Add missing taint analysis docblock comments, and improve escaping in some methods

Signed-off-by: Carl Schwan <carl@carlschwan.eu> Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago · b1ec7ff51f
3 changed files with 5 additions and 2 deletions
--- a/apps/dashboard/lib/Controller/LayoutApiController.php
+++ b/apps/dashboard/lib/Controller/LayoutApiController.php
@ -31,7 +31,6 @@ use OCP\IConfig;
 use OCP\IRequest;

 class LayoutApiController extends OCSController {
-
 	/** @var IConfig */
 	private $config;
 	/** @var string */
@ -56,6 +55,7 @@ class LayoutApiController extends OCSController {
 	 * @return JSONResponse
 	 */
 	public function create(string $layout): JSONResponse {
+		$layout = htmlspecialchars($layout);
 		$this->config->setUserValue($this->userId, 'dashboard', 'layout', $layout);
 		return new JSONResponse(['layout' => $layout]);
 	}
--- a/lib/private/Files/Filesystem.php
+++ b/lib/private/Files/Filesystem.php
@ -642,6 +642,7 @@ class Filesystem {
 	 * @param bool $stripTrailingSlash whether to strip the trailing slash
 	 * @param bool $isAbsolutePath whether the given path is absolute
 	 * @param bool $keepUnicode true to disable unicode normalization
+	 * @psalm-taint-escape file
 	 * @return string
 	 */
 	public static function normalizePath($path, $stripTrailingSlash = true, $isAbsolutePath = false, $keepUnicode = false) {
--- a/lib/private/legacy/OC_App.php
+++ b/lib/private/legacy/OC_App.php
@ -85,12 +85,14 @@ class OC_App {
 	 *
 	 * @psalm-taint-escape file
 	 * @psalm-taint-escape include
+	 * @psalm-taint-escape html
+	 * @psalm-taint-escape has_quotes
 	 *
 	 * @param string $app AppId that needs to be cleaned
 	 * @return string
 	 */
 	public static function cleanAppId(string $app): string {
-		return str_replace(['\0', '/', '\\', '..'], '', $app);
+		return str_replace(['<', '>', '"', "'", '\0', '/', '\\', '..'], '', $app);
 	}

 	/**