chore(deps): update dependency gdata/vaas to v9 (#98)

* chore(deps): update dependency gdata/vaas to v9
* async upload

---------

Co-authored-by: Renovate Bot <[email protected]>
Co-authored-by: Kevin Heise <[email protected]>
Co-authored-by: Lennart Dohmann <[email protected]>
Co-authored-by: Lennart Dohmann <[email protected]>
Co-authored-by: unglaublicherdude <[email protected]>

.devcontainer/postCreateCommands.sh

@@ -5,10 +5,14 @@ sudo apt-get install -y bash-completion vim iputils-ping telnet
 sudo bash -c "docker completion bash > /usr/share/bash-completion/completions/docker"
 sudo bash -c "composer completion bash > /usr/share/bash-completion/completions/composer"
 sudo bash -c "npm completion > /usr/share/bash-completion/completions/npm"
+sudo cp xdebug.local.ini /usr/local/etc/php/conf.d/xdebug.ini
+sudo curl -sS https://webi.sh/gh | sh
 
 echo ". /usr/share/bash-completion/bash_completion" >> /home/vscode/.bashrc
 
 NEXTCLOUD_VERSION=$(grep -oP "[0-9]+\.[0-9]+\.[0-9]+" install.sh)
+mkdir -p ~/.ssh/
+ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
 git clone --depth 1 --recurse-submodules --single-branch --branch v$NEXTCLOUD_VERSION [email protected]:nextcloud/server.git ./nextcloud-server
 cd nextcloud-server
 git submodule update --init

.github/workflows/release-app.yml

@@ -52,26 +52,36 @@ jobs:
           CLIENT_ID: ${{ secrets.VAAS_CLIENT_ID }}
           CLIENT_SECRET: ${{ secrets.VAAS_CLIENT_SECRET }}
         run: |
-          composer install --quiet
+          composer install
           ./vendor/bin/phpunit --bootstrap tests/unittests/bootstrap.php tests/unittests/ --testdox
 
       - name: install nextcloud
         env:
           CLIENT_ID: ${{ secrets.VAAS_CLIENT_ID }}
           CLIENT_SECRET: ${{ secrets.VAAS_CLIENT_SECRET }}
-        run: ./install.sh ${{ matrix.nextcloud_version }}
+        run: ./install.sh ${{ matrix.nextcloud_version }} 1
 
       - name: run tests
+        id: bats-tests
         env:
           CLIENT_ID: ${{ secrets.VAAS_CLIENT_ID }}
           CLIENT_SECRET: ${{ secrets.VAAS_CLIENT_SECRET }}
-        run: bats --no-parallelize-across-files --jobs 2 ./tests/bats
+        run: |
+          if bats --verbose-run --timing --trace --no-parallelize-across-files --jobs 2 ./tests/bats; then
+            echo "bats_run=success" | tee -a "$GITHUB_OUTPUT";
+          else
+            echo "bats_run=fail" | tee -a "$GITHUB_OUTPUT";
+          fi
 
       - uses: actions/upload-artifact@master
         with:
           overwrite: true
-          name: build-dir
-          path: build/
+          name: core-dump
+          path: coredumps/*
+
+      - name: fail if bats tests did fail
+        if: steps.bats-tests.outputs.bats_run == 'fail'
+        run: exit 1
 
   release:
     needs:

.gitignore

@@ -4,6 +4,7 @@
 .idea
 *.local
 *.iml
+*.local.php
 /build/
 node_modules/
 /.php_cs.cache
@@ -64,5 +65,8 @@ js/
 .uuid
 eicar.com.txt
 tmp/
-
-nextcloud-server/
+core.1
+nextcloud-server/
+core-dump.zip
+apache/
+**/vendor/*

.vscode/launch.json

@@ -26,7 +26,7 @@
             "name": "Listen for Xdebug",
             "type": "php",
             "request": "launch",
-            "port": 9000
+            "port": 9003
         },
         {
             "name": "Launch currently open script",

Dockerfile.Nextcloud

@@ -1,8 +1,36 @@
-ARG NEXTCLOUD_VERSION=29.0.4
+ARG NEXTCLOUD_VERSION=29.0.6
+ARG INSTALL_XDEBUG=1
 
 FROM nextcloud:${NEXTCLOUD_VERSION}
 
-RUN apt update && apt install -y less vim telnet iputils-ping
+RUN apt update && apt install -y \
+    less vim telnet iputils-ping gdb libexpat1-dev libapr1-dev libaprutil1-dev devscripts debmake \
+    bison jdupes libbrotli-dev liblua5.4-dev libnghttp2-dev libssl-dev libxml2-dev libcurl4-openssl-dev libjansson-dev
+# RUN curl -L -o /tmp/apache2_2.4.61.orig.tar.gz https://launchpad.net/debian/+archive/primary/+sourcefiles/apache2/2.4.61-1/apache2_2.4.61.orig.tar.gz \
+#     && tar -xzf /tmp/apache2_2.4.61.orig.tar.gz -C /tmp \
+#     && mv /tmp/httpd-2.4.61 /tmp/apache2-2.4.61 \
+#     && curl -L -o /tmp/apache2_2.4.61-1.debian.tar.xz https://launchpad.net/debian/+archive/primary/+sourcefiles/apache2/2.4.61-1/apache2_2.4.61-1.debian.tar.xz \
+#     && tar -xf /tmp/apache2_2.4.61-1.debian.tar.xz -C /tmp \
+#     && mv /tmp/debian /tmp/apache2-2.4.61/debian \
+#     && cd /tmp/apache2-2.4.61 \
+#     && debuild || echo "no signature"
+RUN curl -o /root/.gdbinit https://raw.githubusercontent.com/php/php-src/master/.gdbinit
+RUN ulimit -c unlimited
+RUN mkdir -p /tmp/apache2-coredump \
+    && chown -R www-data:www-data /tmp/apache2-coredump \
+    && chmod 777 /tmp/apache2-coredump \
+    && echo "CoreDumpDirectory /tmp/apache2-coredump" >> /etc/apache2/apache2.conf
 ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/
-RUN install-php-extensions gd xdebug
-COPY xdebug.ini /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
+RUN mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini"
+RUN sed -i 's/max_execution_time = 30/max_execution_time = -1/g' "$PHP_INI_DIR/php.ini"
+RUN sed -i 's/max_input_time = 60/max_input_time = -1/g' "$PHP_INI_DIR/php.ini"
+RUN sed -i 's/memory_limit = 128M/memory_limit = -1/g' "$PHP_INI_DIR/php.ini"
+RUN echo "error_log = /var/www/html/data/php.log" >> "$PHP_INI_DIR/php.ini"
+RUN sed -i 's/#LogLevel info ssl:warn/LogLevel debug/g' /etc/apache2/sites-available/000-default.conf
+
+COPY xdebug.ini /tmp/xdebug.ini
+RUN if [[ "$INSTALL_XDEBUG" == "1" ]]; then \
+    install-php-extensions gd xdebug; \
+    mv /tmp/xdebug.ini /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini; \
+    fi
+

Makefile

@@ -121,6 +121,16 @@ appstore: build
 	tar czf $(appstore_package_name).tar.gz \
 	--transform s/$(app_directory_name)/$(app_real_name)/ \
 	--exclude-vcs \
+	--exclude="../$(app_directory_name)/opcache-disabled.ini" \
+	--exclude="../$(app_directory_name)/opcache-blacklist.txt" \
+	--exclude="../$(app_directory_name)/artifacts" \
+	--exclude="../$(app_directory_name)/tmp*" \
+	--exclude="../$(app_directory_name)/Dockerfile*" \
+	--exclude="../$(app_directory_name)/nextcloud-server*" \
+	--exclude="../$(app_directory_name)/compose-install.yaml" \
+	--exclude="../$(app_directory_name)/empty-skeleton.config.php" \
+	--exclude="../$(app_directory_name)/get-matrix.sh" \
+	--exclude="../$(app_directory_name)/xdebug.*" \
 	--exclude="../$(app_directory_name)/build" \
 	--exclude="../$(app_directory_name)/tests" \
 	--exclude="../$(app_directory_name)/Makefile" \

README.md

@@ -132,7 +132,7 @@ The `install.sh` script is used to set up and configure a Nextcloud instance wit
    If you want to use the ResourceOwnerPasswordFlow you have to set these settings manually in the Nextcloud settings after the installation.
 
 2. **Specify the Nextcloud server version**:
-    - The Nextcloud version defaults to 29.0.4
+    - The Nextcloud version defaults to 29.0.6
     - You can start the `install.sh` script with the desired Nextcloud version as an argument, e.g. `./install.sh 29`
 
 3. **Smtp4Dev**:

compose-install.yaml

@@ -5,22 +5,23 @@ services:
       dockerfile: Dockerfile.Nextcloud
       args:
         - NEXTCLOUD_VERSION=${NEXTCLOUD_VERSION:-29.0.3}
+        - INSTALL_XDEBUG=${INSTALL_XDEBUG:-1}
     environment:
-      - XDEBUG_MODE=${XDEBUG_MODE:-develop}
+      XDEBUG_MODE: ${XDEBUG_MODE:-develop}
     ports:
       - "80:80"
+    privileged: true
+    # cap_add:
+    #   - SYS_PTRACE
+    #   - SYS_ADMIN
+    #   - NET_ADMIN
     container_name: nextcloud-container
     hostname: nextcloud-container
     depends_on:
       - smtp
     restart: unless-stopped
     networks:
       - nextcloud-network
-    healthcheck:
-      test: 'php occ status | grep "installed: false"'
-      interval: 5s
-      timeout: 2s
-      retries: 10
   smtp:
     image: rnwood/smtp4dev:v3
     container_name: smtp
@@ -34,4 +35,4 @@ services:
       - nextcloud-network
 
 networks:
-  nextcloud-network:
+  nextcloud-network:

composer.json

@@ -9,13 +9,13 @@
 		}
 	],
 	"require": {
-		"gdata/vaas": "8.0.2",
+		"gdata/vaas": "v9.0.4",
 		"coduo/php-humanizer": "^5.0"
 	},
 	"require-dev": {
-		"nextcloud/ocp": "v29.0.4",
+		"nextcloud/ocp": "v29.0.6",
 		"psalm/phar": "5.25.0",
-		"nextcloud/coding-standard": "v1.2.1",
+		"nextcloud/coding-standard": "v1.2.3",
 		"phpunit/phpunit": "10.5.30",
 		"symfony/console": "6.4.10"
 	},

composer.local.vaas.json

@@ -0,0 +1,14 @@
+{
+	"repositories": [
+		{
+			"type": "path",
+			"url": "./gdata/php/src/vaas",
+			"options": {
+				"symlink": false
+			}
+		}
+	],
+	"require": {
+		"gdata/vaas": "@dev"
+	}
+}

install.sh

@@ -1,6 +1,7 @@
 #!/bin/bash
 
-export NEXTCLOUD_VERSION=${1:-29.0.4}
+export NEXTCLOUD_VERSION=${1:-29.0.6}
+export INSTALL_XDEBUG=${2:-1}
 export XDEBUG_MODE=${XDEBUG_MODE:-develop}
 
 source .env-local || echo "No .env-local file found."
@@ -11,6 +12,15 @@ setup_nextcloud () {
   docker compose -f compose-install.yaml rm --force --stop --volumes
   docker compose -f compose-install.yaml up --build --quiet-pull --wait -d --force-recreate --renew-anon-volumes --remove-orphans
 
+  docker exec -i nextcloud-container ulimit -c unlimited
+  docker exec -i nextcloud-container bash -c 'echo "/tmp/apache2-coredump/core-%e-%s-%u-%g-%p-%t" > /proc/sys/kernel/core_pattern'
+
+  until docker exec --user www-data -i nextcloud-container php occ status | grep "installed: false"
+  do
+    echo "waiting for nextcloud to be initialized"
+    sleep 2
+  done
+
   echo "copy config for empty skeleton"
   docker cp ./empty-skeleton.config.php nextcloud-container:/var/www/html/config/config.php
   docker exec -i nextcloud-container chown www-data:www-data /var/www/html/config/config.php
@@ -23,6 +33,8 @@ setup_nextcloud () {
 
   docker exec --user www-data -i nextcloud-container php occ log:manage --level DEBUG
   docker exec --user www-data -i nextcloud-container php occ app:disable firstrunwizard
+  docker exec --user www-data -i nextcloud-container php occ app:disable weather_status
+  docker exec --user www-data -i nextcloud-container php occ config:system:set trusted_domains 2 --value=192.168.5.80
 
   echo "setup nextcloud finished"
 }
@@ -71,4 +83,6 @@ docker exec --user www-data -i nextcloud-container php occ user:setting admin se
 source install.local || echo "No additional install script found."
 
 # Has to be done, to get the dev-requirements installed again
-composer install
+composer install --quiet &
+
+composer info

lib/AvirWrapper.php

@@ -145,27 +145,27 @@ function () use ($path, $logger) {
 						return;
 					}
 
-                    try {
-                        $verdict = $this->verdictService->scan($localPath);
-                    } catch (EntityTooLargeException) {
-                        $this->logger->error("File $localPath is larger than " . NumberHumanizer::binarySuffix(VerdictService::MAX_FILE_SIZE, 'de'));
-                    } catch (FileDoesNotExistException) {
-                        $this->logger->error("File $localPath does not exist on upload");
-                    } catch (InvalidSha256Exception) {
-                        $this->logger->error("Invalid SHA256 for file $localPath on upload");
-                    } catch (NotFoundException) {
-                        $this->logger->error("File $localPath not found on upload");
-                    } catch (NotPermittedException) {
-                        $this->logger->error("Current settings do not permit scanning file $localPath on upload");
-                    } catch (TimeoutException) {
-                        $this->logger->error("Scanning timed out for file $localPath on upload");
-                    } catch (UploadFailedException|ServerException) {
-                        $this->logger->error("File $localPath could not be scanned on upload with GData VaaS because there was a temporary upstream server error");
-                    } catch (VaasAuthenticationException) {
-                        $this->logger->error("Authentication for VaaS scan failed. Please check your credentials.");
-                    } catch (\Exception $e) {
-                        $this->logger->error("Unexpected error while scanning file " . $localPath . " on upload: " . $e->getMessage());
-                    }
+					try {
+						$verdict = $this->verdictService->scan($localPath);
+					} catch (EntityTooLargeException) {
+						$this->logger->error("File $localPath is larger than " . NumberHumanizer::binarySuffix(VerdictService::MAX_FILE_SIZE, 'de'));
+					} catch (FileDoesNotExistException) {
+						$this->logger->error("File $localPath does not exist on upload");
+					} catch (InvalidSha256Exception) {
+						$this->logger->error("Invalid SHA256 for file $localPath on upload");
+					} catch (NotFoundException) {
+						$this->logger->error("File $localPath not found on upload");
+					} catch (NotPermittedException) {
+						$this->logger->error("Current settings do not permit scanning file $localPath on upload");
+					} catch (TimeoutException) {
+						$this->logger->error("Scanning timed out for file $localPath on upload");
+					} catch (UploadFailedException|ServerException) {
+						$this->logger->error("File $localPath could not be scanned on upload with GData VaaS because there was a temporary upstream server error");
+					} catch (VaasAuthenticationException) {
+						$this->logger->error("Authentication for VaaS scan failed. Please check your credentials.");
+					} catch (\Exception $e) {
+						$this->logger->error("Unexpected error while scanning file " . $localPath . " on upload: " . $e->getMessage());
+					}
 					$logger->debug("Verdict for  " . $localPath . " is " . $verdict->Verdict->value);
 
 					if ($verdict->Verdict == Verdict::MALICIOUS) {

lib/CacheEntryListener.php

@@ -31,6 +31,7 @@ public static function register(IRegistrationContext $context): void {
 	}
 
 	public function handle(Event $event): void {
+		$this->logger->debug("CacheEntryListener");
 		if (!$event instanceof AbstractCacheEvent) {
 			return;
 		}
@@ -39,6 +40,7 @@ public function handle(Event $event): void {
 		$path = $event->getPath();
 		$fileId = $event->getFileId();
 
+		$this->logger->debug("GotFields");
 		if (self::shouldTag($path) && !$this->tagService->hasAnyVaasTag($fileId)) {
 			$this->logger->debug("Handling " . get_class($event) . " for " . $path);
 

lib/Service/VerdictService.php

@@ -9,14 +9,14 @@
 use OCP\Files\NotPermittedException;
 use OCP\IAppConfig;
 use Psr\Log\LoggerInterface;
-use VaasSdk\ClientCredentialsGrantAuthenticator;
+use VaasSdk\Authentication\ClientCredentialsGrantAuthenticator;
+use VaasSdk\Authentication\ResourceOwnerPasswordGrantAuthenticator;
 use VaasSdk\Exceptions\FileDoesNotExistException;
 use VaasSdk\Exceptions\InvalidSha256Exception;
 use VaasSdk\Exceptions\TimeoutException;
 use VaasSdk\Exceptions\UploadFailedException;
 use VaasSdk\Exceptions\VaasAuthenticationException;
 use VaasSdk\Message\VaasVerdict;
-use VaasSdk\ResourceOwnerPasswordGrantAuthenticator;
 use VaasSdk\Vaas;
 use VaasSdk\VaasOptions;
 
@@ -128,7 +128,6 @@ public static function isFileTooLargeToScan(string $path): bool {
 		return ($size === false) || $size > self::MAX_FILE_SIZE;
 	}
 
-
 	/**
 	 * Scans a file for malicious content with G DATA Verdict-as-a-Service and returns the verdict.
 	 * @param string $filePath The local path to the file to scan.
@@ -232,24 +231,34 @@ public function removeWhitespacesAroundComma(string $s): string {
 	}
 
 	/**
+	 * @param string $authMethod
+	 * @return ClientCredentialsGrantAuthenticator|ResourceOwnerPasswordGrantAuthenticator
 	 * @throws VaasAuthenticationException
 	 */
-	private function createAndConnectVaas(): Vaas {
-		if ($this->authMethod === 'ResourceOwnerPassword') {
-			$this->authenticator = new ResourceOwnerPasswordGrantAuthenticator(
+	public function getAuthenticator(string $authMethod): ClientCredentialsGrantAuthenticator|ResourceOwnerPasswordGrantAuthenticator {
+		if ($authMethod === 'ResourceOwnerPassword') {
+			return new ResourceOwnerPasswordGrantAuthenticator(
 				"nextcloud-customer",
 				$this->username,
 				$this->password,
 				$this->tokenEndpoint
 			);
-		} elseif ($this->authMethod === 'ClientCredentials') {
-			$this->authenticator = new ClientCredentialsGrantAuthenticator(
+		} elseif ($authMethod === 'ClientCredentials') {
+			return new ClientCredentialsGrantAuthenticator(
 				$this->clientId,
 				$this->clientSecret,
 				$this->tokenEndpoint
 			);
+		} else {
+			throw new VaasAuthenticationException("Invalid auth method: " . $authMethod);
 		}
+	}
 
+	/**
+	 * @throws VaasAuthenticationException
+	 */
+	public function createAndConnectVaas(): Vaas {
+		$this->authenticator = $this->getAuthenticator($this->authMethod);
 		$options = new VaasOptions(false, false);
 		$vaas = new Vaas($this->vaasUrl, $this->logger, $options);
 		$vaas->Connect($this->authenticator->getToken());