server/apps/dav/lib/CardDAV
Lukas Reschke 3d2600b039
Add Phan plugin to check for SQL injections
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
..
Xml Remove unused use statements 2017-04-22 19:23:31 -05:00
AddressBook.php Fix remaining "PHP Inspection" warnings 2017-04-20 10:44:11 +02:00
AddressBookImpl.php Fix tests 2016-11-04 13:37:00 +01:00
AddressBookRoot.php Translate the Contacts addressbook when it's default 2016-10-06 14:20:01 +02:00
CardDavBackend.php Add Phan plugin to check for SQL injections 2017-07-20 22:48:13 +02:00
ContactsManager.php Translate the Contacts addressbook when it's default 2016-10-06 14:20:01 +02:00
Converter.php use right format for avatars 2017-03-24 11:06:44 +01:00
ImageExportPlugin.php Fix ImageExportPluginTest 2017-05-08 11:20:49 +02:00
PhotoCache.php Clear cache on vcard change/delete 2017-05-08 11:20:49 +02:00
Plugin.php Fix apps/ 2016-07-21 18:13:57 +02:00
SyncJob.php Fix apps/ 2016-07-21 18:13:57 +02:00
SyncService.php get addressbook url and carddav user from remote server 2017-04-11 15:04:01 +02:00
UserAddressBooks.php Translate the Contacts addressbook when it's default 2016-10-06 14:20:01 +02:00