averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-03-04 18:28:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: mark systemconfig value as not being tainted because they are implicitly trusted

Browse Source 
Signed-off-by: Robin Appelman <robin@icewind.nl>
This commit is contained in:
Robin Appelman
2024-08-22 14:34:37 +02:00
committed by Louis
parent 57ffbb7391
commit e2bff39f73
1 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
lib/private/SystemConfig.php
View File

@@ -114,6 +114,24 @@ class SystemConfig {
) {
}
/**
* Since system config is admin controlled, we can tell psalm to ignore any taint
*
* @psalm-taint-escape sql
* @psalm-taint-escape html
* @psalm-taint-escape ldap
* @psalm-taint-escape callable
* @psalm-taint-escape file
* @psalm-taint-escape ssrf
* @psalm-taint-escape cookie
* @psalm-taint-escape header
* @psalm-taint-escape has_quotes
* @psalm-pure
*/
public static function trustSystemConfig(mixed $value): mixed {
return $value;
}
/**
* Lists all available config keys
* @return array an array of key names
@@ -150,7 +168,7 @@ class SystemConfig {
* @return mixed the value or $default
*/
public function getValue($key, $default = '') {
return $this->config->getValue($key, $default);
return $this->trustSystemConfig($this->config->getValue($key, $default));
}
/**