diff options
Diffstat (limited to 'core/Command/Integrity')
| -rw-r--r-- | core/Command/Integrity/CheckApp.php | 100 | ||||
| -rw-r--r-- | core/Command/Integrity/CheckCore.php | 36 | ||||
| -rw-r--r-- | core/Command/Integrity/SignApp.php | 52 | ||||
| -rw-r--r-- | core/Command/Integrity/SignCore.php | 42 |
4 files changed, 84 insertions, 146 deletions
diff --git a/core/Command/Integrity/CheckApp.php b/core/Command/Integrity/CheckApp.php index 17e22cc5a62..0145a3f8070 100644 --- a/core/Command/Integrity/CheckApp.php +++ b/core/Command/Integrity/CheckApp.php @@ -1,34 +1,17 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Carla Schroder <carla@owncloud.com> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Georg Ehrke <oc.list@georgehrke.com> - * @author Joas Schilling <coding@schilljs.com> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Victor Dubiniuk <dubiniuk@owncloud.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Core\Command\Integrity; use OC\Core\Command\Base; use OC\IntegrityCheck\Checker; +use OC\IntegrityCheck\Helpers\AppLocator; +use OC\IntegrityCheck\Helpers\FileAccessHelper; +use OCP\App\IAppManager; use Symfony\Component\Console\Input\InputArgument; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Input\InputOption; @@ -40,15 +23,13 @@ use Symfony\Component\Console\Output\OutputInterface; * @package OC\Core\Command\Integrity */ class CheckApp extends Base { - - /** - * @var Checker - */ - private $checker; - - public function __construct(Checker $checker) { + public function __construct( + private Checker $checker, + private AppLocator $appLocator, + private FileAccessHelper $fileAccessHelper, + private IAppManager $appManager, + ) { parent::__construct(); - $this->checker = $checker; } /** @@ -59,23 +40,58 @@ class CheckApp extends Base { $this ->setName('integrity:check-app') ->setDescription('Check integrity of an app using a signature.') - ->addArgument('appid', InputArgument::REQUIRED, 'Application to check') - ->addOption('path', null, InputOption::VALUE_OPTIONAL, 'Path to application. If none is given it will be guessed.'); + ->addArgument('appid', InputArgument::OPTIONAL, 'Application to check') + ->addOption('path', null, InputOption::VALUE_OPTIONAL, 'Path to application. If none is given it will be guessed.') + ->addOption('all', null, InputOption::VALUE_NONE, 'Check integrity of all apps.'); } /** * {@inheritdoc } */ protected function execute(InputInterface $input, OutputInterface $output): int { - $appid = $input->getArgument('appid'); - $path = (string)$input->getOption('path'); - $result = $this->checker->verifyAppSignature($appid, $path, true); - $this->writeArrayInOutputFormat($input, $output, $result); - if (count($result) > 0) { - $output->writeln('<error>' . count($result) . ' errors found</error>', OutputInterface::VERBOSITY_VERBOSE); + if ($input->getOption('all') && $input->getArgument('appid')) { + $output->writeln('<error>Option "--all" cannot be combined with an appid</error>'); + return 1; + } + + if (!$input->getArgument('appid') && !$input->getOption('all')) { + $output->writeln('<error>Please specify an appid, or "--all" to verify all apps</error>'); return 1; } - $output->writeln('<info>No errors found</info>', OutputInterface::VERBOSITY_VERBOSE); - return 0; + + if ($input->getArgument('appid')) { + $appIds = [$input->getArgument('appid')]; + } else { + $appIds = $this->appManager->getAllAppsInAppsFolders(); + } + + $errorsFound = false; + + foreach ($appIds as $appId) { + $path = (string)$input->getOption('path'); + if ($path === '') { + $path = $this->appLocator->getAppPath($appId); + } + + if ($this->appManager->isShipped($appId) || $this->fileAccessHelper->file_exists($path . '/appinfo/signature.json')) { + // Only verify if the application explicitly ships a signature.json file + $result = $this->checker->verifyAppSignature($appId, $path, true); + + if (count($result) > 0) { + $output->writeln('<error>' . $appId . ': ' . count($result) . ' errors found:</error>'); + $this->writeArrayInOutputFormat($input, $output, $result); + $errorsFound = true; + } + } else { + $output->writeln('<comment>' . $appId . ': ' . 'App signature not found, skipping app integrity check</comment>'); + } + } + + if (!$errorsFound) { + $output->writeln('<info>No errors found</info>', OutputInterface::VERBOSITY_VERBOSE); + return 0; + } + + return 1; } } diff --git a/core/Command/Integrity/CheckCore.php b/core/Command/Integrity/CheckCore.php index eae33c09d76..49086e94d26 100644 --- a/core/Command/Integrity/CheckCore.php +++ b/core/Command/Integrity/CheckCore.php @@ -1,27 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Carla Schroder <carla@owncloud.com> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Victor Dubiniuk <dubiniuk@owncloud.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Core\Command\Integrity; @@ -36,14 +18,10 @@ use Symfony\Component\Console\Output\OutputInterface; * @package OC\Core\Command\Integrity */ class CheckCore extends Base { - /** - * @var Checker - */ - private $checker; - - public function __construct(Checker $checker) { + public function __construct( + private Checker $checker, + ) { parent::__construct(); - $this->checker = $checker; } /** diff --git a/core/Command/Integrity/SignApp.php b/core/Command/Integrity/SignApp.php index 0938303d008..d307bc58985 100644 --- a/core/Command/Integrity/SignApp.php +++ b/core/Command/Integrity/SignApp.php @@ -1,26 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author Lukas Reschke <lukas@statuscode.ch> - * @author Victor Dubiniuk <dubiniuk@owncloud.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Core\Command\Integrity; @@ -40,25 +23,12 @@ use Symfony\Component\Console\Output\OutputInterface; * @package OC\Core\Command\Integrity */ class SignApp extends Command { - /** @var Checker */ - private $checker; - /** @var FileAccessHelper */ - private $fileAccessHelper; - /** @var IURLGenerator */ - private $urlGenerator; - - /** - * @param Checker $checker - * @param FileAccessHelper $fileAccessHelper - * @param IURLGenerator $urlGenerator - */ - public function __construct(Checker $checker, - FileAccessHelper $fileAccessHelper, - IURLGenerator $urlGenerator) { + public function __construct( + private Checker $checker, + private FileAccessHelper $fileAccessHelper, + private IURLGenerator $urlGenerator, + ) { parent::__construct(null); - $this->checker = $checker; - $this->fileAccessHelper = $fileAccessHelper; - $this->urlGenerator = $urlGenerator; } protected function configure() { @@ -81,7 +51,7 @@ class SignApp extends Command { $documentationUrl = $this->urlGenerator->linkToDocs('developer-code-integrity'); $output->writeln('This command requires the --path, --privateKey and --certificate.'); $output->writeln('Example: ./occ integrity:sign-app --path="/Users/lukasreschke/Programming/myapp/" --privateKey="/Users/lukasreschke/private/myapp.key" --certificate="/Users/lukasreschke/public/mycert.crt"'); - $output->writeln('For more information please consult the documentation: '. $documentationUrl); + $output->writeln('For more information please consult the documentation: ' . $documentationUrl); return 1; } @@ -105,7 +75,7 @@ class SignApp extends Command { $x509->setPrivateKey($rsa); try { $this->checker->writeAppSignature($path, $x509, $rsa); - $output->writeln('Successfully signed "'.$path.'"'); + $output->writeln('Successfully signed "' . $path . '"'); } catch (\Exception $e) { $output->writeln('Error: ' . $e->getMessage()); return 1; diff --git a/core/Command/Integrity/SignCore.php b/core/Command/Integrity/SignCore.php index c3b88b2116a..ed80091ec38 100644 --- a/core/Command/Integrity/SignCore.php +++ b/core/Command/Integrity/SignCore.php @@ -1,26 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author Lukas Reschke <lukas@statuscode.ch> - * @author Victor Dubiniuk <dubiniuk@owncloud.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Core\Command\Integrity; @@ -39,20 +22,11 @@ use Symfony\Component\Console\Output\OutputInterface; * @package OC\Core\Command\Integrity */ class SignCore extends Command { - /** @var Checker */ - private $checker; - /** @var FileAccessHelper */ - private $fileAccessHelper; - - /** - * @param Checker $checker - * @param FileAccessHelper $fileAccessHelper - */ - public function __construct(Checker $checker, - FileAccessHelper $fileAccessHelper) { + public function __construct( + private Checker $checker, + private FileAccessHelper $fileAccessHelper, + ) { parent::__construct(null); - $this->checker = $checker; - $this->fileAccessHelper = $fileAccessHelper; } protected function configure() { |