diff options
15 files changed, 77 insertions, 38 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index a5f36eab4..64730e554 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -27,11 +27,11 @@ jobs: dotnet-version: '7.0.x' - name: Initialize CodeQL - uses: github/codeql-action/init@0116bc2df50751f9724a2e35ef1f24d22f90e4e1 # v2.22.3 + uses: github/codeql-action/init@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4 with: languages: ${{ matrix.language }} queries: +security-extended - name: Autobuild - uses: github/codeql-action/autobuild@0116bc2df50751f9724a2e35ef1f24d22f90e4e1 # v2.22.3 + uses: github/codeql-action/autobuild@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0116bc2df50751f9724a2e35ef1f24d22f90e4e1 # v2.22.3 + uses: github/codeql-action/analyze@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4 diff --git a/Directory.Packages.props b/Directory.Packages.props index d95cecdbf..5fd81d6c6 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -20,7 +20,7 @@ <PackageVersion Include="EFCoreSecondLevelCacheInterceptor" Version="3.9.4" /> <PackageVersion Include="FsCheck.Xunit" Version="2.16.6" /> <PackageVersion Include="HarfBuzzSharp.NativeAssets.Linux" Version="7.3.0" /> - <PackageVersion Include="IDisposableAnalyzers" Version="4.0.7" /> + <PackageVersion Include="IDisposableAnalyzers" Version="4.0.4" /> <PackageVersion Include="Jellyfin.XmlTv" Version="10.8.0" /> <PackageVersion Include="libse" Version="3.6.13" /> <PackageVersion Include="LrcParser" Version="2023.524.0" /> diff --git a/Emby.Server.Implementations/Localization/Core/ja.json b/Emby.Server.Implementations/Localization/Core/ja.json index 7b059c68e..db6116080 100644 --- a/Emby.Server.Implementations/Localization/Core/ja.json +++ b/Emby.Server.Implementations/Localization/Core/ja.json @@ -4,19 +4,19 @@ "Application": "アプリケーション", "Artists": "アーティスト", "AuthenticationSucceededWithUserName": "{0} 認証に成功しました", - "Books": "ブックス", + "Books": "ブック", "CameraImageUploadedFrom": "新しいカメライメージが {0}からアップロードされました", "Channels": "チャンネル", "ChapterNameValue": "チャプター {0}", "Collections": "コレクション", - "DeviceOfflineWithName": "{0} が切断されました", - "DeviceOnlineWithName": "{0} が接続されました", - "FailedLoginAttemptWithUserName": "ログインを試行しましたが {0} によって失敗しました", + "DeviceOfflineWithName": "{0} が切断しました", + "DeviceOnlineWithName": "{0} が接続しました", + "FailedLoginAttemptWithUserName": "{0} からのログインに失敗しました", "Favorites": "お気に入り", "Folders": "フォルダー", "Genres": "ジャンル", "HeaderAlbumArtists": "アルバムアーティスト", - "HeaderContinueWatching": "続けて見る", + "HeaderContinueWatching": "再生を続ける", "HeaderFavoriteAlbums": "お気に入りのアルバム", "HeaderFavoriteArtists": "お気に入りのアーティスト", "HeaderFavoriteEpisodes": "お気に入りのエピソード", @@ -30,19 +30,19 @@ "ItemAddedWithName": "{0} をライブラリに追加しました", "ItemRemovedWithName": "{0} をライブラリから削除しました", "LabelIpAddressValue": "IPアドレス: {0}", - "LabelRunningTimeValue": "稼働時間: {0}", + "LabelRunningTimeValue": "時間: {0}", "Latest": "最新", - "MessageApplicationUpdated": "Jellyfin Server が更新されました", - "MessageApplicationUpdatedTo": "Jellyfin Server が {0}に更新されました", - "MessageNamedServerConfigurationUpdatedWithValue": "サーバー設定項目の {0} が更新されました", - "MessageServerConfigurationUpdated": "サーバー設定が更新されました", + "MessageApplicationUpdated": "Jellyfin Server を更新しました", + "MessageApplicationUpdatedTo": "Jellyfin Server を {0}に更新しました", + "MessageNamedServerConfigurationUpdatedWithValue": "サーバー設定項目の {0} を更新しました", + "MessageServerConfigurationUpdated": "サーバー設定を更新しました", "MixedContent": "ミックスコンテンツ", "Movies": "映画", "Music": "音楽", "MusicVideos": "ミュージックビデオ", "NameInstallFailed": "{0}のインストールに失敗しました", "NameSeasonNumber": "シーズン {0}", - "NameSeasonUnknown": "不明なシーズン", + "NameSeasonUnknown": "シーズン不明", "NewVersionIsAvailable": "新しいバージョンの Jellyfin Server がダウンロード可能です。", "NotificationOptionApplicationUpdateAvailable": "アプリケーションの更新があります", "NotificationOptionApplicationUpdateInstalled": "アプリケーションは最新です", diff --git a/Emby.Server.Implementations/Localization/Core/lv.json b/Emby.Server.Implementations/Localization/Core/lv.json index 83a000014..82a071309 100644 --- a/Emby.Server.Implementations/Localization/Core/lv.json +++ b/Emby.Server.Implementations/Localization/Core/lv.json @@ -20,7 +20,7 @@ "ValueHasBeenAddedToLibrary": "{0} ir ticis pievienots jūsu multvides bibliotēkai", "UserStoppedPlayingItemWithValues": "{0} ir beidzis atskaņot {1} uz {2}", "UserStartedPlayingItemWithValues": "{0} atskaņo {1} uz {2}", - "UserPasswordChangedWithName": "Parole nomainīta lietotājam {0}", + "UserPasswordChangedWithName": "Lietotāja {0} parole tika nomainīta", "UserOnlineFromDevice": "{0} ir tiešsaistē no {1}", "UserOfflineFromDevice": "{0} ir atvienojies no {1}", "UserLockedOutWithName": "Lietotājs {0} ir ticis bloķēts", @@ -33,7 +33,7 @@ "System": "Sistēma", "StartupEmbyServerIsLoading": "Jellyfin Serveris lādējas. Lūdzu mēģiniet vēlreiz pēc brīža.", "Songs": "Dziesmas", - "Shows": "Raidījumi", + "Shows": "Šovi", "PluginUpdatedWithName": "{0} tika atjaunots", "PluginUninstalledWithName": "{0} tika noņemts", "PluginInstalledWithName": "{0} tika uzstādīts", @@ -44,7 +44,7 @@ "HeaderNextUp": "Nākamais", "ChapterNameValue": "{0}. nodaļa", "Application": "Lietotne", - "NotificationOptionServerRestartRequired": "Vajadzīgs servera restarts", + "NotificationOptionServerRestartRequired": "Nepieciešams servera restarts", "NotificationOptionPluginUpdateInstalled": "Paplašinājuma atjauninājums uzstādīts", "NotificationOptionPluginUninstalled": "Paplašinājums noņemts", "NotificationOptionPluginInstalled": "Paplašinājums uzstādīts", @@ -71,7 +71,7 @@ "ItemRemovedWithName": "{0} tika noņemts no bibliotēkas", "ItemAddedWithName": "{0} tika pievienots bibliotēkai", "HeaderLiveTV": "Tiešraides TV", - "HeaderContinueWatching": "Turpināt skatīšanos", + "HeaderContinueWatching": "Turpini skatīties", "HeaderAlbumArtists": "Albumu izpildītāji", "Genres": "Žanri", "Folders": "Mapes", diff --git a/Jellyfin.Server.Implementations/Jellyfin.Server.Implementations.csproj b/Jellyfin.Server.Implementations/Jellyfin.Server.Implementations.csproj index 390ed58b3..fa6adb022 100644 --- a/Jellyfin.Server.Implementations/Jellyfin.Server.Implementations.csproj +++ b/Jellyfin.Server.Implementations/Jellyfin.Server.Implementations.csproj @@ -8,6 +8,10 @@ <!-- Code analysers--> <ItemGroup Condition=" '$(Configuration)' == 'Debug' "> + <PackageReference Include="IDisposableAnalyzers"> + <PrivateAssets>all</PrivateAssets> + <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets> + </PackageReference> <PackageReference Include="Microsoft.CodeAnalysis.BannedApiAnalyzers"> <PrivateAssets>all</PrivateAssets> <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets> diff --git a/Jellyfin.Server.Implementations/Users/DisplayPreferencesManager.cs b/Jellyfin.Server.Implementations/Users/DisplayPreferencesManager.cs index bfae81e4c..edc6aa173 100644 --- a/Jellyfin.Server.Implementations/Users/DisplayPreferencesManager.cs +++ b/Jellyfin.Server.Implementations/Users/DisplayPreferencesManager.cs @@ -4,6 +4,7 @@ using System; using System.Collections.Generic; using System.Linq; +using System.Threading.Tasks; using Jellyfin.Data.Entities; using MediaBrowser.Controller; using Microsoft.EntityFrameworkCore; @@ -13,7 +14,7 @@ namespace Jellyfin.Server.Implementations.Users /// <summary> /// Manages the storage and retrieval of display preferences through Entity Framework. /// </summary> - public class DisplayPreferencesManager : IDisplayPreferencesManager + public sealed class DisplayPreferencesManager : IDisplayPreferencesManager, IAsyncDisposable { private readonly JellyfinDbContext _dbContext; @@ -97,5 +98,11 @@ namespace Jellyfin.Server.Implementations.Users { _dbContext.SaveChanges(); } + + /// <inheritdoc /> + public async ValueTask DisposeAsync() + { + await _dbContext.DisposeAsync().ConfigureAwait(false); + } } } diff --git a/fuzz/Emby.Server.Implementations.Fuzz/Program.cs b/fuzz/Emby.Server.Implementations.Fuzz/Program.cs index 03b296494..1571b5ab0 100644 --- a/fuzz/Emby.Server.Implementations.Fuzz/Program.cs +++ b/fuzz/Emby.Server.Implementations.Fuzz/Program.cs @@ -6,6 +6,7 @@ using Emby.Server.Implementations.Library; using MediaBrowser.Controller; using MediaBrowser.Controller.Entities; using MediaBrowser.Model.Entities; +using Microsoft.Extensions.Configuration; using Moq; using SharpFuzz; @@ -54,8 +55,16 @@ namespace Emby.Server.Implementations.Fuzz appHost.Setup(x => x.ReverseVirtualPath(It.IsAny<string>())) .Returns((string x) => x.Replace(MetaDataPath, VirtualMetaDataPath, StringComparison.Ordinal)); + var configSection = new Mock<IConfigurationSection>(); + configSection.SetupGet(x => x[It.Is<string>(s => s == MediaBrowser.Controller.Extensions.ConfigurationExtensions.SqliteCacheSizeKey)]) + .Returns("0"); + var config = new Mock<IConfiguration>(); + config.Setup(x => x.GetSection(It.Is<string>(s => s == MediaBrowser.Controller.Extensions.ConfigurationExtensions.SqliteCacheSizeKey))) + .Returns(configSection.Object); + IFixture fixture = new Fixture().Customize(new AutoMoqCustomization { ConfigureMembers = true }); fixture.Inject(appHost); + fixture.Inject(config); return fixture.Create<SqliteItemRepository>(); } } diff --git a/fuzz/Emby.Server.Implementations.Fuzz/fuzz.sh b/fuzz/Emby.Server.Implementations.Fuzz/fuzz.sh index 37e6bdb76..aa2a34cdd 100755 --- a/fuzz/Emby.Server.Implementations.Fuzz/fuzz.sh +++ b/fuzz/Emby.Server.Implementations.Fuzz/fuzz.sh @@ -8,4 +8,4 @@ cp bin/Emby.Server.Implementations.dll . dotnet build mkdir -p Findings -AFL_SKIP_BIN_CHECK=1 afl-fuzz -i "Testcases/$1" -o "Findings/$1" -t 5000 -m 10240 dotnet bin/Debug/net6.0/Emby.Server.Implementations.Fuzz.dll "$1" +AFL_SKIP_BIN_CHECK=1 afl-fuzz -i "Testcases/$1" -o "Findings/$1" -t 5000 ./bin/Debug/net7.0/Emby.Server.Implementations.Fuzz "$1" diff --git a/fuzz/Jellyfin.Server.Fuzz/Jellyfin.Server.Fuzz.csproj b/fuzz/Jellyfin.Api.Fuzz/Jellyfin.Api.Fuzz.csproj index 20bc4c724..da46e63a5 100644 --- a/fuzz/Jellyfin.Server.Fuzz/Jellyfin.Server.Fuzz.csproj +++ b/fuzz/Jellyfin.Api.Fuzz/Jellyfin.Api.Fuzz.csproj @@ -6,8 +6,8 @@ </PropertyGroup> <ItemGroup> - <Reference Include="Jellyfin.Server"> - <HintPath>jellyfin.dll</HintPath> + <Reference Include="Jellyfin.Api"> + <HintPath>Jellyfin.Api.dll</HintPath> </Reference> </ItemGroup> diff --git a/fuzz/Jellyfin.Server.Fuzz/Program.cs b/fuzz/Jellyfin.Api.Fuzz/Program.cs index e47286c13..6713322ac 100644 --- a/fuzz/Jellyfin.Server.Fuzz/Program.cs +++ b/fuzz/Jellyfin.Api.Fuzz/Program.cs @@ -1,12 +1,12 @@ using System; using System.Collections.Generic; -using Jellyfin.Server.Middleware; +using Jellyfin.Api.Middleware; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http.Features; using Microsoft.Extensions.Primitives; using SharpFuzz; -namespace Emby.Server.Implementations.Fuzz +namespace Jellyfin.Api.Fuzz { public static class Program { diff --git a/fuzz/Jellyfin.Server.Fuzz/Testcases/UrlDecodeQueryFeature/test1.txt b/fuzz/Jellyfin.Api.Fuzz/Testcases/UrlDecodeQueryFeature/test1.txt index 73f356b93..73f356b93 100644 --- a/fuzz/Jellyfin.Server.Fuzz/Testcases/UrlDecodeQueryFeature/test1.txt +++ b/fuzz/Jellyfin.Api.Fuzz/Testcases/UrlDecodeQueryFeature/test1.txt diff --git a/fuzz/Jellyfin.Api.Fuzz/fuzz.sh b/fuzz/Jellyfin.Api.Fuzz/fuzz.sh new file mode 100755 index 000000000..edf965562 --- /dev/null +++ b/fuzz/Jellyfin.Api.Fuzz/fuzz.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +dotnet build -c Release ../../Jellyfin.Api/Jellyfin.Api.csproj --output bin +sharpfuzz bin/Jellyfin.Api.dll +cp bin/Jellyfin.Api.dll . + +dotnet build +mkdir -p Findings +AFL_SKIP_BIN_CHECK=1 afl-fuzz -i "Testcases/$1" -o "Findings/$1" -t 5000 ./bin/Debug/net7.0/Jellyfin.Api.Fuzz "$1" diff --git a/fuzz/Jellyfin.Server.Fuzz/fuzz.sh b/fuzz/Jellyfin.Server.Fuzz/fuzz.sh deleted file mode 100755 index 303eb2135..000000000 --- a/fuzz/Jellyfin.Server.Fuzz/fuzz.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -set -e - -dotnet build -c Release ../../Jellyfin.Server/Jellyfin.Server.csproj --output bin -sharpfuzz bin/jellyfin.dll -cp bin/jellyfin.dll . - -dotnet build -mkdir -p Findings -AFL_SKIP_BIN_CHECK=1 afl-fuzz -i "Testcases/$1" -o "Findings/$1" -t 5000 -m 10240 dotnet bin/Debug/net6.0/Jellyfin.Server.Fuzz.dll "$1" diff --git a/fuzz/README.md b/fuzz/README.md new file mode 100644 index 000000000..25ba7d05c --- /dev/null +++ b/fuzz/README.md @@ -0,0 +1,20 @@ +# Jellyfin fuzzing + +## Setup + +Install AFL++ +```sh +git clone https://github.com/AFLplusplus/AFLplusplus +cd AFLplusplus +make all +sudo make install +``` + +Install SharpFuzz.CommandLine global .NET tool +```sh +dotnet tool install --global SharpFuzz.CommandLine +``` + +## Running +Run the `fuzz.sh` in the directory corresponding to the project you want to fuzz. +The script takes a parameter of which fuzz case you want to run. diff --git a/tests/Jellyfin.Server.Tests/UrlDecodeQueryFeatureTests.cs b/tests/Jellyfin.Api.Tests/Middleware/UrlDecodeQueryFeatureTests.cs index 93e065685..1ff7e7b7a 100644 --- a/tests/Jellyfin.Server.Tests/UrlDecodeQueryFeatureTests.cs +++ b/tests/Jellyfin.Api.Tests/Middleware/UrlDecodeQueryFeatureTests.cs @@ -1,12 +1,11 @@ using System.Collections.Generic; using System.Linq; -using Jellyfin.Api.Middleware; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http.Features; using Microsoft.Extensions.Primitives; using Xunit; -namespace Jellyfin.Server.Tests +namespace Jellyfin.Api.Middleware.Tests { public static class UrlDecodeQueryFeatureTests { |