Commit Graph

73 Commits

Author SHA1 Message Date
Roeland Jago Douma 5ac857bcdc Add an event to edit the CSP
This introduces and event that can be listend to when we actually use
the CSP. This means that apps no longer have to always inject their CSP
but only do so when it is required. Yay for being lazy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-08 20:35:15 +02:00
Morris Jobke d004164fcc Merge pull request #13327 from nextcloud/allow-bracket-notation-for-remove-ipv6-address
Allow bracket IPv6 address format inside IPAdress Normalizer
2019-03-06 10:34:02 +01:00
Roeland Jago Douma f1ea56b502 Fix the thorrtler whitelist bitmask
Before we actually didn't check each bit of the bitmask. Now we do.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-11 23:22:20 +01:00
Thomas Citharel c9b588774b Allow bracket IPv6 address format inside IPAdress Normalizer
When run with php's build-in server (for instance on localhost:8080), IP provided through $this->server['REMOTE_ADDR'] is [::1], which is not an acceptable format for \inet_pton. This removes the brackets if there's any.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2019-01-03 10:03:46 +01:00
Roeland Jago Douma 372f3d2a60 Remove deprecated functions from SecureRandom
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-12-07 19:33:32 +01:00
Roeland Jago Douma be5c050acc Throw exception if decryption fails
For #11868

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-14 12:47:35 +01:00
Morris Jobke 39338aaa67 Merge pull request #11914 from nextcloud/csp/report-uri
Add report-uri to CSP
2018-10-23 16:42:24 +02:00
Roeland Jago Douma 0fdc65a15c Add nonce for Safari 12+
As far as I can tell this should work now.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-21 20:48:12 +02:00
Roeland Jago Douma 579822b6a5 Add report-uri to CSP
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-21 13:38:32 +02:00
Roeland Jago Douma 8354c50911 Deprecate the childSrc functions
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-04 07:35:44 +02:00
Roeland Jago Douma c8fe4b4fc8 Add workerSrc to CSP
Fixes #11035

Since the child-src directive is deprecated (we should kill it at some
point) we need to have the proper worker-src available

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-04 07:35:44 +02:00
Mark Berezovsky ad66c6bf08 Fix #9864: Decrease $maxDelay in Throttler.php
Signed-off-by: Mark Berezovsky <xpnf@yandex.ru>
2018-06-15 04:58:08 +03:00
Roeland Jago Douma 84316aec66 Add ARGON2I support to the hasher
When on php7.2 we can use the new and improved ARGON2I hashing.
This adds support for that to the hasher. When verifying an old hash
we'll update rehash to move all hashes eventually to the new hash
function.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-04 15:43:50 +02:00
Roeland Jago Douma d8332d43f8 Make \OC\Security\IdentityProof strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-05 19:33:16 +01:00
Roeland Jago Douma 5457373407 Merge pull request #8659 from nextcloud/csrf_token_strict
Make \OC\Security\CSRF strict
2018-03-05 19:28:10 +01:00
Roeland Jago Douma 4ed9b74a6b Make OC\Security\CSP strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-05 15:27:05 +01:00
Roeland Jago Douma 2c8402aa17 Make \OC\Security\CSRF strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-05 15:01:02 +01:00
Morris Jobke 0a56d2185e Return value immediately instead of assigning to a one-time variable
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 00:02:03 +01:00
Roeland Jago Douma 0e0db37658 Make OCP\Security stricter
* Add typehints
* Add return types
* Opcode opts from phpstorm
* Made strict
* Fixed tests: No need to test bogus values anymore strict typing fixes
this

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-16 22:01:19 +01:00
Morris Jobke c0c4263546 Merge pull request #7850 from nextcloud/strict_ipaddress
Make IPAddress typed and strict
2018-01-14 21:16:06 +01:00
Roeland Jago Douma bb2938a47d Make IPAddress typed and strict
* Added scalar typehints
* Added return statements
* Added strict declaration

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-14 21:15:44 +01:00
Morris Jobke 2ed4bea18f Merge pull request #7852 from nextcloud/strict_ratelimiting
Make OC\Security\RateLimiting strict
2018-01-14 21:08:45 +01:00
Roeland Jago Douma cf0a339997 Make OC\Security\RateLimiting strict
* Add return types
* Add scalar argument types
* Made strict
* Cleaned up phpstorm inspections

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-14 21:08:23 +01:00
Roeland Jago Douma 6e1ee1e7a7 Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-14 21:04:52 +01:00
Roeland Jago Douma de5d7aa331 Strict ISecure random
* Declare strict
* Scalar arguments
* Return type
* Use fully qualified name for strlen

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-13 21:39:34 +01:00
Morris Jobke ca28df6fcc Adds type hinting for scalar types in ICrypto->decrypt
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-13 00:06:03 +01:00
Morris Jobke d2d73f1ce8 Also replace all other occurences
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-12-18 20:57:11 +01:00
Morris Jobke 5a270c2715 Reset bruteforce attempt table on successful login
* only clear the entries that come from the same subnet, same action and same metadata

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-24 14:58:57 +01:00
Morris Jobke 0eebff152a Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Thomas Citharel ecf347bd1a Add CSP frame-ancestors support
Didn't set the @since annotation yet.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-09-15 15:23:10 +02:00
Bjoern Schiessle bae5be3dc1 add prefix to user and system keys to avoid name collisions
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-10 14:27:35 +02:00
Bjoern Schiessle 9524badccc extend the identity proof manager to allow system wide key pairs
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-10 14:27:35 +02:00
Lukas Reschke 6fb84ebb71 null is a valid parameter
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 08:20:16 +02:00
Lukas Reschke dfd8125aeb Replace wrong PHPDocs
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 08:20:16 +02:00
Roeland Jago Douma 5f227bd93b More phpstorm inspection fixes
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-24 11:39:29 +02:00
Lukas Reschke 3d2600b039 Add Phan plugin to check for SQL injections
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
Roeland Jago Douma 6a1f2ac076 Add bruteforce capabilities
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-13 11:23:08 +02:00
Roeland Jago Douma 04f2090698 Write cert bundle to tmp file first
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-12 19:24:20 +02:00
Joas Schilling ca39940614 Automatic creation of Identity manager
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-10 09:45:11 +02:00
Roeland Jago Douma 5a61a794d4 Do not write and read rootcerts.crt at the same time
(Possibly) fixes #3470

When updating the main file /files_external/rootcerts.crt we should not
read from /files_external/rootcerts.crt at the same time.

For 2 reasons: writing to a file and reading from it at the same time
can have non deterministic results

And we don't want all the certificates to appear 2 times in there.

This isn't caught by our standard file locking (that does not allow this
actually) because it is in a non locked path....

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-05-09 13:00:07 +02:00
Lukas Reschke a5ccb31e85 Mark IP as whitelisted if brute force protection is disabled
Currently, when disabling the brute force protection no new brute force attempts are logged. However, the ones logged within the last 24 hours will still be used for throttling.

This is quite an unexpected behaviour and caused some support issues. With this change when the brute force protection is disabled also the existing attempts within the last 24 hours will be disregarded.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-01 18:31:45 +02:00
Morris Jobke c54a59d51e Remove unused use statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 19:23:31 -05:00
Lukas Reschke e39e6d0605 Remove expired attempts
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:18 +02:00
Lukas Reschke 66835476b5 Add support for ratelimiting via annotations
This allows adding rate limiting via annotations to controllers, as one example:

```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```

Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:16 +02:00
Roeland Jago Douma be674c19a5 Respect bruteforce settings in the Throttler
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-02 21:13:50 +02:00
Bjoern Schiessle df296249d6 introduce brute force protection for api calls
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-18 15:25:15 +01:00
Robin Appelman 817e974c5f dont write a certificate bundle if the shipped ca bundle is empty
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-01-09 16:51:27 +01:00
Lukas Reschke 7d221ff8f4 Safari CSPv3 support is sub-par
With 10.0.1 CSPv3 is broken in Safari if it doesn't run from a local IP. Awesome.

=> Let's remove this for Safari and keep chrome and Firefox in the whitelist.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-14 13:17:20 +01:00
Roeland Jago Douma 72f9920a58 Add Identityproof tests
* Add tests for Key
* Add tests for Manager
* Add tests for Signer
* Removed URLGenerator from Signer

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-24 21:50:19 +01:00
Lukas Reschke fb91bf6a5b Add a signer class for signing
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-21 11:30:00 +01:00