Skip to content

Add missing taint analysis docblock comments, and improve escaping in… #36378

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nickvergessen merged 1 commit into from
Apr 25, 2023
Merged

Add missing taint analysis docblock comments, and improve escaping in… #36378

nickvergessen merged 1 commit into from
Apr 25, 2023

Conversation

@come-nc
Copy link
Contributor

@come-nc come-nc commented Jan 26, 2023
edited
Loading

Summary

Imported changes from #33779 that should fix some of the detected psalm taint errors.
Then we can see if we need a baseline or not.

Checklist

@come-nc come-nc added the 2. developing Work in progress label Jan 26, 2023
@come-nc come-nc self-assigned this Jan 26, 2023
@come-nc
Copy link
Contributor Author

come-nc commented Jan 26, 2023

5,007 new alerts including 48 errors

Which is better than master:

5,012 new alerts including 53 errors

But still, I would like to see those numbers lower.

@szaimen
Copy link
Contributor

szaimen commented Jan 28, 2023

Just create a new baseline for now?

@come-nc
Copy link
Contributor Author

come-nc commented Apr 24, 2023

/rebase

@nextcloud-command nextcloud-command force-pushed the fix/improve-taint-analysis branch from 360c837 to de92baf Compare April 24, 2023 13:00
@CarlSchwan @come-nc
Add missing taint analysis docblock comments, and improve escaping in…
b1ec7ff 
… some methods

Signed-off-by: Carl Schwan <[email protected]>
Signed-off-by: Côme Chilliet <[email protected]>
@come-nc come-nc force-pushed the fix/improve-taint-analysis branch from de92baf to b1ec7ff Compare April 24, 2023 15:17
@come-nc
Copy link
Contributor Author

come-nc commented Apr 24, 2023

Removed the part in lib/private/Files/Cache/Cache.php as it does not actually escape sql in normalizeData.
Rebased on master.

Good to merge.

@come-nc come-nc added 3. to review Waiting for reviews and removed 2. developing Work in progress labels Apr 24, 2023
@come-nc come-nc added this to the Nextcloud 27 milestone Apr 24, 2023
@come-nc come-nc mentioned this pull request Apr 24, 2023
Closed
@nickvergessen nickvergessen merged commit af214b6 into master Apr 25, 2023
@nickvergessen nickvergessen deleted the fix/improve-taint-analysis branch April 25, 2023 06:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nickvergessen nickvergessen nickvergessen approved these changes

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@juliusknorr juliusknorr juliusknorr approved these changes

@szaimen szaimen Awaiting requested review from szaimen

Assignees

@come-nc come-nc

Labels

3. to review Waiting for reviews enhancement

Projects

None yet

Milestone

Nextcloud 27

Development

Successfully merging this pull request may close these issues.

7 participants

@come-nc @szaimen @nickvergessen @ChristophWurst @juliusknorr @CarlSchwan