Lukas Reschke
GitHub
commit
ff691b4d8a
8 changed files with 54 additions and 13 deletions
12
.drone.yml
12
.drone.yml
|
|
@ -15,6 +15,12 @@ build:
|
|||
- rm -rf data/* config/config.php # TODO: remove this - temporary fix for CI issues
|
||||
- git submodule update --init
|
||||
- NOCOVERAGE=true TEST_SELECTION=NODB ./autotest.sh sqlite
|
||||
nodb-php7.1:
|
||||
image: nextcloudci/php7.1:php7.1-3
|
||||
commands:
|
||||
- rm -rf data/* config/config.php # TODO: remove this - temporary fix for CI issues
|
||||
- git submodule update --init
|
||||
- NOCOVERAGE=true TEST_SELECTION=NODB ./autotest.sh sqlite
|
||||
sqlite-php5.6:
|
||||
image: nextcloudci/php5.6:php5.6-2
|
||||
commands:
|
||||
|
|
@ -27,6 +33,12 @@ build:
|
|||
- rm -rf data/* config/config.php # TODO: remove this - temporary fix for CI issues
|
||||
- git submodule update --init
|
||||
- NOCOVERAGE=true TEST_SELECTION=DB ./autotest.sh sqlite
|
||||
sqlite-php7.1:
|
||||
image: nextcloudci/php7.1:php7.1-3
|
||||
commands:
|
||||
- rm -rf data/* config/config.php # TODO: remove this - temporary fix for CI issues
|
||||
- git submodule update --init
|
||||
- NOCOVERAGE=true TEST_SELECTION=DB ./autotest.sh sqlite
|
||||
mysql-php5.6:
|
||||
image: nextcloudci/php5.6:php5.6-2
|
||||
commands:
|
||||
|
|
|
|||
2
3rdparty
2
3rdparty
|
|
@ -1 +1 @@
|
|||
Subproject commit a7109f7505ce8ab1775f54ff723b72e4e65c13d2
|
||||
Subproject commit 700cba55e9483e7514d36ea43ddac36de63c3697
|
||||
|
|
@ -111,7 +111,7 @@ $errors = [];
|
|||
foreach($Regex as $file) {
|
||||
$stmts = $parser->parse(file_get_contents($file[0]));
|
||||
|
||||
$visitor = new SinceTagCheckVisitor($this->blackListedClassNames);
|
||||
$visitor = new SinceTagCheckVisitor();
|
||||
$traverser = new \PhpParser\NodeTraverser();
|
||||
$traverser->addVisitor($visitor);
|
||||
$traverser->traverse($stmts);
|
||||
|
|
|
|||
|
|
@ -156,7 +156,7 @@ class InfoParser {
|
|||
$totalElement = count($xml->{$element});
|
||||
|
||||
if (!isset($array[$element])) {
|
||||
$array[$element] = "";
|
||||
$array[$element] = $totalElement > 1 ? [] : "";
|
||||
}
|
||||
/** @var \SimpleXMLElement $node */
|
||||
// Has attributes
|
||||
|
|
|
|||
|
|
@ -249,6 +249,8 @@ class Checker {
|
|||
|
||||
$privateKey->setSignatureMode(RSA::SIGNATURE_PSS);
|
||||
$privateKey->setMGFHash('sha512');
|
||||
// See https://tools.ietf.org/html/rfc3447#page-38
|
||||
$privateKey->setSaltLength(0);
|
||||
$signature = $privateKey->sign(json_encode($hashes));
|
||||
|
||||
return [
|
||||
|
|
@ -343,7 +345,7 @@ class Checker {
|
|||
// Verify if certificate has proper CN. "core" CN is always trusted.
|
||||
if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
|
||||
throw new InvalidSignatureException(
|
||||
sprintf('Certificate is not valid for required scope. (Requested: %s, current: %s)', $certificateCN, $x509->getDN(true))
|
||||
sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN'])
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -352,6 +354,8 @@ class Checker {
|
|||
$rsa->loadKey($x509->currentCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']);
|
||||
$rsa->setSignatureMode(RSA::SIGNATURE_PSS);
|
||||
$rsa->setMGFHash('sha512');
|
||||
// See https://tools.ietf.org/html/rfc3447#page-38
|
||||
$rsa->setSaltLength(0);
|
||||
if(!$rsa->verify(json_encode($expectedHashes), $signature)) {
|
||||
throw new InvalidSignatureException('Signature could not get verified.');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ class SecuritySettingsController extends Controller {
|
|||
* @return array
|
||||
*/
|
||||
public function trustedDomains($newTrustedDomain) {
|
||||
$trustedDomains = $this->config->getSystemValue('trusted_domains');
|
||||
$trustedDomains = $this->config->getSystemValue('trusted_domains', []);
|
||||
$trustedDomains[] = $newTrustedDomain;
|
||||
$this->config->setSystemValue('trusted_domains', $trustedDomains);
|
||||
|
||||
|
|
|
|||
|
|
@ -57,8 +57,8 @@ class SecuritySettingsControllerTest extends \PHPUnit_Framework_TestCase {
|
|||
$this->container['Config']
|
||||
->expects($this->once())
|
||||
->method('getSystemValue')
|
||||
->with('trusted_domains')
|
||||
->will($this->returnValue(''));
|
||||
->with($this->equalTo('trusted_domains'), $this->equalTo([]))
|
||||
->willReturn([]);
|
||||
|
||||
$response = $this->securitySettingsController->trustedDomains('newdomain.com');
|
||||
$expectedResponse = array('status' => 'success');
|
||||
|
|
|
|||
|
|
@ -102,8 +102,13 @@ class CheckerTest extends TestCase {
|
|||
->expects($this->once())
|
||||
->method('file_put_contents')
|
||||
->with(
|
||||
\OC::$SERVERROOT . '/tests/data/integritycheck/app//appinfo/signature.json',
|
||||
$expectedSignatureFileData
|
||||
$this->equalTo(\OC::$SERVERROOT . '/tests/data/integritycheck/app//appinfo/signature.json'),
|
||||
$this->callback(function($signature) use ($expectedSignatureFileData) {
|
||||
$expectedArray = json_decode($expectedSignatureFileData, true);
|
||||
$actualArray = json_decode($signature, true);
|
||||
$this->assertEquals($expectedArray, $actualArray);
|
||||
return true;
|
||||
})
|
||||
);
|
||||
|
||||
$keyBundle = file_get_contents(__DIR__ .'/../../data/integritycheck/SomeApp.crt');
|
||||
|
|
@ -456,7 +461,12 @@ class CheckerTest extends TestCase {
|
|||
->method('file_put_contents')
|
||||
->with(
|
||||
\OC::$SERVERROOT . '/tests/data/integritycheck/app//core/signature.json',
|
||||
$expectedSignatureFileData
|
||||
$this->callback(function($signature) use ($expectedSignatureFileData) {
|
||||
$expectedArray = json_decode($expectedSignatureFileData, true);
|
||||
$actualArray = json_decode($signature, true);
|
||||
$this->assertEquals($expectedArray, $actualArray);
|
||||
return true;
|
||||
})
|
||||
);
|
||||
|
||||
$keyBundle = file_get_contents(__DIR__ .'/../../data/integritycheck/core.crt');
|
||||
|
|
@ -486,7 +496,12 @@ class CheckerTest extends TestCase {
|
|||
->method('file_put_contents')
|
||||
->with(
|
||||
\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessUnmodified//core/signature.json',
|
||||
$expectedSignatureFileData
|
||||
$this->callback(function($signature) use ($expectedSignatureFileData) {
|
||||
$expectedArray = json_decode($expectedSignatureFileData, true);
|
||||
$actualArray = json_decode($signature, true);
|
||||
$this->assertEquals($expectedArray, $actualArray);
|
||||
return true;
|
||||
})
|
||||
);
|
||||
|
||||
$keyBundle = file_get_contents(__DIR__ .'/../../data/integritycheck/core.crt');
|
||||
|
|
@ -511,7 +526,12 @@ class CheckerTest extends TestCase {
|
|||
->method('file_put_contents')
|
||||
->with(
|
||||
\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithInvalidModifiedContent//core/signature.json',
|
||||
$expectedSignatureFileData
|
||||
$this->callback(function($signature) use ($expectedSignatureFileData) {
|
||||
$expectedArray = json_decode($expectedSignatureFileData, true);
|
||||
$actualArray = json_decode($signature, true);
|
||||
$this->assertEquals($expectedArray, $actualArray);
|
||||
return true;
|
||||
})
|
||||
);
|
||||
|
||||
$keyBundle = file_get_contents(__DIR__ .'/../../data/integritycheck/core.crt');
|
||||
|
|
@ -542,7 +562,12 @@ class CheckerTest extends TestCase {
|
|||
->method('file_put_contents')
|
||||
->with(
|
||||
\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent/core/signature.json',
|
||||
$expectedSignatureFileData
|
||||
$this->callback(function($signature) use ($expectedSignatureFileData) {
|
||||
$expectedArray = json_decode($expectedSignatureFileData, true);
|
||||
$actualArray = json_decode($signature, true);
|
||||
$this->assertEquals($expectedArray, $actualArray);
|
||||
return true;
|
||||
})
|
||||
);
|
||||
|
||||
$keyBundle = file_get_contents(__DIR__ .'/../../data/integritycheck/core.crt');
|
||||
|
|
|
|||
Loading…
Reference in a new issue