Lukas Reschke issues

Results 18 issues of


                                            Lukas Reschke

Get rid of openssl_seal in encryption code

We should get rid of openssl_seal in the encryption app as that uses the RC4 cipher which considered out-of-date. At the moment it is used for encrypting multi-keys to file...

enhancement

1. to develop

feature: encryption (server-side)

security

Remove examples from git repository and shipped code

There are still examples included at https://github.com/nextcloud/dashboard/tree/master/vendor such as https://github.com/nextcloud/dashboard/blob/master/vendor/datatables/datatables/examples/resources/examples.php and some more which we should all remove. Assigning myself here.

bug

Fix integration tests

technical debt

Consider signing the application

You might want to consider signing the application when uploading to the appstore. Uploaded release balls on GitHub can everybody modify :see_no_evil: :speak_no_evil: :hear_no_evil: It would be an additional step...

security

PIN is requested again when opening notification view

From my PoV not really necessary and for my workflow contraproductive. Though not really a big issue for me.

Bug

Enhancement

Design

Show URL and UID columns on the main log screen

enhancement

Improve password policy handling on login

- [ ] Document existing state (we do only check the policy on password changes) - [ ] Consider performing the password policy check also on login time Reference https://hackerone.com/reports/1169335

enhancement

security

Conditional sink support

e.g. `print_r` is only a sink depending on the second parameter. Probably possible to take the logic from https://github.com/vimeo/psalm/commit/af008953a8022566477b0555a10e17dac58e6a2f and apply it somewhat adjusted to `psalm-taint-sink`. Ref https://github.com/vimeo/psalm/issues/3665

enhancement

taint analysis