Home / nextcloud / server
Repository Analysis

nextcloud/server

☁️ Nextcloud server, a safe home for all your data

3.1 Likely human-written View on GitHub
3.1
Adjusted Score
3.1
Raw Score
100%
Time Factor
2026-05-30
Last Push
35,580
Stars
PHP
Language
1,506,748
Lines of Code
10327
Files
4525
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 4HIGH 9MEDIUM 8LOW 4504

Pattern Findings

4525 matches across 10 categories. Click a row to expand file-level details.

Hyper-Verbose Identifiers4332 hits · 4370 pts
SeverityFileLineSnippet
LOWcypress/support/commonUtils.ts23export function getNextcloudUserMenuToggle() {
LOWcypress/support/utils/deleteDownloadsFolder.ts9export function deleteDownloadsFolderBeforeEach() {
LOWcypress/e2e/core-utils.ts18export function handlePasswordConfirmation(adminPassword = 'admin') {
LOWcypress/e2e/settings/usersUtils.ts14export function assertNotExistOrNotVisible(element: JQuery<HTMLElement>) {
LOWcypress/e2e/files_external/StorageUtils.ts69export function deleteAllExternalStorages() {
LOWcypress/e2e/theming/themingUtils.ts65export function validateUserThemingDefaultCss(expectedColor = defaultPrimary, expectedBackground: string | null = defaul
LOWcypress/e2e/systemtags/files-bulk-action.cy.ts463function triggerTagManagementDialogAction() {
LOWcypress/e2e/files/FilesUtils.ts52export function getInlineActionEntryForFileId(fileid: number, actionId: string) {
LOWcypress/e2e/files/FilesUtils.ts61export function getInlineActionEntryForFile(file: string, actionId: string) {
LOWcypress/e2e/files/FilesUtils.ts102export function triggerInlineActionForFileId(fileid: number, actionId: string) {
LOWcypress/e2e/files/FilesUtils.ts113export function triggerInlineActionForFile(filename: string, actionId: string) {
LOWcypress/e2e/files/scrolling.cy.ts163function beOverlappedByTableHeader($el: JQuery<HTMLElement>, expected = true) {
LOWcypress/e2e/files/scrolling.cy.ts182function notBeOverlappedByTableHeader($el: JQuery<HTMLElement>) {
LOWcypress/e2e/files_versions/filesVersionsUtils.ts86export function setupTestSharedFileFromUser(owner: User, randomFileName: string, shareOptions: Partial<ShareSetting>) {
LOWcore/Migrations/Version32000Date20250731062008.php41 private function cleanupDuplicateCategories(IOutput $output): void {
LOWcore/Migrations/Version32000Date20250731062008.php110 private function cleanupDuplicateAssignments(IOutput $output, int $categoryId, int $keepId): void {
LOWcore/Controller/CollaborationResourcesController.php205 public function createCollectionOnResource(string $baseResourceType, string $baseResourceId, string $name): DataRespons
LOWcore/Controller/AppPasswordController.php209 public function getAppPasswordWithOneTimePassword(): DataResponse {
LOWcore/Controller/LoginController.php209 private function setPasswordResetInitialState(?string $username): void {
LOWcore/Controller/LoginController.php384 private function createLoginFailedResponse(
LOWcore/Controller/TwoFactorChallengeController.php57 private function splitProvidersAndBackupCodes(array $providers): array {
LOWcore/Controller/TaskProcessingApiController.php165 private function handleScheduleTaskInternal(
LOWcore/Controller/TaskProcessingApiController.php773 public function getNextScheduledTaskBatch(array $providerIds, array $taskTypeIds, int $numberOfTasks = 1): DataResponse
LOWcore/Controller/TaskProcessingApiController.php836 private function intersectTaskTypesAndProviders(array $taskTypeIds, array $providerIds): array {
LOWcore/Controller/ClientFlowLoginController.php84 private function stateTokenForbiddenResponse(): StandaloneTemplateResponse {
LOWcore/Controller/ClientFlowLoginV2Controller.php328 private function stateTokenMissingResponse(): StandaloneTemplateResponse {
LOWcore/Controller/ClientFlowLoginV2Controller.php341 private function stateTokenForbiddenResponse(): StandaloneTemplateResponse {
LOWcore/Controller/ClientFlowLoginV2Controller.php368 private function loginTokenForbiddenResponse(): StandaloneTemplateResponse {
LOWcore/Controller/ClientFlowLoginV2Controller.php381 private function loginTokenForbiddenClientResponse(): StandaloneTemplateResponse {
LOWcore/Command/Base.php97 protected function writeStreamingTableInOutputFormat(InputInterface $input, OutputInterface $output, \Iterator $items,
LOWcore/Command/Encryption/EncryptAll.php36 protected function forceMaintenanceAndTrashbin(): void {
LOWcore/Command/Encryption/EncryptAll.php45 protected function resetMaintenanceAndTrashbin(): void {
LOWcore/Command/Encryption/DecryptAll.php38 protected function forceMaintenanceAndTrashbin(): void {
LOWcore/Command/Encryption/DecryptAll.php48 protected function resetMaintenanceAndTrashbin(): void {
LOWcore/Command/TwoFactorAuth/State.php63 private function filterEnabledDisabledUnknownProviders(array $providerStates): array {
LOWcore/Command/User/AuthTokens/ListCommand.php72 public function formatTokenForPlainOutput(array $token): array {
LOWcore/Command/Db/Migrations/GenerateMetadataCommand.php58 private function extractMigrationMetadataFromCore(): array {
LOWcore/Command/Db/Migrations/GenerateMetadataCommand.php68 private function extractMigrationMetadataFromApps(): array {
LOWcore/Command/Preview/Cleanup.php52 private function deletePreviewFromPreviewTable(OutputInterface $output): int {
LOWcore/Command/Preview/Cleanup.php66 private function deletePreviewFromFileCacheTable(OutputInterface $output): int {
LOWcore/Command/Maintenance/RepairShareOwnership.php120 protected function getWrongShareOwnershipForUser(IUser $user): array {
LOWtests/Core/Middleware/TwoFactorMiddlewareTest.php108 public function testBeforeControllerNotLoggedIn(): void {
LOWtests/Core/Middleware/TwoFactorMiddlewareTest.php122 public function testBeforeSetupController(): void {
LOWtests/Core/Middleware/TwoFactorMiddlewareTest.php136 public function testBeforeControllerNoTwoFactorCheckNeeded(): void {
LOWtests/Core/Middleware/TwoFactorMiddlewareTest.php157 public function testBeforeControllerTwoFactorAuthRequired(): void {
LOWtests/Core/Middleware/TwoFactorMiddlewareTest.php184 public function testBeforeControllerUserAlreadyLoggedIn(): void {
LOWtests/Core/Middleware/TwoFactorMiddlewareTest.php210 public function testAfterExceptionTwoFactorAuthRequired(): void {
LOWtests/Core/Controller/LostControllerTest.php297 public function testEmailWithMailSuccessful(): void {
LOWtests/Core/Controller/LostControllerTest.php359 public function testEmailCantSendException(): void {
LOWtests/Core/Controller/LostControllerTest.php419 public function testSetPasswordUnsuccessful(): void {
LOWtests/Core/Controller/LostControllerTest.php445 public function testSetPasswordSuccessful(): void {
LOWtests/Core/Controller/LostControllerTest.php480 public function testSetPasswordExpiredToken(): void {
LOWtests/Core/Controller/LostControllerTest.php499 public function testSetPasswordInvalidDataInDb(): void {
LOWtests/Core/Controller/LostControllerTest.php519 public function testIsSetPasswordWithoutTokenFailing(): void {
LOWtests/Core/Controller/LostControllerTest.php538 public function testSetPasswordForDisabledUser(): void {
LOWtests/Core/Controller/LostControllerTest.php591 public function testSetPasswordEncryptionDontProceedPerUserKey(): void {
LOWtests/Core/Controller/LostControllerTest.php604 public function testSetPasswordDontProceedMasterKey(): void {
LOWtests/Core/Controller/LostControllerTest.php632 public function testTwoUsersWithSameEmail(): void {
LOWtests/Core/Controller/LostControllerTest.php683 public static function dataTwoUsersWithSameEmailOneDisabled(): array {
LOWtests/Core/Controller/LostControllerTest.php695 public function testTwoUsersWithSameEmailOneDisabled(bool $userEnabled1, bool $userEnabled2): void {
4272 more matches not shown…
Fake / Example Data134 hits · 160 pts
SeverityFileLineSnippet
LOWcypress/e2e/settings/personal-info.cy.ts305 inputForLabel('Full name').should('have.value', 'Jane Doe')
LOWcypress/e2e/settings/personal-info.cy.ts316 cy.contains('h2', 'Jane Doe').should('be.visible')
LOWcypress/e2e/settings/users_modify.cy.ts32 cy.get('input[data-test="displayName"]').type('John Doe')
LOWcypress/e2e/settings/users_modify.cy.ts33 cy.get('input[data-test="displayName"]').should('have.value', 'John Doe')
LOWcypress/e2e/settings/users_modify.cy.ts45 expect(info?.display_name).to.equal('John Doe')
LOWtests/lib/ImageTest.php57 $text = base64_encode('Lorem ipsum dolor sir amet …');
LOW…s/lib/Collaboration/Collaborators/RemotePluginTest.php209 'FN' => 'John Doe',
LOWtests/lib/Comments/CommentTest.php169 ['type' => 'user', 'id' => 'foo@bar.com'],
LOW…/lib/Install/Events/InstallationCompletedEventTest.php18 $adminEmail = 'admin@example.com';
LOW…/lib/Install/Events/InstallationCompletedEventTest.php54 $adminEmail = 'admin@example.com';
LOW…/lib/Install/Events/InstallationCompletedEventTest.php65 $event = new InstallationCompletedEvent('/path/to/data', null, 'admin@example.com');
LOW…/lib/Install/Events/InstallationCompletedEventTest.php69 $this->assertEquals('admin@example.com', $event->getAdminEmail());
LOW…/lib/Install/Events/InstallationCompletedEventTest.php81 $email = 'admin@example.com';
LOWtests/lib/Config/UserConfigMigrationFallbackTest.php98 ['appid' => 'settings', 'configkey' => 'email', 'configvalue' => 'user@example.com'],
LOWtests/lib/Config/UserConfigMigrationFallbackTest.php113 $this->assertSame('user@example.com', $value);
LOWtests/lib/Config/UserConfigMigrationFallbackTest.php169 $userConfig->setValueString('user1', 'settings', 'email', 'user@example.com');
LOWtests/lib/Security/CryptoTest.php20 ['Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.'],
LOWtests/lib/Security/CryptoTest.php20 ['Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.'],
LOWtests/lib/Security/CryptoTest.php46 $stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.';
LOWtests/lib/Security/CryptoTest.php46 $stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.';
LOWtests/lib/Security/CryptoTest.php52 $stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.';
LOWtests/lib/Security/CryptoTest.php52 $stringToEncrypt = 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.';
LOWtests/lib/Security/CryptoTest.php97 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.',
LOWtests/lib/Security/CryptoTest.php97 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt.',
LOWtests/lib/Mail/MailerTest.php132 ->willReturn((new Email())->to('foo@bar.com')->from('bar@foo.com')->text(''));
LOWtests/lib/Contacts/ContactsMenu/EntryTest.php38 $this->entry->addEMailAddress('user@example.com');
LOWtests/lib/Contacts/ContactsMenu/EntryTest.php39 $this->assertEquals(['user@example.com'], $this->entry->getEMailAddresses());
LOWtests/lib/Contacts/ContactsMenu/EntryTest.php87 'emailAddresses' => ['user@example.com'],
LOWtests/lib/Contacts/ContactsMenu/EntryTest.php100 $this->entry->addEMailAddress('user@example.com');
LOWtests/lib/Contacts/ContactsMenu/ActionFactoryTest.php39 $href = 'user@example.com';
LOWtests/lib/Contacts/ContactsMenu/ContactsStoreTest.php784 'FN' => 'John Doe',
LOWtests/lib/Contacts/ContactsMenu/ContactsStoreTest.php871 'FN' => 'John Doe',
LOW…/Contacts/ContactsMenu/Providers/EMailproviderTest.php51 'user@example.com',
LOW…/Contacts/ContactsMenu/Providers/EMailproviderTest.php55 ->with($this->equalTo($iconUrl), $this->equalTo('user@example.com'), $this->equalTo('user@example.com'))
LOW…s/lib/Contacts/ContactsMenu/Actions/LinkActionTest.php34 $name = 'Jane Doe';
LOWtests/lib/User/UserTest.php607 'foo@bar.com'
LOWtests/lib/User/UserTest.php611 $user->setSystemEMailAddress('foo@bar.com');
LOWtests/lib/User/UserTest.php594 $test->assertEquals('foo@bar.com', $value);
LOWtests/lib/User/UserTest.php629 ->willReturn('foo@bar.com');
LOWtests/lib/User/UserTest.php634 $user->setSystemEMailAddress('foo@bar.com');
LOWtests/lib/User/UserTest.php858 return 'foo@bar.com';
LOWtests/lib/User/UserTest.php865 $this->assertSame('foo@bar.com', $user->getEMailAddress());
LOWtests/lib/AppFramework/Controller/ControllerTest.php53 'post' => ['name' => 'Jane Doe', 'nickname' => 'Janey'],
LOWtests/lib/AppFramework/Http/RequestTest.php86 'post' => ['name' => 'Jane Doe', 'nickname' => 'Janey'],
LOWtests/lib/Profile/Actions/FediverseActionTest.php143 ['user@example.com', 'https://example.com/@user'],
LOWtests/lib/Accounts/AccountPropertyCollectionTest.php146 ->willReturn('Lorem ipsum');
LOWtests/lib/Accounts/AccountPropertyCollectionTest.php160 $this->collection->removePropertyByValue('Lorem ipsum');
LOWtests/lib/Accounts/AccountPropertyCollectionTest.php173 ->willReturn('Lorem ipsum');
LOWtests/lib/Accounts/AccountPropertyCollectionTest.php183 $this->collection->removePropertyByValue('Lorem ipsum');
LOWtests/lib/Accounts/AccountManagerTest.php127 'user' => $this->makeUser('j.doe', 'Jane Doe', 'jane.doe@acme.com'),
LOWtests/lib/Accounts/AccountManagerTest.php131 'value' => 'Jane Doe',
LOWtests/lib/Accounts/AccountManagerTest.php927 ['Jane Doe'],
LOWtests/lib/Accounts/AccountManagerTest.php928 ['Jane Doe' => 'j.doe']
LOWtests/lib/Accounts/AccountTest.php43 IAccountManager::PROPERTY_EMAIL => new AccountProperty(IAccountManager::PROPERTY_EMAIL, 'user@example.com', IAccountM
LOWtests/lib/Accounts/AccountTest.php47 $account->setProperty(IAccountManager::PROPERTY_EMAIL, 'user@example.com', IAccountManager::SCOPE_LOCAL, IAccountManag
LOWtests/lib/Accounts/AccountTest.php89 IAccountManager::PROPERTY_EMAIL => new AccountProperty(IAccountManager::PROPERTY_EMAIL, 'user@example.com', IAccountM
LOWtests/lib/Accounts/AccountTest.php94 $account->setProperty(IAccountManager::PROPERTY_EMAIL, 'user@example.com', IAccountManager::SCOPE_LOCAL, IAccountManag
LOWtests/lib/Accounts/AccountTest.php135 IAccountManager::PROPERTY_EMAIL => new AccountProperty(IAccountManager::PROPERTY_EMAIL, 'user@example.com', IAccountM
LOWtests/lib/Accounts/AccountTest.php145 $account->setProperty(IAccountManager::PROPERTY_EMAIL, 'user@example.com', IAccountManager::SCOPE_LOCAL, IAccountManag
LOWtests/lib/RichObjectStrings/ValidatorTest.php24 'name' => 'John Doe',
74 more matches not shown…
Synthetic Comment Markers7 hits · 54 pts
SeverityFileLineSnippet
HIGHlib/public/SystemTag/ISystemTagObjectMapper.php85 * Assign the "Generated by AI" tag to the given object.
HIGHlib/public/SystemTag/ISystemTag.php42 public const GENERATED_BY_AI = 'Generated by AI';
HIGHapps/theming/lib/Themes/DefaultTheme.php196 // Assistant colors (marking AI generated content)
HIGHapps/theming/lib/Themes/DefaultTheme.php197 '--color-background-assistant' => '#F6F5FF', // Background for AI generated content
HIGHapps/theming/lib/Themes/DefaultTheme.php197 '--color-background-assistant' => '#F6F5FF', // Background for AI generated content
HIGHapps/theming/lib/Themes/DefaultTheme.php198 '--color-border-assistant' => 'linear-gradient(125deg, #7398FE 50%, #6104A4 125%)', // Border for AI generated conten
HIGHapps/theming/lib/Themes/DefaultTheme.php198 '--color-border-assistant' => 'linear-gradient(125deg, #7398FE 50%, #6104A4 125%)', // Border for AI generated conten
Hallucination Indicators4 hits · 40 pts
SeverityFileLineSnippet
CRITICALapps/settings/src/store/users.js495 response.data.ocs.data.groups.forEach(function(group) {
CRITICAL…datenotification/src/components/UpdateNotification.vue434 this.groups = response.data.ocs.data.groups.sort(function(a, b) {
CRITICALapps/files/src/store/sidebar.ts157 window.OCP.Files.Router._router.afterEach((to, from) => {
CRITICAL…kflowengine/src/components/Checks/RequestUserGroup.vue108 response.data.ocs.data.groups.forEach((group) => {
Over-Commented Block25 hits · 25 pts
SeverityFileLineSnippet
LOWautotest-external.sh241#
LOWautotest-external.sh261#
LOWautotest.sh421else
LOWautotest.sh441# - su - postgres
LOWcore/Migrations/Version24000Date20220404230027.php21 /**
LOWcore/Migrations/Version24000Date20220404230027.php41 // $table->addColumn('value', Types::TEXT, [
LOWcore/Migrations/Version27000Date20230309104325.php61 public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options) {
LOWcore/Migrations/Version23000Date20210906132259.php21 * @return null|ISchemaWrapper
LOWcore/Migrations/Version23000Date20210906132259.php41 // $table->addColumn('delete_after', Types::DATETIME, [
LOWcore/Migrations/Version28000Date20231126110901.php41 // $table = $schema->getTable('appconfig');
LOWcore/Migrations/Version29000Date20231126110901.php41
LOWcore/Migrations/Version13000Date20170718121200.php881 // $table = $schema->createTable('credentials');
LOWtests/lib/Encryption/ManagerTest.php201
LOWtests/lib/Encryption/ManagerTest.php221 // $em = $this->createMock(IEncryptionModule::class);
LOWtests/lib/Encryption/ManagerTest.php241 // $m = new Manager($config);
LOW.devcontainer/entrypoint.sh1#!/bin/bash
LOWlib/base.php401 // TODO: Temporary disabled again to solve issues with CalDAV/CardDAV clients like DAVx5 that use cookies
LOWlib/private/Encryption/Keys/Storage.php121 $path = $this->constructUserKeyPath($encryptionModuleId, $keyId, $uid);
LOWlib/private/DB/QueryBuilder/QueryBuilder.php181 $this->logger->error('DB QueryBuilder: error trying to log SQL query', ['exception' => $e]);
LOW…sting/lib/Migration/Version30000Date20240102030405.php21use OCP\Migration\IOutput;
LOWapps/files/src/components/VirtualList.vue361 let scrollTop = this.indexToScrollPos(Math.min(index, clampedIndex))
LOWapps/dav/lib/Connector/Sabre/ExceptionLoggerPlugin.php41 // so it is not always an error, log it as debug
LOWapps/dav/lib/CalDAV/Schedule/IMipService.php441 $days = implode(', ', array_map(function ($value) { return $this->localizeDayName($value); }, $er->recurringDaysOfWeek
LOWapps/dav/lib/CalDAV/Schedule/IMipService.php501 if (!$er->entireDay()) {
LOWapps/dav/lib/CalDAV/Schedule/IMipService.php581 // Absolute: Every Year in July on the 1st for the entire day
Verbosity Indicators10 hits · 18 pts
SeverityFileLineSnippet
LOWlib/private/RedisFactory.php155 * We need to check if the current version supports extra connection parameters, otherwise the connect method will thro
LOWlib/private/L10N/Factory.php185 // Step 1: Forced language always has precedence over anything else
LOWlib/private/L10N/Factory.php191 // Step 2: Return cached language
LOWlib/private/L10N/Factory.php221 // Step 4: Check the request headers
LOWlib/private/L10N/Factory.php237 // Step 5: fall back to English
LOWlib/private/L10N/Factory.php243 // Step 1: Forced language always has precedence over anything else
LOWlib/private/L10N/Factory.php249 // Step 2: Check if we have a default language
LOWlib/private/L10N/Factory.php255 // Step 3: fall back to English
LOWlib/private/Lock/DBLockingProvider.php185 // since we only keep one shared lock in the db we need to check if we have more than one shared lock locally manuall
LOWlib/private/legacy/OC_Helper.php105 // We need to check if the program is in one of these dirs :
Cross-Language Confusion (JS/TS)2 hits · 15 pts
SeverityFileLineSnippet
HIGHapps/files/src/utils/permissions.ts15 * @return True if downloadable, false otherwise
HIGHapps/files/src/utils/permissions.ts44 * @return True if syncable, false otherwise
Slop Phrases6 hits · 12 pts
SeverityFileLineSnippet
MEDIUMtests/data/emails/new-account-email.html72 <p style="Margin:0;Margin-bottom:10px;color:#777;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,Ox
MEDIUMtests/data/emails/new-account-email-custom.html72 <p style="Margin:0;Margin-bottom:10px;color:#777;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,Ox
MEDIUMtests/data/emails/new-account-email-single-button.html72 <p style="Margin:0;Margin-bottom:10px;color:#777;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,Ox
MEDIUMapps/settings/tests/Mailer/NewUserMailHelperTest.php221 <p style="Margin:0;Margin-bottom:10px;color:#777;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,Ox
MEDIUMapps/settings/tests/Mailer/NewUserMailHelperTest.php475 <p style="Margin:0;Margin-bottom:10px;color:#777;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,Ox
MEDIUMapps/settings/tests/Mailer/NewUserMailHelperTest.php733 <p style="Margin:0;Margin-bottom:10px;color:#777;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,Ox
Self-Referential Comments2 hits · 6 pts
SeverityFileLineSnippet
MEDIUM.github/workflows/update-min-supported-desktop.yml27 # Create a temporary directory for the downloaded file
MEDIUM.github/workflows/update-min-supported-desktop.yml74 # Define the files to update
Redundant / Tautological Comments3 hits · 4 pts
SeverityFileLineSnippet
LOW.github/workflows/update-min-supported-desktop.yml78 # Check if files exist
LOW.github/workflows/update-min-supported-desktop.yml99 # Check if any changes were made
LOW.github/workflows/command-compile.yml159 # Check if there are any changes after resolving conflicts