Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate and sanitise edit locally token and relpath before sending to server #5093

Merged
merged 4 commits into from
Oct 28, 2022
Merged

Validate and sanitise edit locally token and relpath before sending to server #5093

merged 4 commits into from
Oct 28, 2022

Conversation

claucambra
Copy link
Collaborator

@claucambra claucambra commented Oct 25, 2022
edited
Loading

Also do percent encoding to be safe

Signed-off-by: Claudio Cambra claudio.cambra@nextcloud.com

@claucambra claucambra self-assigned this Oct 25, 2022
@claucambra claucambra force-pushed the work/validate-edit-locally-token branch 2 times, most recently from abc338a to ba95567 Compare October 25, 2022 16:09
mgallien
mgallien reviewed Oct 25, 2022
View reviewed changes
src/gui/folderman.cpp Outdated Show resolved Hide resolved
@claucambra claucambra force-pushed the work/validate-edit-locally-token branch from ba95567 to 0bf74f9 Compare October 25, 2022 16:14
@codecov
Copy link

codecov bot commented Oct 25, 2022
edited
Loading

Codecov Report

Merging #5093 (734c986) into master (6db3361) will decrease coverage by 0.00%.
The diff coverage is 55.55%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #5093      +/-   ##
==========================================
- Coverage   57.22%   57.22%   -0.01%     
==========================================
  Files         138      138              
  Lines       17444    17441       -3     
==========================================
- Hits         9982     9980       -2     
+ Misses       7462     7461       -1
Impacted Files Coverage Δ
src/libsync/owncloudpropagator.h 68.42% <0.00%> (-6.02%) ⬇️
src/libsync/syncengine.h 50.00% <57.14%> (+6.25%) ⬆️
src/libsync/syncengine.cpp 84.16% <100.00%> (-0.08%) ⬇️
src/libsync/propagatedownload.cpp 64.61% <0.00%> (+1.17%) ⬆️

@claucambra claucambra force-pushed the work/validate-edit-locally-token branch 2 times, most recently from df53ad1 to b9e6e28 Compare October 25, 2022 17:16
@claucambra claucambra requested a review from mgallien October 25, 2022 17:16
@claucambra claucambra changed the title Validate edit locally token before sending to server Validate and sanitise edit locally token and relpath before sending to server Oct 25, 2022
mgallien
mgallien reviewed Oct 26, 2022
View reviewed changes
src/gui/folderman.cpp Outdated Show resolved Hide resolved
@claucambra claucambra requested a review from mgallien October 27, 2022 15:08
mgallien
mgallien reviewed Oct 28, 2022
View reviewed changes
src/gui/folderman.cpp Outdated Show resolved Hide resolved
src/gui/folderman.cpp Outdated Show resolved Hide resolved
@claucambra
Validate edit locally token before sending to server
8683ee0 
Signed-off-by: Claudio Cambra <claudio.cambra@nextcloud.com>
@claucambra
Make sure to encode the relPath
0c6127d 
Signed-off-by: Claudio Cambra <claudio.cambra@nextcloud.com>
@claucambra
Make sure to check relPath and compare to canonical cleaned path
0b33ce2 
Signed-off-by: Claudio Cambra <claudio.cambra@nextcloud.com>
@claucambra
Use addQueryParams for checkTokenForEditLocally SimpleApiJob
734c986 
Signed-off-by: Claudio Cambra <claudio.cambra@nextcloud.com>
@claucambra claucambra force-pushed the work/validate-edit-locally-token branch from 577d74f to 734c986 Compare October 28, 2022 10:39
@nextcloud-desktop-bot
Copy link

AppImage file: nextcloud-PR-5093-734c986cd1234ed9e5c54e3cc03294ee11cf7e40-x86_64.AppImage

To test this change/fix you can simply download above AppImage file and test it.

Please make sure to quit your existing Nextcloud app and backup your data.

@claucambra claucambra requested a review from mgallien October 28, 2022 10:55
@sonarcloud
Copy link

sonarcloud bot commented Oct 28, 2022

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 3 Code Smells

0.0% 0.0% Coverage
0.0% 0.0% Duplication

@claucambra claucambra merged commit b6deeec into master Oct 28, 2022
@claucambra claucambra deleted the work/validate-edit-locally-token branch October 28, 2022 11:11
@claucambra
Copy link
Collaborator Author

/backport to stable-3.6

@backportbot-nextcloud backportbot-nextcloud bot mentioned this pull request Oct 28, 2022
Merged
@mgallien mgallien added this to the 3.7.0 milestone Nov 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickvergessen nickvergessen nickvergessen left review comments

@mgallien mgallien mgallien approved these changes

@camilasan camilasan Awaiting requested review from camilasan

@allexzander allexzander Awaiting requested review from allexzander

Assignees

@claucambra claucambra

Labels
None yet
Projects
None yet
Milestone
3.7.0
Development

Successfully merging this pull request may close these issues.
4 participants
@claucambra @nextcloud-desktop-bot @mgallien @nickvergessen