upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-24 16:09:50 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
85167 commits 1035 branches 1226 tags 6.8 GiB
Commit graph

112 commits

Author SHA1 Message Date
El Mehdi Abenhazou
56f7db29ff fix(TaskProcessing): restrict allowed_classes in Manager cache deserialization 
The availableTaskTypes cache stores serialized arrays containing
ShapeDescriptor objects, ShapeEnumValue objects, and EShapeType enum
values. The unserialize() call did not restrict which classes could
be instantiated.

Restrict deserialization to the three known types:
- OCP\TaskProcessing\ShapeDescriptor
- OCP\TaskProcessing\ShapeEnumValue
- OCP\TaskProcessing\EShapeType

This prevents PHP Object Injection if an attacker gains write access
to the distributed cache backend.

Signed-off-by: El Mehdi Abenhazou <mehdiananas007@gmail.com>
 2026-06-04 13:13:09 +00:00
XananasX7
02a9591463 fix(TaskProcessing): add allowed_classes to unserialize() in Manager cache 
The availableTaskTypes cache stores serialized arrays containing
ShapeDescriptor objects, ShapeEnumValue objects, and EShapeType enum
values. The unserialize() call did not restrict which classes could
be instantiated.

Restrict deserialization to the three known types:
- OCP\TaskProcessing\ShapeDescriptor
- OCP\TaskProcessing\ShapeEnumValue
- OCP\TaskProcessing\EShapeType

This prevents PHP Object Injection if an attacker gains write access
to the distributed cache backend (e.g., a Redis instance without
authentication or with weak ACLs), which is a known real-world attack
vector in shared hosting and container environments.
 2026-06-04 13:13:09 +00:00
Marcel Klehr
c3e36871b1 fix: Use ProcessingException 
instead of UserFacingProcessing Exception which is not in nc < 33

Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2026-02-05 17:31:17 +01:00
Marcel Klehr
3c99524ff5 Fix: Run cs:fix 2026-02-05 14:54:08 +00:00
Marcel Klehr
f69620196c fix(TaskProcessing): Refactor TextToImage fallback 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2026-02-05 14:54:07 +00:00
Marcel Klehr
d82899e160 fix(TaskProcessing): Increase MAX_TASK_AGE to 6 months 
to comply with the EU AI act

Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2025-10-07 06:22:57 +00:00
Marcel Klehr
04a33be489 fix(TaskProcessing): Cache task types by 
user language

fixes https://github.com/nextcloud/assistant/issues/357

Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2025-09-18 07:23:55 +00:00
Julien Veyssier
856bb1e162 feat(taskprocessing): add manager method to get the list of available task type IDs 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2025-09-05 10:10:39 +00:00
Julien Veyssier
aa2ca86fb3
feat(taskprocessing): avoid generator cascade 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2025-08-07 15:12:22 +02:00
Julien Veyssier
cc295f2452
feat(taskprocessing): use Generator::getReturn to get the list of deleted tasks in the cleanup command 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2025-08-07 15:12:21 +02:00
Julien Veyssier
19801f7ec4
feat(taskprocessing): move cleanup method to private taskprocessing manager, use it in the cleanup bg job and implement a cleanup command 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2025-08-07 15:12:21 +02:00
Julien Veyssier
8c52b6c0fe
feat(taskprocessing): add cleanup flag to tasks to decide if they should be cleaned up automatically 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2025-08-07 15:12:21 +02:00
Julien Veyssier
be7ef439cf
fix(taskprocessing): move LAZY_CONFIG_KEYS constant to the private namespace 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2025-08-04 10:11:24 +02:00
Julien Veyssier
2e3fa51132
feat(taskprocessing): load and store some config keys lazily 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2025-08-04 10:11:24 +02:00
Lukas Schaefer
4731ecf4d4
Merge branch 'master' into feat/task/analyze-image 2025-07-08 08:35:04 -04:00
Julien Veyssier
2da3f450fa
feat(TaskProcessing): add agency audio-to-audio task type 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2025-07-07 15:29:55 +02:00
Julien Veyssier
af059cbf61
feat(TaskProcessing): add audio-to-audio chat task type 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2025-07-07 11:39:47 +02:00
Lukas Schaefer
20a779e4aa
feat: support multiple images 
Signed-off-by: Lukas Schaefer <lukas@lschaefer.xyz>
 2025-07-03 11:01:10 -04:00
Jana Peper
603522a59c test: fix tests 
Signed-off-by: Jana Peper <jana.peper@nextcloud.com>
 2025-07-03 10:25:19 +02:00
Jana Peper
f8886fe27a feat: add toggle for AI guest restriction 
Signed-off-by: Jana Peper <jana.peper@nextcloud.com>
 2025-07-03 10:25:19 +02:00
Lukas Schaefer
3e24c40939
feat(TaskProcessing): Add AnalyzeImage TaskType 
Signed-off-by: Lukas Schaefer <lukas@lschaefer.xyz>
 2025-07-02 09:18:53 -04:00
Lukas Schaefer
99e8849b6c
feat(TaskProcessing): Add TextToSpeech provider 
Signed-off-by: Lukas Schaefer <lukas@lschaefer.xyz>
 2025-04-26 00:46:23 -04:00
Oleksander Piskun
c23ab0d1f7 fix(taskprocessing): use the event for AppAPI to get list of AI providers 
Signed-off-by: Oleksander Piskun <oleksandr2088@icloud.com>
 2025-04-09 15:47:48 +03:00
Côme Chilliet
85fbd3eb0a
fix: Work around psalm taint false-positive by not using var_export 
var_export is listed as a taint sink because it may output stuff
 depending on the parameters. It was not the case here, but we can
 simply json_encode the result by passing it as context to the logger
 method rather than using var_export.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-17 15:24:08 +01:00
Côme Chilliet
a3685551f7
fix: Replace isInstalled calls with isEnabledForAnyone or isEnabledForUser 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-13 10:19:19 +01:00
Marcel Klehr
319a4d2df8 fix(TaskProcessing\Manager): Always use distributed cache and use PHP serialize 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2025-02-04 13:04:43 +01:00
Marcel Klehr
f127ab10da
fix: lib/private/TaskProcessing/Manager.php 
Co-authored-by: Julien Veyssier <julien-nc@posteo.net>
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2025-02-04 13:03:59 +01:00
Marcel Klehr
49a52126ab fix(TaskProcessing\Manager): Always use distributed cache and use PHP serialize 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2025-02-04 12:54:13 +01:00
Marcel Klehr
a6100021e3 fix(TaskProcessing): Cache providersById in getPreferredProviders 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2025-01-24 16:45:43 +01:00
Marcel Klehr
c1db2eb0a9 fix: copypasta 
Co-authored-by: Julien Veyssier <julien-nc@posteo.net>
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2025-01-24 16:45:43 +01:00
Marcel Klehr
c489d7d8a5 fix(taskprocessing): cache provider settings in distributed cache as well 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2025-01-24 16:45:43 +01:00
Marcel Klehr
d956e4a2ca fix(TaskProcessing\Manager): Cache the result of parsing JSON 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2025-01-24 16:45:43 +01:00
Marcel Klehr
0006bb8586 fix(taskprocessing): Cache result of getAvailableTaskTypes between requests 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2025-01-24 16:45:43 +01:00
Marcel Klehr
4fc0369984 fix(TaskProcessing): Catch JSON encode errors in Manager#setTaskResult 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2025-01-23 11:41:06 +01:00
Jana Peper
056daf2592 feat: add proofread task type 
Signed-off-by: Jana Peper <jana.peper@nextcloud.com>
 2024-12-20 10:22:30 +01:00
Jana Peper
ee31b3bbe5 fix: error handling for wrong json values 
Signed-off-by: Jana Peper <jana.peper@nextcloud.com>
 2024-12-18 18:32:34 +01:00
Jana Peper
d87302c651 feat: add error flags for json_decode 
Signed-off-by: Jana Peper <jana.peper@nextcloud.com>
 2024-12-18 18:32:34 +01:00
Marcel Klehr
79023b9f3e fix(taskrpocessing): Cache result of getAvailableTaskTypes 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-12-18 18:32:34 +01:00
Jana Peper
40fc07b543 fix: always regenerate availabe task types 
Signed-off-by: Jana Peper <jana.peper@nextcloud.com>
 2024-12-18 18:32:34 +01:00
Jana Peper
76d058f4c8 fix: show all types when no preferences saved 
Signed-off-by: Jana Peper <jana.peper@nextcloud.com>
 2024-12-18 18:32:34 +01:00
Jana Peper
8cac92665d feat: filter disabled apps in task types requests 
Signed-off-by: Jana Peper <jana.peper@nextcloud.com>
 2024-12-18 18:32:34 +01:00
Marcel Klehr
e5ce55551d feat(TaskProcessing): More task types 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-12-09 14:10:59 +01:00
Marcel Klehr
d2df0f42f1 fix(TaskProcessing\Manager): Don't provoke PHP notice in setTaskResult 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-10-02 08:38:20 +02:00
provokateurin
9836e9b164
chore(deps): Update nextcloud/coding-standard to v1.3.1 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-19 14:21:20 +02:00
Anupam Kumar
bb94b17959 fix(TaskProcessing): increase error_message column length 
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
 2024-09-06 18:01:56 +05:30
Anna Larch
8af7ecb257 chore: adjust code to adhere to coding standard 
Signed-off-by: Anna Larch <anna@nextcloud.com>
 2024-09-05 21:23:38 +02:00
Marcel Klehr
95006d2b8e
Revert "fix(TaskProcessing): Use OCP\Server::get instead of copying methods" 
This reverts commit d624c8da8f.

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2024-08-30 10:07:01 +02:00
Marcel Klehr
7be3a18f13
fix(TaskProcessing): Use OCP\Server::get instead of copying methods 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2024-08-30 10:07:01 +02:00
Julien Veyssier
04edeb510d
feat(speech-to-text): SpeechToTextManager::transcribeFile calls TaskProcessingManager::runTask 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2024-08-30 10:07:01 +02:00
Julien Veyssier
5ab0866341
feat(textprocessing): TextProcessingManager::runTask calls TaskProcessingManager::runTask 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2024-08-30 10:07:01 +02:00