server/core/Command
Lukas Reschke 3d2600b039
Add Phan plugin to check for SQL injections
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
..
App Check the migration files for table, column and index length errors 2017-07-05 13:02:16 +02:00
Background
Config Filter out sensitive appconfig values 2017-01-11 11:42:36 +01:00
Db Add Phan plugin to check for SQL injections 2017-07-20 22:48:13 +02:00
Encryption ownC -> Nextc 2017-03-19 22:02:21 -06:00
Group Update with robin 2016-07-21 18:13:58 +02:00
Integrity Merge pull request #2724 from nextcloud/fix-23591 2016-12-21 13:03:13 +01:00
L10n Autocomplete for l10n:* and twofactorauth:* 2016-09-29 15:57:10 +02:00
Log Add autocomplete for db:* and log:* 2016-09-29 15:57:10 +02:00
Maintenance Add command to apply updates to custom themes 2017-07-05 12:38:07 +02:00
Security Update with robin 2016-07-21 18:13:58 +02:00
TwoFactorAuth Autocomplete for l10n:* and twofactorauth:* 2016-09-29 15:57:10 +02:00
User Disable empty password for user::resetpassword command using CLI 2017-03-20 00:01:12 -06:00
Base.php Add autocomplete for config:* 2016-09-29 15:57:10 +02:00
Check.php Use SystemConfig instead of AllConfig for DB stuff 2017-03-19 15:53:49 -06:00
InterruptedException.php Log files:scan exception, add InterruptedException 2017-03-20 02:24:28 -06:00
Status.php Deprecate getEditionString() 2016-09-06 16:05:28 +02:00
Upgrade.php Proper logging for appstore updates 2017-05-11 13:35:17 -05:00