From 25ab4059c6159fe8074af977e90d3b23ae648743 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Wed, 23 Jun 2021 13:46:51 +0200 Subject: [PATCH] Add security.txt Ref https://securitytxt.org Signed-off-by: Lukas Reschke --- .../composer/composer/autoload_classmap.php | 1 + .../composer/composer/autoload_static.php | 1 + apps/settings/lib/AppInfo/Application.php | 4 ++ .../lib/WellKnown/SecurityTxtHandler.php | 48 ++++++++++++++ lib/composer/composer/ClassLoader.php | 4 +- .../AppFramework/Http/TextPlainResponse.php | 62 +++++++++++++++++++ 6 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 apps/settings/lib/WellKnown/SecurityTxtHandler.php create mode 100644 lib/public/AppFramework/Http/TextPlainResponse.php diff --git a/apps/settings/composer/composer/autoload_classmap.php b/apps/settings/composer/composer/autoload_classmap.php index c4a49aaca07..468afa7dacb 100644 --- a/apps/settings/composer/composer/autoload_classmap.php +++ b/apps/settings/composer/composer/autoload_classmap.php @@ -65,4 +65,5 @@ return array( 'OCA\\Settings\\SetupChecks\\PhpDefaultCharset' => $baseDir . '/../lib/SetupChecks/PhpDefaultCharset.php', 'OCA\\Settings\\SetupChecks\\PhpOutputBuffering' => $baseDir . '/../lib/SetupChecks/PhpOutputBuffering.php', 'OCA\\Settings\\SetupChecks\\SupportedDatabase' => $baseDir . '/../lib/SetupChecks/SupportedDatabase.php', + 'OCA\\Settings\\WellKnown\\SecurityTxtHandler' => $baseDir . '/../lib/WellKnown/SecurityTxtHandler.php', ); diff --git a/apps/settings/composer/composer/autoload_static.php b/apps/settings/composer/composer/autoload_static.php index 0417683ebc6..5418e0cb7c5 100644 --- a/apps/settings/composer/composer/autoload_static.php +++ b/apps/settings/composer/composer/autoload_static.php @@ -80,6 +80,7 @@ class ComposerStaticInitSettings 'OCA\\Settings\\SetupChecks\\PhpDefaultCharset' => __DIR__ . '/..' . '/../lib/SetupChecks/PhpDefaultCharset.php', 'OCA\\Settings\\SetupChecks\\PhpOutputBuffering' => __DIR__ . '/..' . '/../lib/SetupChecks/PhpOutputBuffering.php', 'OCA\\Settings\\SetupChecks\\SupportedDatabase' => __DIR__ . '/..' . '/../lib/SetupChecks/SupportedDatabase.php', + 'OCA\\Settings\\WellKnown\\SecurityTxtHandler' => __DIR__ . '/..' . '/../lib/WellKnown/SecurityTxtHandler.php', ); public static function getInitializer(ClassLoader $loader) diff --git a/apps/settings/lib/AppInfo/Application.php b/apps/settings/lib/AppInfo/Application.php index 8f0434b9ab9..64bb42e0652 100644 --- a/apps/settings/lib/AppInfo/Application.php +++ b/apps/settings/lib/AppInfo/Application.php @@ -45,6 +45,7 @@ use OCA\Settings\Mailer\NewUserMailHelper; use OCA\Settings\Middleware\SubadminMiddleware; use OCA\Settings\Search\AppSearch; use OCA\Settings\Search\SectionSearch; +use OCA\Settings\WellKnown\SecurityTxtHandler; use OCP\AppFramework\App; use OCP\AppFramework\Bootstrap\IBootContext; use OCP\AppFramework\Bootstrap\IBootstrap; @@ -79,6 +80,9 @@ class Application extends App implements IBootstrap { $context->registerEventListener(UserAddedEvent::class, UserAddedToGroupActivityListener::class); $context->registerEventListener(UserRemovedEvent::class, UserRemovedFromGroupActivityListener::class); + // Register well-known handlers + $context->registerWellKnownHandler(SecurityTxtHandler::class); + /** * Core class wrappers */ diff --git a/apps/settings/lib/WellKnown/SecurityTxtHandler.php b/apps/settings/lib/WellKnown/SecurityTxtHandler.php new file mode 100644 index 00000000000..6e25d485f00 --- /dev/null +++ b/apps/settings/lib/WellKnown/SecurityTxtHandler.php @@ -0,0 +1,48 @@ + + * + * @author 2021 Lukas Reschke + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +namespace OCA\Settings\WellKnown; + +use OCP\AppFramework\Http\TextPlainResponse; +use OCP\Http\WellKnown\GenericResponse; +use OCP\Http\WellKnown\IHandler; +use OCP\Http\WellKnown\IRequestContext; +use OCP\Http\WellKnown\IResponse; + +class SecurityTxtHandler implements IHandler { + public function handle(string $service, IRequestContext $context, ?IResponse $previousResponse): ?IResponse { + if ($service !== 'security.txt') { + return $previousResponse; + } + + $response = "Contact: https://hackerone.com/nextcloud +Expires: 2021-12-31T23:00:00.000Z +Acknowledgments: https://hackerone.com/nextcloud/thanks +Acknowledgments: https://github.com/nextcloud/security-advisories/security/advisories +Policy: https://hackerone.com/nextcloud"; + + return new GenericResponse(new TextPlainResponse($response, 200)); + } +} diff --git a/lib/composer/composer/ClassLoader.php b/lib/composer/composer/ClassLoader.php index 247294d66ee..6d0c3f2d001 100644 --- a/lib/composer/composer/ClassLoader.php +++ b/lib/composer/composer/ClassLoader.php @@ -338,7 +338,7 @@ class ClassLoader * Loads the given class or interface. * * @param string $class The name of the class - * @return bool|null True if loaded, null otherwise + * @return true|null True if loaded, null otherwise */ public function loadClass($class) { @@ -347,6 +347,8 @@ class ClassLoader return true; } + + return null; } /** diff --git a/lib/public/AppFramework/Http/TextPlainResponse.php b/lib/public/AppFramework/Http/TextPlainResponse.php new file mode 100644 index 00000000000..93edf704863 --- /dev/null +++ b/lib/public/AppFramework/Http/TextPlainResponse.php @@ -0,0 +1,62 @@ + + * + * @author 2021 Lukas Reschke + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +namespace OCP\AppFramework\Http; + +use OCP\AppFramework\Http; + +/** + * A renderer for text responses + * @since 22.0.0 + */ +class TextPlainResponse extends Response { + /** @var string */ + private $text = ''; + + /** + * constructor of TextPlainResponse + * @param string $text The text body + * @param int $statusCode the Http status code, defaults to 200 + * @since 22.0.0 + */ + public function __construct(string $text = '', int $statusCode = Http::STATUS_OK) { + parent::__construct(); + + $this->text = $text; + $this->setStatus($statusCode); + $this->addHeader('Content-Type', 'text/plain'); + } + + + /** + * Returns the text + * @return string + * @since 22.0.0 + * @throws \Exception If data could not get encoded + */ + public function render() : string { + return $this->text; + } +} -- 2.39.5