plugins-nextcloud-mirror/spreed
1
0
Fork 0
mirror of https://github.com/nextcloud/spreed.git synced 2025-12-18 05:20:50 +01:00
Code Projects Releases Activity

fix(opengrep): Ignore some things in PHP

Browse source 
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2025-09-18 10:49:29 +02:00 committed by Dorra Jaouad
parent e5b4533cae
commit b17c7c96d6
7 changed files with 16 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/Config.php
View file

@ -319,6 +319,7 @@ class Config {
}
if (str_starts_with($url, 'http://')) {
// noopengrep: javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket
return 'ws://' . substr($url, 7, strpos($url, '/', 7) - 7);
}
@ -326,6 +327,7 @@ class Config {
return substr($url, 0, strpos($url, '/', 6));
}
// noopengrep: javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket
if (str_starts_with($url, 'ws://')) {
return substr($url, 0, strpos($url, '/', 5));
}

1
lib/Controller/TempAvatarController.php
View file

@ -65,6 +65,7 @@ class TempAvatarController extends OCSController {
);
}
$content = file_get_contents($files['tmp_name'][0]);
// noopengrep: php.lang.security.unlink-use.unlink-use
unlink($files['tmp_name'][0]);
} else {
return new DataResponse(

1
lib/MatterbridgeManager.php
View file

@ -790,6 +790,7 @@ class MatterbridgeManager {
*/
private function runCommand(string $cmd): ?array {
$descriptorspec = [fopen('php://stdin', 'r'), ['pipe', 'w'], ['pipe', 'w']];
// noopengrep: php.lang.security.exec-use.exec-use
$process = proc_open($cmd, $descriptorspec, $pipes);
if ($process) {
$output = stream_get_contents($pipes[1]);

7
lib/Recording/BackendNotifier.php
View file

@ -87,10 +87,11 @@ class BackendNotifier {
$url = '/api/v1/room/' . $room->getToken();
$url = $recording['server'] . $url;
if (str_starts_with($url, 'wss://')) {
$url = 'https://' . substr($url, 6);
} elseif (str_starts_with($url, 'ws://')) {
// noopengrep: javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket
if (str_starts_with($url, 'ws://')) {
$url = 'http://' . substr($url, 5);
} elseif (str_starts_with($url, 'wss://')) {
$url = 'https://' . substr($url, 6);
}
$body = json_encode($data);
$headers = [

1
lib/Service/AvatarService.php
View file

@ -60,6 +60,7 @@ class AvatarService {
}
$content = file_get_contents($file['tmp_name']);
// noopengrep: php.lang.security.unlink-use.unlink-use
unlink($file['tmp_name']);
$image = new \OCP\Image();
$image->loadFromData($content);

9
lib/Signaling/BackendNotifier.php
View file

@ -107,11 +107,14 @@ class BackendNotifier {
$url = '/api/v1/room/' . $room->getToken();
$url = $signaling['server'] . $url;
if (str_starts_with($url, 'wss://')) {
$url = 'https://' . substr($url, 6);
} elseif (str_starts_with($url, 'ws://')) {
// noopengrep: javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket
if (str_starts_with($url, 'ws://')) {
$url = 'http://' . substr($url, 5);
} elseif (str_starts_with($url, 'wss://')) {
$url = 'https://' . substr($url, 6);
}
$body = json_encode($data);
$headers = [
'Content-Type' => 'application/json',

1
lib/Signaling/Manager.php
View file

@ -57,6 +57,7 @@ class Manager {
$url = 'https://' . substr($url, 6);
}
// noopengrep: javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket
if (str_starts_with($url, 'ws://')) {
$url = 'http://' . substr($url, 5);
}