aboutsummaryrefslogtreecommitdiffstats
path: root/core/Command/Integrity
diff options
context:
space:
mode:
Diffstat (limited to 'core/Command/Integrity')
-rw-r--r--core/Command/Integrity/CheckApp.php61
-rw-r--r--core/Command/Integrity/SignApp.php4
2 files changed, 53 insertions, 12 deletions
diff --git a/core/Command/Integrity/CheckApp.php b/core/Command/Integrity/CheckApp.php
index d24b80a4764..0145a3f8070 100644
--- a/core/Command/Integrity/CheckApp.php
+++ b/core/Command/Integrity/CheckApp.php
@@ -9,6 +9,9 @@ namespace OC\Core\Command\Integrity;
use OC\Core\Command\Base;
use OC\IntegrityCheck\Checker;
+use OC\IntegrityCheck\Helpers\AppLocator;
+use OC\IntegrityCheck\Helpers\FileAccessHelper;
+use OCP\App\IAppManager;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
@@ -22,6 +25,9 @@ use Symfony\Component\Console\Output\OutputInterface;
class CheckApp extends Base {
public function __construct(
private Checker $checker,
+ private AppLocator $appLocator,
+ private FileAccessHelper $fileAccessHelper,
+ private IAppManager $appManager,
) {
parent::__construct();
}
@@ -34,23 +40,58 @@ class CheckApp extends Base {
$this
->setName('integrity:check-app')
->setDescription('Check integrity of an app using a signature.')
- ->addArgument('appid', InputArgument::REQUIRED, 'Application to check')
- ->addOption('path', null, InputOption::VALUE_OPTIONAL, 'Path to application. If none is given it will be guessed.');
+ ->addArgument('appid', InputArgument::OPTIONAL, 'Application to check')
+ ->addOption('path', null, InputOption::VALUE_OPTIONAL, 'Path to application. If none is given it will be guessed.')
+ ->addOption('all', null, InputOption::VALUE_NONE, 'Check integrity of all apps.');
}
/**
* {@inheritdoc }
*/
protected function execute(InputInterface $input, OutputInterface $output): int {
- $appid = $input->getArgument('appid');
- $path = (string)$input->getOption('path');
- $result = $this->checker->verifyAppSignature($appid, $path, true);
- $this->writeArrayInOutputFormat($input, $output, $result);
- if (count($result) > 0) {
- $output->writeln('<error>' . count($result) . ' errors found</error>', OutputInterface::VERBOSITY_VERBOSE);
+ if ($input->getOption('all') && $input->getArgument('appid')) {
+ $output->writeln('<error>Option "--all" cannot be combined with an appid</error>');
return 1;
}
- $output->writeln('<info>No errors found</info>', OutputInterface::VERBOSITY_VERBOSE);
- return 0;
+
+ if (!$input->getArgument('appid') && !$input->getOption('all')) {
+ $output->writeln('<error>Please specify an appid, or "--all" to verify all apps</error>');
+ return 1;
+ }
+
+ if ($input->getArgument('appid')) {
+ $appIds = [$input->getArgument('appid')];
+ } else {
+ $appIds = $this->appManager->getAllAppsInAppsFolders();
+ }
+
+ $errorsFound = false;
+
+ foreach ($appIds as $appId) {
+ $path = (string)$input->getOption('path');
+ if ($path === '') {
+ $path = $this->appLocator->getAppPath($appId);
+ }
+
+ if ($this->appManager->isShipped($appId) || $this->fileAccessHelper->file_exists($path . '/appinfo/signature.json')) {
+ // Only verify if the application explicitly ships a signature.json file
+ $result = $this->checker->verifyAppSignature($appId, $path, true);
+
+ if (count($result) > 0) {
+ $output->writeln('<error>' . $appId . ': ' . count($result) . ' errors found:</error>');
+ $this->writeArrayInOutputFormat($input, $output, $result);
+ $errorsFound = true;
+ }
+ } else {
+ $output->writeln('<comment>' . $appId . ': ' . 'App signature not found, skipping app integrity check</comment>');
+ }
+ }
+
+ if (!$errorsFound) {
+ $output->writeln('<info>No errors found</info>', OutputInterface::VERBOSITY_VERBOSE);
+ return 0;
+ }
+
+ return 1;
}
}
diff --git a/core/Command/Integrity/SignApp.php b/core/Command/Integrity/SignApp.php
index 6df84662388..d307bc58985 100644
--- a/core/Command/Integrity/SignApp.php
+++ b/core/Command/Integrity/SignApp.php
@@ -51,7 +51,7 @@ class SignApp extends Command {
$documentationUrl = $this->urlGenerator->linkToDocs('developer-code-integrity');
$output->writeln('This command requires the --path, --privateKey and --certificate.');
$output->writeln('Example: ./occ integrity:sign-app --path="/Users/lukasreschke/Programming/myapp/" --privateKey="/Users/lukasreschke/private/myapp.key" --certificate="/Users/lukasreschke/public/mycert.crt"');
- $output->writeln('For more information please consult the documentation: '. $documentationUrl);
+ $output->writeln('For more information please consult the documentation: ' . $documentationUrl);
return 1;
}
@@ -75,7 +75,7 @@ class SignApp extends Command {
$x509->setPrivateKey($rsa);
try {
$this->checker->writeAppSignature($path, $x509, $rsa);
- $output->writeln('Successfully signed "'.$path.'"');
+ $output->writeln('Successfully signed "' . $path . '"');
} catch (\Exception $e) {
$output->writeln('Error: ' . $e->getMessage());
return 1;
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-15 16:51:33 +0000