This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.
As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.
The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Running the acceptance tests on Drone relied on the pod-style networking
used by services (service containers were available at 127.0.0.1 from
the build containers). However, in Drone 0.7 service and build
containers must be accessed from each other using their domain name
instead. Thus, acceptance tests had to be disabled on Drone.
Now that the acceptance test system supports setting a different domain
for the Selenium server and for the Nextcloud test server the acceptance
tests can be enabled again on Drone.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Previously this container used a very old CentOS version. It has been migrated to Debian Jessie now using the deb.sury.org repositories.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Fix service container host name
check current folder
fix redis for integration test
Fix more hostnames
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Sometimes, acceptance tests run by Drone fail due to a timeout when
starting the web browser sessions. Increasing the timeout should
minimize the possibility of the failure happening, although it can not
guarantee that it will not happen. A timeout multiplier of 10 was set
just because it looks like a reasonable margin of time, although it is
not based on any hard data.
The timeout multiplier affects too the timeout used when finding
elements. Like when starting a session, increasing the find timeout
simply gives the acceptance tests more time to find the objects before
giving up, so it does not change their behaviour when successful and can
also prevent failures due to default timeouts being too low for a
strained system.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
As the script modifies the Git repository a safety parameter was added
to prevent running it by mistake and messing with the local copy of the
repository.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
