summaryrefslogtreecommitdiffstats
path: root/lib/private/IntegrityCheck
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/IntegrityCheck')
-rw-r--r--lib/private/IntegrityCheck/Checker.php59
-rw-r--r--lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php3
-rw-r--r--lib/private/IntegrityCheck/Helpers/AppLocator.php3
-rw-r--r--lib/private/IntegrityCheck/Helpers/FileAccessHelper.php2
-rw-r--r--lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php4
5 files changed, 35 insertions, 36 deletions
diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php
index 725d72d9c79..1084a9e1dd5 100644
--- a/lib/private/IntegrityCheck/Checker.php
+++ b/lib/private/IntegrityCheck/Checker.php
@@ -144,7 +144,7 @@ class Checker {
$folderToIterate,
\RecursiveDirectoryIterator::SKIP_DOTS
);
- if($root === '') {
+ if ($root === '') {
$root = \OC::$SERVERROOT;
}
$root = rtrim($root, '/');
@@ -171,9 +171,9 @@ class Checker {
$hashes = [];
$baseDirectoryLength = \strlen($path);
- foreach($iterator as $filename => $data) {
+ foreach ($iterator as $filename => $data) {
/** @var \DirectoryIterator $data */
- if($data->isDir()) {
+ if ($data->isDir()) {
continue;
}
@@ -181,11 +181,11 @@ class Checker {
$relativeFileName = ltrim($relativeFileName, '/');
// Exclude signature.json files in the appinfo and root folder
- if($relativeFileName === 'appinfo/signature.json') {
+ if ($relativeFileName === 'appinfo/signature.json') {
continue;
}
// Exclude signature.json files in the appinfo and core folder
- if($relativeFileName === 'core/signature.json') {
+ if ($relativeFileName === 'core/signature.json') {
continue;
}
@@ -196,10 +196,10 @@ class Checker {
// Thus we ignore everything below the first occurrence of
// "#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####" and have the
// hash generated based on this.
- if($filename === $this->environmentHelper->getServerRoot() . '/.htaccess') {
+ if ($filename === $this->environmentHelper->getServerRoot() . '/.htaccess') {
$fileContent = file_get_contents($filename);
$explodedArray = explode('#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####', $fileContent);
- if(\count($explodedArray) === 2) {
+ if (\count($explodedArray) === 2) {
$hashes[$relativeFileName] = hash('sha512', $explodedArray[0]);
continue;
}
@@ -207,7 +207,7 @@ class Checker {
if ($filename === $this->environmentHelper->getServerRoot() . '/core/js/mimetypelist.js') {
$oldMimetypeList = new GenerateMimetypeFileBuilder();
$newFile = $oldMimetypeList->generateFile($this->mimeTypeDetector->getAllAliases());
- if($newFile === file_get_contents($filename)) {
+ if ($newFile === file_get_contents($filename)) {
$hashes[$relativeFileName] = hash('sha512', $oldMimetypeList->generateFile($this->mimeTypeDetector->getOnlyDefaultAliases()));
continue;
}
@@ -263,11 +263,11 @@ class Checker {
$iterator = $this->getFolderIterator($path);
$hashes = $this->generateHashes($iterator, $path);
$signature = $this->createSignatureData($hashes, $certificate, $privateKey);
- $this->fileAccessHelper->file_put_contents(
+ $this->fileAccessHelper->file_put_contents(
$appInfoDir . '/signature.json',
json_encode($signature, JSON_PRETTY_PRINT)
);
- } catch (\Exception $e){
+ } catch (\Exception $e) {
if (!$this->fileAccessHelper->is_writable($appInfoDir)) {
throw new \Exception($appInfoDir . ' is not writable');
}
@@ -288,7 +288,6 @@ class Checker {
$path) {
$coreDir = $path . '/core';
try {
-
$this->fileAccessHelper->assertDirectoryExists($coreDir);
$iterator = $this->getFolderIterator($path, $path);
$hashes = $this->generateHashes($iterator, $path);
@@ -297,7 +296,7 @@ class Checker {
$coreDir . '/signature.json',
json_encode($signatureData, JSON_PRETTY_PRINT)
);
- } catch (\Exception $e){
+ } catch (\Exception $e) {
if (!$this->fileAccessHelper->is_writable($coreDir)) {
throw new \Exception($coreDir . ' is not writable');
}
@@ -316,7 +315,7 @@ class Checker {
* @throws \Exception
*/
private function verify(string $signaturePath, string $basePath, string $certificateCN): array {
- if(!$this->isCodeCheckEnforced()) {
+ if (!$this->isCodeCheckEnforced()) {
return [];
}
@@ -326,7 +325,7 @@ class Checker {
if (\is_string($content)) {
$signatureData = json_decode($content, true);
}
- if(!\is_array($signatureData)) {
+ if (!\is_array($signatureData)) {
throw new InvalidSignatureException('Signature data not found.');
}
@@ -340,11 +339,11 @@ class Checker {
$rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/root.crt');
$x509->loadCA($rootCertificatePublicKey);
$x509->loadX509($certificate);
- if(!$x509->validateSignature()) {
+ if (!$x509->validateSignature()) {
throw new InvalidSignatureException('Certificate is not valid.');
}
// Verify if certificate has proper CN. "core" CN is always trusted.
- if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
+ if ($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
throw new InvalidSignatureException(
sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN'])
);
@@ -357,7 +356,7 @@ class Checker {
$rsa->setMGFHash('sha512');
// See https://tools.ietf.org/html/rfc3447#page-38
$rsa->setSaltLength(0);
- if(!$rsa->verify(json_encode($expectedHashes), $signature)) {
+ if (!$rsa->verify(json_encode($expectedHashes), $signature)) {
throw new InvalidSignatureException('Signature could not get verified.');
}
@@ -366,9 +365,9 @@ class Checker {
//
// Due to this reason we exclude the whole updater/ folder from the code
// integrity check.
- if($basePath === $this->environmentHelper->getServerRoot()) {
- foreach($expectedHashes as $fileName => $hash) {
- if(strpos($fileName, 'updater/') === 0) {
+ if ($basePath === $this->environmentHelper->getServerRoot()) {
+ foreach ($expectedHashes as $fileName => $hash) {
+ if (strpos($fileName, 'updater/') === 0) {
unset($expectedHashes[$fileName]);
}
}
@@ -380,23 +379,23 @@ class Checker {
$differencesB = array_diff($currentInstanceHashes, $expectedHashes);
$differences = array_unique(array_merge($differencesA, $differencesB));
$differenceArray = [];
- foreach($differences as $filename => $hash) {
+ foreach ($differences as $filename => $hash) {
// Check if file should not exist in the new signature table
- if(!array_key_exists($filename, $expectedHashes)) {
+ if (!array_key_exists($filename, $expectedHashes)) {
$differenceArray['EXTRA_FILE'][$filename]['expected'] = '';
$differenceArray['EXTRA_FILE'][$filename]['current'] = $hash;
continue;
}
// Check if file is missing
- if(!array_key_exists($filename, $currentInstanceHashes)) {
+ if (!array_key_exists($filename, $currentInstanceHashes)) {
$differenceArray['FILE_MISSING'][$filename]['expected'] = $expectedHashes[$filename];
$differenceArray['FILE_MISSING'][$filename]['current'] = '';
continue;
}
// Check if hash does mismatch
- if($expectedHashes[$filename] !== $currentInstanceHashes[$filename]) {
+ if ($expectedHashes[$filename] !== $currentInstanceHashes[$filename]) {
$differenceArray['INVALID_HASH'][$filename]['expected'] = $expectedHashes[$filename];
$differenceArray['INVALID_HASH'][$filename]['current'] = $currentInstanceHashes[$filename];
continue;
@@ -416,7 +415,7 @@ class Checker {
*/
public function hasPassedCheck(): bool {
$results = $this->getResults();
- if(empty($results)) {
+ if (empty($results)) {
return true;
}
@@ -428,7 +427,7 @@ class Checker {
*/
public function getResults(): array {
$cachedResults = $this->cache->get(self::CACHE_KEY);
- if(!\is_null($cachedResults)) {
+ if (!\is_null($cachedResults)) {
return json_decode($cachedResults, true);
}
@@ -447,7 +446,7 @@ class Checker {
private function storeResults(string $scope, array $result) {
$resultArray = $this->getResults();
unset($resultArray[$scope]);
- if(!empty($result)) {
+ if (!empty($result)) {
$resultArray[$scope] = $result;
}
if ($this->config !== null) {
@@ -499,7 +498,7 @@ class Checker {
*/
public function verifyAppSignature(string $appId, string $path = ''): array {
try {
- if($path === '') {
+ if ($path === '') {
$path = $this->appLocator->getAppPath($appId);
}
$result = $this->verify(
@@ -578,7 +577,7 @@ class Checker {
$this->cleanResults();
$this->verifyCoreSignature();
$appIds = $this->appLocator->getAllApps();
- foreach($appIds as $appId) {
+ foreach ($appIds as $appId) {
// If an application is shipped a valid signature is required
$isShipped = $this->appManager->isShipped($appId);
$appNeedsToBeChecked = false;
@@ -589,7 +588,7 @@ class Checker {
$appNeedsToBeChecked = true;
}
- if($appNeedsToBeChecked) {
+ if ($appNeedsToBeChecked) {
$this->verifyAppSignature($appId);
}
}
diff --git a/lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php b/lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php
index 8a7f5129dce..0e55afa9a40 100644
--- a/lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php
+++ b/lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php
@@ -28,4 +28,5 @@ namespace OC\IntegrityCheck\Exceptions;
*
* @package OC\IntegrityCheck\Exceptions
*/
-class InvalidSignatureException extends \Exception {}
+class InvalidSignatureException extends \Exception {
+}
diff --git a/lib/private/IntegrityCheck/Helpers/AppLocator.php b/lib/private/IntegrityCheck/Helpers/AppLocator.php
index 75a64bfe0b8..6faff0a8982 100644
--- a/lib/private/IntegrityCheck/Helpers/AppLocator.php
+++ b/lib/private/IntegrityCheck/Helpers/AppLocator.php
@@ -43,8 +43,7 @@ class AppLocator {
*/
public function getAppPath(string $appId): string {
$path = \OC_App::getAppPath($appId);
- if($path === false) {
-
+ if ($path === false) {
throw new \Exception('App not found');
}
return $path;
diff --git a/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php b/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php
index 322b6ada9e1..de2a560223c 100644
--- a/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php
+++ b/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php
@@ -64,7 +64,7 @@ class FileAccessHelper {
*/
public function file_put_contents(string $filename, string $data): int {
$bytesWritten = @file_put_contents($filename, $data);
- if ($bytesWritten === false || $bytesWritten !== \strlen($data)){
+ if ($bytesWritten === false || $bytesWritten !== \strlen($data)) {
throw new \Exception('Failed to write into ' . $filename);
}
return $bytesWritten;
diff --git a/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php b/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php
index 3a713954a79..7127742b531 100644
--- a/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php
+++ b/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php
@@ -34,7 +34,7 @@ class ExcludeFoldersByPathFilterIterator extends \RecursiveFilterIterator {
parent::__construct($iterator);
$appFolders = \OC::$APPSROOTS;
- foreach($appFolders as $key => $appFolder) {
+ foreach ($appFolders as $key => $appFolder) {
$appFolders[$key] = rtrim($appFolder['path'], '/');
}
@@ -52,7 +52,7 @@ class ExcludeFoldersByPathFilterIterator extends \RecursiveFilterIterator {
rtrim($root . '/_oc_upgrade', '/'),
];
$customDataDir = \OC::$server->getConfig()->getSystemValue('datadirectory', '');
- if($customDataDir !== '') {
+ if ($customDataDir !== '') {
$excludedFolders[] = rtrim($customDataDir, '/');
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-14 03:21:50 +0000