Skip to content

Commit

Permalink
fix(Wopi): Mark sensitive parameter as such
Browse files Browse the repository at this point in the history 
Signed-off-by: Joas Schilling <[email protected]>
  • Loading branch information
@nickvergessen @backportbot-nextcloud
nickvergessen authored and backportbot-nextcloud[bot] committed Jul 17, 2023
1 parent 263a457 commit 682724c
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 2 deletions.
5 changes: 5 additions & 0 deletions lib/AppInfo/Application.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
use OCA\Files_Sharing\Event\ShareLinkAccessedEvent;
use OCA\Richdocuments\AppConfig;
use OCA\Richdocuments\Capabilities;
use OCA\Richdocuments\Db\WopiMapper;
use OCA\Richdocuments\Listener\BeforeFetchPreviewListener;
use OCA\Richdocuments\Listener\CSPListener;
use OCA\Richdocuments\Listener\FileCreatedFromTemplateListener;
Expand Down Expand Up @@ -78,6 +79,10 @@ public function register(IRegistrationContext $context): void {
$context->registerEventListener(BeforePreviewFetchedEvent::class, BeforeFetchPreviewListener::class);
$context->registerEventListener(RenderReferenceEvent::class, ReferenceListener::class);
$context->registerReferenceProvider(OfficeTargetReferenceProvider::class);
$context->registerSensitiveMethods(WopiMapper::class, [
'getPathForToken',
'getWopiForToken',
]);
}

public function boot(IBootContext $context): void {
Expand Down
10 changes: 8 additions & 2 deletions lib/Db/WopiMapper.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,10 @@ public function generateInitiatorToken($uid, $remoteServer) {
* @throws ExpiredTokenException
* @throws UnknownTokenException
*/
public function getPathForToken($token) {
public function getPathForToken(
#[\SensitiveParameter]
$token
): Wopi {
return $this->getWopiForToken($token);
}

Expand All @@ -136,7 +139,10 @@ public function getPathForToken($token) {
* @throws UnknownTokenException
* @throws ExpiredTokenException
*/
public function getWopiForToken($token) {
public function getWopiForToken(
#[\SensitiveParameter]
string $token
): Wopi {
$qb = $this->db->getQueryBuilder();
$qb->select('*')
->from('richdocuments_wopi')
Expand Down
4 changes: 4 additions & 0 deletions tests/stub.phpstub
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,3 +89,7 @@ namespace Symfony\Component\HttpFoundation {
public static function checkIp(?string $requestIp, $ips) {}
}
}

#[\Attribute(Attribute::TARGET_PARAMETER)]
class SensitiveParameter {
}

0 comments on commit 682724c

Please sign in to comment.