aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/IntegrityCheck
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/IntegrityCheck')
-rw-r--r--lib/private/IntegrityCheck/Checker.php62
-rw-r--r--lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php23
-rw-r--r--lib/private/IntegrityCheck/Helpers/AppLocator.php33
-rw-r--r--lib/private/IntegrityCheck/Helpers/EnvironmentHelper.php32
-rw-r--r--lib/private/IntegrityCheck/Helpers/FileAccessHelper.php25
-rw-r--r--lib/private/IntegrityCheck/Iterator/ExcludeFileByNameFilterIterator.php29
-rw-r--r--lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php25
7 files changed, 45 insertions, 184 deletions
diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php
index e8fd087ebc2..2bd6e426b79 100644
--- a/lib/private/IntegrityCheck/Checker.php
+++ b/lib/private/IntegrityCheck/Checker.php
@@ -1,33 +1,10 @@
<?php
declare(strict_types=1);
-
/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Joas Schilling <coding@schilljs.com>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- * @author Victor Dubiniuk <dubiniuk@owncloud.com>
- * @author Vincent Petry <vincent@nextcloud.com>
- * @author Xheni Myrtaj <myrtajxheni@gmail.com>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\IntegrityCheck;
@@ -44,6 +21,7 @@ use OCP\IAppConfig;
use OCP\ICache;
use OCP\ICacheFactory;
use OCP\IConfig;
+use OCP\ServerVersion;
use phpseclib\Crypt\RSA;
use phpseclib\File\X509;
@@ -63,13 +41,14 @@ class Checker {
private ICache $cache;
public function __construct(
+ private ServerVersion $serverVersion,
private EnvironmentHelper $environmentHelper,
private FileAccessHelper $fileAccessHelper,
private AppLocator $appLocator,
private ?IConfig $config,
private ?IAppConfig $appConfig,
ICacheFactory $cacheFactory,
- private ?IAppManager $appManager,
+ private IAppManager $appManager,
private IMimeTypeDetector $mimeTypeDetector,
) {
$this->cache = $cacheFactory->createDistributed(self::CACHE_KEY);
@@ -82,7 +61,7 @@ class Checker {
*/
public function isCodeCheckEnforced(): bool {
$notSignedChannels = [ '', 'git'];
- if (\in_array($this->environmentHelper->getChannel(), $notSignedChannels, true)) {
+ if (\in_array($this->serverVersion->getChannel(), $notSignedChannels, true)) {
return false;
}
@@ -169,10 +148,10 @@ class Checker {
}
if ($filename === $this->environmentHelper->getServerRoot() . '/core/js/mimetypelist.js') {
$oldMimetypeList = new GenerateMimetypeFileBuilder();
- $newFile = $oldMimetypeList->generateFile($this->mimeTypeDetector->getAllAliases());
+ $newFile = $oldMimetypeList->generateFile($this->mimeTypeDetector->getAllAliases(), $this->mimeTypeDetector->getAllNamings());
$oldFile = $this->fileAccessHelper->file_get_contents($filename);
if ($newFile === $oldFile) {
- $hashes[$relativeFileName] = hash('sha512', $oldMimetypeList->generateFile($this->mimeTypeDetector->getOnlyDefaultAliases()));
+ $hashes[$relativeFileName] = hash('sha512', $oldMimetypeList->generateFile($this->mimeTypeDetector->getOnlyDefaultAliases(), $this->mimeTypeDetector->getAllNamings()));
continue;
}
}
@@ -313,7 +292,7 @@ class Checker {
// Check if certificate is signed by Nextcloud Root Authority
$x509 = new \phpseclib\File\X509();
- $rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/root.crt');
+ $rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot() . '/resources/codesigning/root.crt');
$rootCerts = $this->splitCerts($rootCertificatePublicKey);
foreach ($rootCerts as $rootCert) {
@@ -356,8 +335,8 @@ class Checker {
// Compare the list of files which are not identical
$currentInstanceHashes = $this->generateHashes($this->getFolderIterator($basePath), $basePath);
- $differencesA = array_diff($expectedHashes, $currentInstanceHashes);
- $differencesB = array_diff($currentInstanceHashes, $expectedHashes);
+ $differencesA = array_diff_assoc($expectedHashes, $currentInstanceHashes);
+ $differencesB = array_diff_assoc($currentInstanceHashes, $expectedHashes);
$differences = array_unique(array_merge($differencesA, $differencesB));
$differenceArray = [];
foreach ($differences as $filename => $hash) {
@@ -396,7 +375,7 @@ class Checker {
*/
public function hasPassedCheck(): bool {
$results = $this->getResults();
- if (empty($results)) {
+ if ($results !== null && empty($results)) {
return true;
}
@@ -404,15 +383,20 @@ class Checker {
}
/**
- * @return array
+ * @return array|null Either the results or null if no results available
*/
- public function getResults(): array {
+ public function getResults(): ?array {
$cachedResults = $this->cache->get(self::CACHE_KEY);
if (!\is_null($cachedResults) and $cachedResults !== false) {
return json_decode($cachedResults, true);
}
- return $this->appConfig?->getValueArray('core', self::CACHE_KEY, lazy: true) ?? [];
+ if ($this->appConfig?->hasKey('core', self::CACHE_KEY, lazy: true)) {
+ return $this->appConfig->getValueArray('core', self::CACHE_KEY, lazy: true);
+ }
+
+ // No results available
+ return null;
}
/**
@@ -422,7 +406,7 @@ class Checker {
* @param array $result
*/
private function storeResults(string $scope, array $result) {
- $resultArray = $this->getResults();
+ $resultArray = $this->getResults() ?? [];
unset($resultArray[$scope]);
if (!empty($result)) {
$resultArray[$scope] = $result;
@@ -554,7 +538,7 @@ class Checker {
public function runInstanceVerification() {
$this->cleanResults();
$this->verifyCoreSignature();
- $appIds = $this->appLocator->getAllApps();
+ $appIds = $this->appManager->getAllAppsInAppsFolders();
foreach ($appIds as $appId) {
// If an application is shipped a valid signature is required
$isShipped = $this->appManager->isShipped($appId);
diff --git a/lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php b/lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php
index 18a4ba40e1a..25f8b0dcbf7 100644
--- a/lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php
+++ b/lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php
@@ -1,24 +1,9 @@
<?php
+
/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\IntegrityCheck\Exceptions;
diff --git a/lib/private/IntegrityCheck/Helpers/AppLocator.php b/lib/private/IntegrityCheck/Helpers/AppLocator.php
index 9980fbdf497..148a3aeda76 100644
--- a/lib/private/IntegrityCheck/Helpers/AppLocator.php
+++ b/lib/private/IntegrityCheck/Helpers/AppLocator.php
@@ -1,28 +1,10 @@
<?php
declare(strict_types=1);
-
/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\IntegrityCheck\Helpers;
@@ -48,13 +30,4 @@ class AppLocator {
}
return $path;
}
-
- /**
- * Providers \OC_App::getAllApps()
- *
- * @return array
- */
- public function getAllApps(): array {
- return \OC_App::getAllApps();
- }
}
diff --git a/lib/private/IntegrityCheck/Helpers/EnvironmentHelper.php b/lib/private/IntegrityCheck/Helpers/EnvironmentHelper.php
index 5b6d0448703..583ae5e534f 100644
--- a/lib/private/IntegrityCheck/Helpers/EnvironmentHelper.php
+++ b/lib/private/IntegrityCheck/Helpers/EnvironmentHelper.php
@@ -1,27 +1,10 @@
<?php
declare(strict_types=1);
-
/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\IntegrityCheck\Helpers;
@@ -40,13 +23,4 @@ class EnvironmentHelper {
public function getServerRoot(): string {
return rtrim(\OC::$SERVERROOT, '/');
}
-
- /**
- * Provides \OC_Util::getChannel()
- *
- * @return string
- */
- public function getChannel(): string {
- return \OC_Util::getChannel();
- }
}
diff --git a/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php b/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php
index cd16a619915..c6e57d5d935 100644
--- a/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php
+++ b/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php
@@ -1,29 +1,10 @@
<?php
declare(strict_types=1);
-
/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- * @author Victor Dubiniuk <dubiniuk@owncloud.com>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\IntegrityCheck\Helpers;
diff --git a/lib/private/IntegrityCheck/Iterator/ExcludeFileByNameFilterIterator.php b/lib/private/IntegrityCheck/Iterator/ExcludeFileByNameFilterIterator.php
index 6d26a40aef4..d28eae2740b 100644
--- a/lib/private/IntegrityCheck/Iterator/ExcludeFileByNameFilterIterator.php
+++ b/lib/private/IntegrityCheck/Iterator/ExcludeFileByNameFilterIterator.php
@@ -1,28 +1,10 @@
<?php
declare(strict_types=1);
-
/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Daniel Kesselberg <mail@danielkesselberg.de>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Romain Rivière <lecoyote@lecoyote.org>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\IntegrityCheck\Iterator;
@@ -42,10 +24,11 @@ class ExcludeFileByNameFilterIterator extends \RecursiveFilterIterator {
*/
private $excludedFilenames = [
'.DS_Store', // Mac OS X
- 'Thumbs.db', // Microsoft Windows
'.directory', // Dolphin (KDE)
- '.webapp', // Gentoo/Funtoo & derivatives use a tool known as webapp-config to manage web-apps.
'.rnd',
+ '.webapp', // Gentoo/Funtoo & derivatives use a tool known as webapp-config to manage web-apps.
+ 'Thumbs.db', // Microsoft Windows
+ 'nextcloud-init-sync.lock' // Used by nextcloud/docker to prevent running the initialization script on multiple containers at the same time: https://github.com/nextcloud/docker/issues/2299.
];
/**
diff --git a/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php b/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php
index a0b48158b9f..f6d4c7afd4a 100644
--- a/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php
+++ b/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php
@@ -1,29 +1,10 @@
<?php
declare(strict_types=1);
-
/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author RealRancor <Fisch.666@gmx.de>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\IntegrityCheck\Iterator;
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-15 12:59:53 +0000