server/lib/private/DB
Lukas Reschke 3d2600b039
Add Phan plugin to check for SQL injections
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
..
QueryBuilder Remove unused use statements 2017-04-22 19:23:31 -05:00
Adapter.php Update with robin 2016-07-21 18:13:58 +02:00
AdapterMySQL.php Fix like queries in the QueryBuilder 2016-10-19 00:15:01 +02:00
AdapterOCI8.php dont double escape 2017-03-30 11:14:59 +02:00
AdapterPgSql.php Fix others 2016-07-21 18:13:57 +02:00
AdapterSqlite.php dont double escape 2017-03-30 11:14:59 +02:00
Connection.php Add Phan plugin to check for SQL injections 2017-07-20 22:48:13 +02:00
ConnectionFactory.php use the same oci connectstring in all code paths 2017-04-10 17:58:52 +02:00
MDB2SchemaManager.php Adding tests for 4 byte unicode characters 2017-03-21 16:42:12 -06:00
MDB2SchemaReader.php Remove unused use statements 2017-04-22 19:23:31 -05:00
MDB2SchemaWriter.php Add config option to update charset of mysql to utf8mb4 2016-10-19 00:15:01 +02:00
MigrationException.php Update with robin 2016-07-21 18:13:58 +02:00
MigrationService.php Only create the migration directory when necessary 2017-07-06 09:58:39 +02:00
Migrator.php Start migrations 2017-07-05 13:01:19 +02:00
MySQLMigrator.php Update with robin 2016-07-21 18:13:58 +02:00
MySqlTools.php Add console command to migrate the charset 2017-04-28 09:35:36 +02:00
NoCheckMigrator.php Update with robin 2016-07-21 18:13:58 +02:00
OCSqlitePlatform.php Update with robin 2016-07-21 18:13:58 +02:00
OracleConnection.php Start migrations 2017-07-05 13:01:19 +02:00
OracleMigrator.php Start migrations 2017-07-05 13:01:19 +02:00
PgSqlTools.php Fix others 2016-07-21 18:13:57 +02:00
PostgreSqlMigrator.php Fix others 2016-07-21 18:13:57 +02:00
SchemaWrapper.php Fix dropping tables and handle the prefix automatically 2017-07-05 13:02:16 +02:00
SQLiteMigrator.php Update with robin 2016-07-21 18:13:58 +02:00
SQLiteSessionInit.php Add MD5() to sqlite 2017-03-30 11:09:19 +02:00