georglauterbach
5915d7f7ce
fix: remove superflous line
...
Signed-off-by: georglauterbach <44545919+georglauterbach@users.noreply.github.com>
2024-11-14 10:45:23 +00:00
georglauterbach
c97cb962ee
fix: do not query CNAME if A succeeded already
...
Signed-off-by: georglauterbach <44545919+georglauterbach@users.noreply.github.com>
2024-11-14 10:45:23 +00:00
Andy Scherzinger
dae7c159f7
chore: Add SPDX header
...
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-05-24 13:11:22 +02:00
Benjamin Gaussorgues
7e4be1fcfd
fix(dns): detect disabled IPv6 support in DNS pinning
...
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-03-26 12:04:51 +01:00
John Molakvoæ
836c882b8c
Merge pull request #43446 from jithin-space/add-patch-request-to-http-client-interface
2024-03-16 13:21:13 +01:00
Côme Chilliet
82fbab4632
fix: Swap method and uri parameter in request to match upstream order
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-03-07 14:06:08 +01:00
Ferdinand Thiessen
01d5af66be
feat(IClient): Add request
function to do arbitrary HTTP requests
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-03-07 14:06:08 +01:00
Joas Schilling
ecb111cec7
fix(federation): Allow cloud federation providers to handle unsuccessful return codes
...
Otherwise they are put to retry and will immediately trigger bruteforce protection infinitely
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-02-28 10:20:55 +01:00
Robin Kluth
414f8f1f2d
Include hostName:$port
for Host access violation message as well
...
Signed-off-by: Robin Kluth <Commifreak@users.noreply.github.com>
2024-02-24 11:34:34 +01:00
Robin Kluth
25c0021137
Log Host/IP in LocalServerException
for Host violates local access rules
...
Signed-off-by: Robin Kluth <Commifreak@users.noreply.github.com>
2024-02-24 11:34:34 +01:00
Robin Kluth
d70cd5add2
Log Host/IP in LocalServerException
for Host violates local access rules
...
Signed-off-by: Robin Kluth <Commifreak@users.noreply.github.com>
2024-02-24 11:34:34 +01:00
jithin-space
7c11414c9b
added patch method
...
Signed-off-by: jithin-space <jithin.thankachan@gpsrenewables.com>
2024-02-08 15:54:20 +05:30
Joas Schilling
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2023-11-23 10:36:13 +01:00
Daniel Kesselberg
f8f985602b
test: add tests for dns pin middleware
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2023-09-12 14:04:23 +02:00
Daniel Kesselberg
03f1f1ed2e
enh: skip processing for empty response
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2023-09-04 15:28:02 +02:00
Daniel Kesselberg
eab46bdfe6
feat: add switch to disable dns pinning
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2023-08-29 18:03:54 +02:00
Joas Schilling
ec6728d710
feat(HTTPClient): Provide wrapped access to Guzzle's asyncRequest()
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-06-27 15:53:57 +02:00
Robin Appelman
e7ab30f5d8
log performance events for http requests
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2023-04-28 15:37:57 +02:00
Côme Chilliet
426c0341ff
Use typed version of IConfig::getSystemValue as much as possible
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-04-05 12:50:08 +02:00
Côme Chilliet
f5c361cf44
composer run cs:fix
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-01-20 11:45:08 +01:00
Christoph Wurst
ce259435c2
Fix DNS Pin Middleware throwing for public IPs
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-11-08 14:18:05 +01:00
Christoph Wurst
8aea25b5b9
Add remote host validation API
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-10-31 16:13:28 +01:00
Christoph Wurst
d4b9b010b0
Rename LocalAddressChecker methods to lower case
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-10-27 13:24:28 +02:00
Simon L
11108e8032
Revert "fix external storages access"
...
Signed-off-by: szaimen <szaimen@e.mail.de>
2022-10-23 22:36:34 +02:00
John Molakvoæ
304c1b9b61
Merge pull request #33087 from nextcloud/fix/30282/external-storages
...
fix external storages access
2022-10-23 10:42:46 +02:00
Côme Chilliet
31117fa7c7
Fix tests for nested v4 in v6
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-09-20 12:46:22 +02:00
Côme Chilliet
7ac688a2e5
Use new dependency to normalize IPs
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-09-20 12:34:04 +02:00
Côme Chilliet
a907b74c2a
Add missing urldecode and idn_to_utf8 calls to local address checker
...
The call to idn_to_utf8 call is actually to apply normalization
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-09-20 12:20:35 +02:00
luz paz
368f83095d
Fix typos in lib/private subdirectory
...
Found via `codespell -q 3 -S l10n -L jus ./lib/private`
Signed-off-by: luz paz <luzpaz@github.com>
2022-07-27 08:52:17 -04:00
Côme Chilliet
c5ffd7ce32
Use Symfony IpUtils to check for local IP ranges
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-07-12 12:09:05 +02:00
Côme Chilliet
707b46bb01
Check for local IPs nested in IPv6 as well
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-07-12 09:49:27 +00:00
Côme Chilliet
d0830432a7
Refactor local IP if and set strict to true for in_array
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-07-12 09:49:27 +00:00
Côme Chilliet
bd9aff47b6
Improve local IP detection
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-07-12 09:49:27 +00:00
szaimen
2ad53742f2
fix external storages access
...
Signed-off-by: szaimen <szaimen@e.mail.de>
2022-07-01 22:52:10 +02:00
Côme Chilliet
d23c7d245c
Improve local domain detection
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-06-23 11:45:16 +02:00
Côme Chilliet
6be7aa112f
Migrate from ILogger to LoggerInterface in lib/private
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-03-24 16:21:25 +01:00
Vincent Petry
9b6a1cc8ae
Send images to imaginary docker to generate previews
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
Co-Authored-by: Vincent Petry <vincent@nextcloud.com>
2022-03-17 08:24:07 +01:00
Lukas Reschke
84d9b17dc7
Check for !== false instead
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2021-07-12 15:06:30 +02:00
Lukas Reschke
b0cef8827d
Check if dns_get_record returns non-false
...
`dns_get_record` can return false which results in exceptions such as
the ones shown in https://github.com/nextcloud/server/issues/27870 .
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2021-07-12 13:15:20 +02:00
Sanpi
81c272a8a5
Fixes recursion count incrementation
...
Signed-off-by: Sanpi <sanpi@homecomputing.fr>
2021-07-07 12:00:00 +00:00
kesselb
9f04a7c71e
Merge pull request #27801 from nextcloud/enh/noid/hardening-dns-pin-middleware
...
Ignore subdomain for soa queries
2021-07-06 18:55:25 +02:00
Daniel Kesselberg
b6530e5e82
Ignore subdomain for soa queries
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2021-07-05 20:29:06 +02:00
Aaron Ball
484913dc31
Fix DnsPinMiddleware resolve pinning bug
...
Libcurl expects the value of the CURLOPT_RESOLVE configurations to be an
array of strings, those strings containing a comma delimited list of
resolved IPs for each host:port combination.
The original code here does create that array with the host:port:ip
combination, but multiple ips for a single host:port result in
additional array entries, rather than adding them to the end of the
string with a comma. Per the libcurl docs, the `CURLOPT_RESOLVE` array
entries should match the syntax `host:port:address[,address]`.
This creates a function-scoped associative array which uses `host:port`
as the key (which are supposed to be unique and this ensures that), and
the value is an array containing IP strings (ipv4 or ipv6). Once the
associative array is populated, it is then set to the CURLOPT_RESOLVE
array, imploding the ip arrays using a comma delimiter so the array
syntax matches the expected by libcurl.
Note that this reorders the "foreach ip" and "foreach port" loops.
Rather than looping over ips then ports, we now loop over ports then
ips, since ports are part of the unique host:port map, and multiple ips
can exist therein.
Signed-off-by: Aaron Ball <nullspoon@oper.io>
2021-07-02 16:08:44 -06:00
John Molakvoæ (skjnldsv)
215aef3cbd
Update php licenses
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2021-06-04 22:02:41 +02:00
Arthur Schiwon
9f5480eef4
ensure redis returns bool for hasKey
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-04-13 23:07:54 +02:00
Lukas Reschke
5fe1f134f9
Strictify null check
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2021-04-06 11:39:24 +00:00
Lukas Reschke
5f3abffe6f
Improve networking checks
...
Whilst we currently state that SSRF is generally outside of our threat model, this is something where we should invest to improve this.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2021-04-06 11:37:47 +00:00
Christoph Wurst
aabd73912e
Type the service registration
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-02-10 09:44:24 +01:00
Marco Ziech
4923c6be25
Use RFC-compliant URL encoding for cookies
...
PHP 7.4.2 changed the way how cookies are decoded, applying RFC-compliant raw URL decoding. This leads to a conflict Nextcloud's own cookie encoding, breaking the remember-me function if the UID contains a space character.
Fixes #24438
Signed-off-by: Marco Ziech <marco@ziech.net>
2021-01-24 14:18:28 +01:00
Roeland Jago Douma
41c80d6c19
Fix option in the client code itself as well
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-01-12 12:36:21 +01:00