aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/IntegrityCheck
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@winzerhof-wurst.at>2020-04-10 14:19:56 +0200
committerChristoph Wurst <christoph@winzerhof-wurst.at>2020-04-10 14:19:56 +0200
commitcaff1023ea72bb2ea94130e18a2a6e2ccf819e5f (patch)
tree186d494c2aea5dea7255d3584ef5d595fc6e6194 /lib/private/IntegrityCheck
parentedf8ce32cffdb920e8171207b342abbd7f1fbe73 (diff)
downloadnextcloud-server-caff1023ea72bb2ea94130e18a2a6e2ccf819e5f.tar.gz
nextcloud-server-caff1023ea72bb2ea94130e18a2a6e2ccf819e5f.zip
Format control structures, classes, methods and function
To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'lib/private/IntegrityCheck')
-rw-r--r--lib/private/IntegrityCheck/Checker.php59
-rw-r--r--lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php3
-rw-r--r--lib/private/IntegrityCheck/Helpers/AppLocator.php3
-rw-r--r--lib/private/IntegrityCheck/Helpers/FileAccessHelper.php2
-rw-r--r--lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php4
5 files changed, 35 insertions, 36 deletions
diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php
index 725d72d9c79..1084a9e1dd5 100644
--- a/lib/private/IntegrityCheck/Checker.php
+++ b/lib/private/IntegrityCheck/Checker.php
@@ -144,7 +144,7 @@ class Checker {
$folderToIterate,
\RecursiveDirectoryIterator::SKIP_DOTS
);
- if($root === '') {
+ if ($root === '') {
$root = \OC::$SERVERROOT;
}
$root = rtrim($root, '/');
@@ -171,9 +171,9 @@ class Checker {
$hashes = [];
$baseDirectoryLength = \strlen($path);
- foreach($iterator as $filename => $data) {
+ foreach ($iterator as $filename => $data) {
/** @var \DirectoryIterator $data */
- if($data->isDir()) {
+ if ($data->isDir()) {
continue;
}
@@ -181,11 +181,11 @@ class Checker {
$relativeFileName = ltrim($relativeFileName, '/');
// Exclude signature.json files in the appinfo and root folder
- if($relativeFileName === 'appinfo/signature.json') {
+ if ($relativeFileName === 'appinfo/signature.json') {
continue;
}
// Exclude signature.json files in the appinfo and core folder
- if($relativeFileName === 'core/signature.json') {
+ if ($relativeFileName === 'core/signature.json') {
continue;
}
@@ -196,10 +196,10 @@ class Checker {
// Thus we ignore everything below the first occurrence of
// "#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####" and have the
// hash generated based on this.
- if($filename === $this->environmentHelper->getServerRoot() . '/.htaccess') {
+ if ($filename === $this->environmentHelper->getServerRoot() . '/.htaccess') {
$fileContent = file_get_contents($filename);
$explodedArray = explode('#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####', $fileContent);
- if(\count($explodedArray) === 2) {
+ if (\count($explodedArray) === 2) {
$hashes[$relativeFileName] = hash('sha512', $explodedArray[0]);
continue;
}
@@ -207,7 +207,7 @@ class Checker {
if ($filename === $this->environmentHelper->getServerRoot() . '/core/js/mimetypelist.js') {
$oldMimetypeList = new GenerateMimetypeFileBuilder();
$newFile = $oldMimetypeList->generateFile($this->mimeTypeDetector->getAllAliases());
- if($newFile === file_get_contents($filename)) {
+ if ($newFile === file_get_contents($filename)) {
$hashes[$relativeFileName] = hash('sha512', $oldMimetypeList->generateFile($this->mimeTypeDetector->getOnlyDefaultAliases()));
continue;
}
@@ -263,11 +263,11 @@ class Checker {
$iterator = $this->getFolderIterator($path);
$hashes = $this->generateHashes($iterator, $path);
$signature = $this->createSignatureData($hashes, $certificate, $privateKey);
- $this->fileAccessHelper->file_put_contents(
+ $this->fileAccessHelper->file_put_contents(
$appInfoDir . '/signature.json',
json_encode($signature, JSON_PRETTY_PRINT)
);
- } catch (\Exception $e){
+ } catch (\Exception $e) {
if (!$this->fileAccessHelper->is_writable($appInfoDir)) {
throw new \Exception($appInfoDir . ' is not writable');
}
@@ -288,7 +288,6 @@ class Checker {
$path) {
$coreDir = $path . '/core';
try {
-
$this->fileAccessHelper->assertDirectoryExists($coreDir);
$iterator = $this->getFolderIterator($path, $path);
$hashes = $this->generateHashes($iterator, $path);
@@ -297,7 +296,7 @@ class Checker {
$coreDir . '/signature.json',
json_encode($signatureData, JSON_PRETTY_PRINT)
);
- } catch (\Exception $e){
+ } catch (\Exception $e) {
if (!$this->fileAccessHelper->is_writable($coreDir)) {
throw new \Exception($coreDir . ' is not writable');
}
@@ -316,7 +315,7 @@ class Checker {
* @throws \Exception
*/
private function verify(string $signaturePath, string $basePath, string $certificateCN): array {
- if(!$this->isCodeCheckEnforced()) {
+ if (!$this->isCodeCheckEnforced()) {
return [];
}
@@ -326,7 +325,7 @@ class Checker {
if (\is_string($content)) {
$signatureData = json_decode($content, true);
}
- if(!\is_array($signatureData)) {
+ if (!\is_array($signatureData)) {
throw new InvalidSignatureException('Signature data not found.');
}
@@ -340,11 +339,11 @@ class Checker {
$rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/root.crt');
$x509->loadCA($rootCertificatePublicKey);
$x509->loadX509($certificate);
- if(!$x509->validateSignature()) {
+ if (!$x509->validateSignature()) {
throw new InvalidSignatureException('Certificate is not valid.');
}
// Verify if certificate has proper CN. "core" CN is always trusted.
- if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
+ if ($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
throw new InvalidSignatureException(
sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN'])
);
@@ -357,7 +356,7 @@ class Checker {
$rsa->setMGFHash('sha512');
// See https://tools.ietf.org/html/rfc3447#page-38
$rsa->setSaltLength(0);
- if(!$rsa->verify(json_encode($expectedHashes), $signature)) {
+ if (!$rsa->verify(json_encode($expectedHashes), $signature)) {
throw new InvalidSignatureException('Signature could not get verified.');
}
@@ -366,9 +365,9 @@ class Checker {
//
// Due to this reason we exclude the whole updater/ folder from the code
// integrity check.
- if($basePath === $this->environmentHelper->getServerRoot()) {
- foreach($expectedHashes as $fileName => $hash) {
- if(strpos($fileName, 'updater/') === 0) {
+ if ($basePath === $this->environmentHelper->getServerRoot()) {
+ foreach ($expectedHashes as $fileName => $hash) {
+ if (strpos($fileName, 'updater/') === 0) {
unset($expectedHashes[$fileName]);
}
}
@@ -380,23 +379,23 @@ class Checker {
$differencesB = array_diff($currentInstanceHashes, $expectedHashes);
$differences = array_unique(array_merge($differencesA, $differencesB));
$differenceArray = [];
- foreach($differences as $filename => $hash) {
+ foreach ($differences as $filename => $hash) {
// Check if file should not exist in the new signature table
- if(!array_key_exists($filename, $expectedHashes)) {
+ if (!array_key_exists($filename, $expectedHashes)) {
$differenceArray['EXTRA_FILE'][$filename]['expected'] = '';
$differenceArray['EXTRA_FILE'][$filename]['current'] = $hash;
continue;
}
// Check if file is missing
- if(!array_key_exists($filename, $currentInstanceHashes)) {
+ if (!array_key_exists($filename, $currentInstanceHashes)) {
$differenceArray['FILE_MISSING'][$filename]['expected'] = $expectedHashes[$filename];
$differenceArray['FILE_MISSING'][$filename]['current'] = '';
continue;
}
// Check if hash does mismatch
- if($expectedHashes[$filename] !== $currentInstanceHashes[$filename]) {
+ if ($expectedHashes[$filename] !== $currentInstanceHashes[$filename]) {
$differenceArray['INVALID_HASH'][$filename]['expected'] = $expectedHashes[$filename];
$differenceArray['INVALID_HASH'][$filename]['current'] = $currentInstanceHashes[$filename];
continue;
@@ -416,7 +415,7 @@ class Checker {
*/
public function hasPassedCheck(): bool {
$results = $this->getResults();
- if(empty($results)) {
+ if (empty($results)) {
return true;
}
@@ -428,7 +427,7 @@ class Checker {
*/
public function getResults(): array {
$cachedResults = $this->cache->get(self::CACHE_KEY);
- if(!\is_null($cachedResults)) {
+ if (!\is_null($cachedResults)) {
return json_decode($cachedResults, true);
}
@@ -447,7 +446,7 @@ class Checker {
private function storeResults(string $scope, array $result) {
$resultArray = $this->getResults();
unset($resultArray[$scope]);
- if(!empty($result)) {
+ if (!empty($result)) {
$resultArray[$scope] = $result;
}
if ($this->config !== null) {
@@ -499,7 +498,7 @@ class Checker {
*/
public function verifyAppSignature(string $appId, string $path = ''): array {
try {
- if($path === '') {
+ if ($path === '') {
$path = $this->appLocator->getAppPath($appId);
}
$result = $this->verify(
@@ -578,7 +577,7 @@ class Checker {
$this->cleanResults();
$this->verifyCoreSignature();
$appIds = $this->appLocator->getAllApps();
- foreach($appIds as $appId) {
+ foreach ($appIds as $appId) {
// If an application is shipped a valid signature is required
$isShipped = $this->appManager->isShipped($appId);
$appNeedsToBeChecked = false;
@@ -589,7 +588,7 @@ class Checker {
$appNeedsToBeChecked = true;
}
- if($appNeedsToBeChecked) {
+ if ($appNeedsToBeChecked) {
$this->verifyAppSignature($appId);
}
}
diff --git a/lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php b/lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php
index 8a7f5129dce..0e55afa9a40 100644
--- a/lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php
+++ b/lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php
@@ -28,4 +28,5 @@ namespace OC\IntegrityCheck\Exceptions;
*
* @package OC\IntegrityCheck\Exceptions
*/
-class InvalidSignatureException extends \Exception {}
+class InvalidSignatureException extends \Exception {
+}
diff --git a/lib/private/IntegrityCheck/Helpers/AppLocator.php b/lib/private/IntegrityCheck/Helpers/AppLocator.php
index 75a64bfe0b8..6faff0a8982 100644
--- a/lib/private/IntegrityCheck/Helpers/AppLocator.php
+++ b/lib/private/IntegrityCheck/Helpers/AppLocator.php
@@ -43,8 +43,7 @@ class AppLocator {
*/
public function getAppPath(string $appId): string {
$path = \OC_App::getAppPath($appId);
- if($path === false) {
-
+ if ($path === false) {
throw new \Exception('App not found');
}
return $path;
diff --git a/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php b/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php
index 322b6ada9e1..de2a560223c 100644
--- a/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php
+++ b/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php
@@ -64,7 +64,7 @@ class FileAccessHelper {
*/
public function file_put_contents(string $filename, string $data): int {
$bytesWritten = @file_put_contents($filename, $data);
- if ($bytesWritten === false || $bytesWritten !== \strlen($data)){
+ if ($bytesWritten === false || $bytesWritten !== \strlen($data)) {
throw new \Exception('Failed to write into ' . $filename);
}
return $bytesWritten;
diff --git a/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php b/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php
index 3a713954a79..7127742b531 100644
--- a/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php
+++ b/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php
@@ -34,7 +34,7 @@ class ExcludeFoldersByPathFilterIterator extends \RecursiveFilterIterator {
parent::__construct($iterator);
$appFolders = \OC::$APPSROOTS;
- foreach($appFolders as $key => $appFolder) {
+ foreach ($appFolders as $key => $appFolder) {
$appFolders[$key] = rtrim($appFolder['path'], '/');
}
@@ -52,7 +52,7 @@ class ExcludeFoldersByPathFilterIterator extends \RecursiveFilterIterator {
rtrim($root . '/_oc_upgrade', '/'),
];
$customDataDir = \OC::$server->getConfig()->getSystemValue('datadirectory', '');
- if($customDataDir !== '') {
+ if ($customDataDir !== '') {
$excludedFolders[] = rtrim($customDataDir, '/');
}