf Compare April 24, 2023 13:00
… some methods

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
@come-nc come-nc force-pushed the fix/improve-taint-analysis branch from de92baf to b1ec7ff Compare April 24, 2023 15:17
@come-nc
Copy link
Contributor Author

come-nc commented Apr 24, 2023

Removed the part in lib/private/Files/Cache/Cache.php as it does not actually escape sql in normalizeData.
Rebased on master.

Good to merge.

@come-nc come-nc added 3. to review Waiting for reviews and removed 2. developing Work in progress labels Apr 24, 2023
@come-nc come-nc added this to the Nextcloud 27 milestone Apr 24, 2023
@nickvergessen nickvergessen merged commit af214b6 into master Apr 25, 2023
@nickvergessen nickvergessen deleted the fix/improve-taint-analysis branch April 25, 2023 06:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
3. to review Waiting for reviews enhancement
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants