aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/IntegrityCheck
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/IntegrityCheck')
-rw-r--r--lib/private/IntegrityCheck/Checker.php124
-rw-r--r--lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php23
-rw-r--r--lib/private/IntegrityCheck/Helpers/AppLocator.php33
-rw-r--r--lib/private/IntegrityCheck/Helpers/EnvironmentHelper.php32
-rw-r--r--lib/private/IntegrityCheck/Helpers/FileAccessHelper.php25
-rw-r--r--lib/private/IntegrityCheck/Iterator/ExcludeFileByNameFilterIterator.php29
-rw-r--r--lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php25
7 files changed, 58 insertions, 233 deletions
diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php
index a5dec637bdb..2bd6e426b79 100644
--- a/lib/private/IntegrityCheck/Checker.php
+++ b/lib/private/IntegrityCheck/Checker.php
@@ -1,33 +1,10 @@
<?php
declare(strict_types=1);
-
/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Joas Schilling <coding@schilljs.com>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- * @author Victor Dubiniuk <dubiniuk@owncloud.com>
- * @author Vincent Petry <vincent@nextcloud.com>
- * @author Xheni Myrtaj <myrtajxheni@gmail.com>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\IntegrityCheck;
@@ -40,9 +17,11 @@ use OC\IntegrityCheck\Iterator\ExcludeFileByNameFilterIterator;
use OC\IntegrityCheck\Iterator\ExcludeFoldersByPathFilterIterator;
use OCP\App\IAppManager;
use OCP\Files\IMimeTypeDetector;
+use OCP\IAppConfig;
use OCP\ICache;
use OCP\ICacheFactory;
use OCP\IConfig;
+use OCP\ServerVersion;
use phpseclib\Crypt\RSA;
use phpseclib\File\X509;
@@ -58,44 +37,21 @@ use phpseclib\File\X509;
*/
class Checker {
public const CACHE_KEY = 'oc.integritycheck.checker';
- /** @var EnvironmentHelper */
- private $environmentHelper;
- /** @var AppLocator */
- private $appLocator;
- /** @var FileAccessHelper */
- private $fileAccessHelper;
- /** @var IConfig|null */
- private $config;
- /** @var ICache */
- private $cache;
- /** @var IAppManager|null */
- private $appManager;
- /** @var IMimeTypeDetector */
- private $mimeTypeDetector;
- /**
- * @param EnvironmentHelper $environmentHelper
- * @param FileAccessHelper $fileAccessHelper
- * @param AppLocator $appLocator
- * @param IConfig|null $config
- * @param ICacheFactory $cacheFactory
- * @param IAppManager|null $appManager
- * @param IMimeTypeDetector $mimeTypeDetector
- */
- public function __construct(EnvironmentHelper $environmentHelper,
- FileAccessHelper $fileAccessHelper,
- AppLocator $appLocator,
- ?IConfig $config,
+ private ICache $cache;
+
+ public function __construct(
+ private ServerVersion $serverVersion,
+ private EnvironmentHelper $environmentHelper,
+ private FileAccessHelper $fileAccessHelper,
+ private AppLocator $appLocator,
+ private ?IConfig $config,
+ private ?IAppConfig $appConfig,
ICacheFactory $cacheFactory,
- ?IAppManager $appManager,
- IMimeTypeDetector $mimeTypeDetector) {
- $this->environmentHelper = $environmentHelper;
- $this->fileAccessHelper = $fileAccessHelper;
- $this->appLocator = $appLocator;
- $this->config = $config;
+ private IAppManager $appManager,
+ private IMimeTypeDetector $mimeTypeDetector,
+ ) {
$this->cache = $cacheFactory->createDistributed(self::CACHE_KEY);
- $this->appManager = $appManager;
- $this->mimeTypeDetector = $mimeTypeDetector;
}
/**
@@ -105,7 +61,7 @@ class Checker {
*/
public function isCodeCheckEnforced(): bool {
$notSignedChannels = [ '', 'git'];
- if (\in_array($this->environmentHelper->getChannel(), $notSignedChannels, true)) {
+ if (\in_array($this->serverVersion->getChannel(), $notSignedChannels, true)) {
return false;
}
@@ -114,15 +70,7 @@ class Checker {
* applicable for very specific scenarios and we should not advertise it
* too prominent. So please do not add it to config.sample.php.
*/
- $isIntegrityCheckDisabled = false;
- if ($this->config !== null) {
- $isIntegrityCheckDisabled = $this->config->getSystemValueBool('integrity.check.disabled', false);
- }
- if ($isIntegrityCheckDisabled) {
- return false;
- }
-
- return true;
+ return !($this->config?->getSystemValueBool('integrity.check.disabled', false) ?? false);
}
/**
@@ -200,10 +148,10 @@ class Checker {
}
if ($filename === $this->environmentHelper->getServerRoot() . '/core/js/mimetypelist.js') {
$oldMimetypeList = new GenerateMimetypeFileBuilder();
- $newFile = $oldMimetypeList->generateFile($this->mimeTypeDetector->getAllAliases());
+ $newFile = $oldMimetypeList->generateFile($this->mimeTypeDetector->getAllAliases(), $this->mimeTypeDetector->getAllNamings());
$oldFile = $this->fileAccessHelper->file_get_contents($filename);
if ($newFile === $oldFile) {
- $hashes[$relativeFileName] = hash('sha512', $oldMimetypeList->generateFile($this->mimeTypeDetector->getOnlyDefaultAliases()));
+ $hashes[$relativeFileName] = hash('sha512', $oldMimetypeList->generateFile($this->mimeTypeDetector->getOnlyDefaultAliases(), $this->mimeTypeDetector->getAllNamings()));
continue;
}
}
@@ -344,7 +292,7 @@ class Checker {
// Check if certificate is signed by Nextcloud Root Authority
$x509 = new \phpseclib\File\X509();
- $rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/root.crt');
+ $rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot() . '/resources/codesigning/root.crt');
$rootCerts = $this->splitCerts($rootCertificatePublicKey);
foreach ($rootCerts as $rootCert) {
@@ -387,8 +335,8 @@ class Checker {
// Compare the list of files which are not identical
$currentInstanceHashes = $this->generateHashes($this->getFolderIterator($basePath), $basePath);
- $differencesA = array_diff($expectedHashes, $currentInstanceHashes);
- $differencesB = array_diff($currentInstanceHashes, $expectedHashes);
+ $differencesA = array_diff_assoc($expectedHashes, $currentInstanceHashes);
+ $differencesB = array_diff_assoc($currentInstanceHashes, $expectedHashes);
$differences = array_unique(array_merge($differencesA, $differencesB));
$differenceArray = [];
foreach ($differences as $filename => $hash) {
@@ -427,7 +375,7 @@ class Checker {
*/
public function hasPassedCheck(): bool {
$results = $this->getResults();
- if (empty($results)) {
+ if ($results !== null && empty($results)) {
return true;
}
@@ -435,18 +383,20 @@ class Checker {
}
/**
- * @return array
+ * @return array|null Either the results or null if no results available
*/
- public function getResults(): array {
+ public function getResults(): ?array {
$cachedResults = $this->cache->get(self::CACHE_KEY);
if (!\is_null($cachedResults) and $cachedResults !== false) {
return json_decode($cachedResults, true);
}
- if ($this->config !== null) {
- return json_decode($this->config->getAppValue('core', self::CACHE_KEY, '{}'), true);
+ if ($this->appConfig?->hasKey('core', self::CACHE_KEY, lazy: true)) {
+ return $this->appConfig->getValueArray('core', self::CACHE_KEY, lazy: true);
}
- return [];
+
+ // No results available
+ return null;
}
/**
@@ -456,14 +406,12 @@ class Checker {
* @param array $result
*/
private function storeResults(string $scope, array $result) {
- $resultArray = $this->getResults();
+ $resultArray = $this->getResults() ?? [];
unset($resultArray[$scope]);
if (!empty($result)) {
$resultArray[$scope] = $result;
}
- if ($this->config !== null) {
- $this->config->setAppValue('core', self::CACHE_KEY, json_encode($resultArray));
- }
+ $this->appConfig?->setValueArray('core', self::CACHE_KEY, $resultArray, lazy: true);
$this->cache->set(self::CACHE_KEY, json_encode($resultArray));
}
@@ -472,7 +420,7 @@ class Checker {
* Clean previous results for a proper rescanning. Otherwise
*/
private function cleanResults() {
- $this->config->deleteAppValue('core', self::CACHE_KEY);
+ $this->appConfig->deleteKey('core', self::CACHE_KEY);
$this->cache->remove(self::CACHE_KEY);
}
@@ -590,7 +538,7 @@ class Checker {
public function runInstanceVerification() {
$this->cleanResults();
$this->verifyCoreSignature();
- $appIds = $this->appLocator->getAllApps();
+ $appIds = $this->appManager->getAllAppsInAppsFolders();
foreach ($appIds as $appId) {
// If an application is shipped a valid signature is required
$isShipped = $this->appManager->isShipped($appId);
diff --git a/lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php b/lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php
index 18a4ba40e1a..25f8b0dcbf7 100644
--- a/lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php
+++ b/lib/private/IntegrityCheck/Exceptions/InvalidSignatureException.php
@@ -1,24 +1,9 @@
<?php
+
/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\IntegrityCheck\Exceptions;
diff --git a/lib/private/IntegrityCheck/Helpers/AppLocator.php b/lib/private/IntegrityCheck/Helpers/AppLocator.php
index 9980fbdf497..148a3aeda76 100644
--- a/lib/private/IntegrityCheck/Helpers/AppLocator.php
+++ b/lib/private/IntegrityCheck/Helpers/AppLocator.php
@@ -1,28 +1,10 @@
<?php
declare(strict_types=1);
-
/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\IntegrityCheck\Helpers;
@@ -48,13 +30,4 @@ class AppLocator {
}
return $path;
}
-
- /**
- * Providers \OC_App::getAllApps()
- *
- * @return array
- */
- public function getAllApps(): array {
- return \OC_App::getAllApps();
- }
}
diff --git a/lib/private/IntegrityCheck/Helpers/EnvironmentHelper.php b/lib/private/IntegrityCheck/Helpers/EnvironmentHelper.php
index 5b6d0448703..583ae5e534f 100644
--- a/lib/private/IntegrityCheck/Helpers/EnvironmentHelper.php
+++ b/lib/private/IntegrityCheck/Helpers/EnvironmentHelper.php
@@ -1,27 +1,10 @@
<?php
declare(strict_types=1);
-
/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\IntegrityCheck\Helpers;
@@ -40,13 +23,4 @@ class EnvironmentHelper {
public function getServerRoot(): string {
return rtrim(\OC::$SERVERROOT, '/');
}
-
- /**
- * Provides \OC_Util::getChannel()
- *
- * @return string
- */
- public function getChannel(): string {
- return \OC_Util::getChannel();
- }
}
diff --git a/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php b/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php
index cd16a619915..c6e57d5d935 100644
--- a/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php
+++ b/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php
@@ -1,29 +1,10 @@
<?php
declare(strict_types=1);
-
/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- * @author Victor Dubiniuk <dubiniuk@owncloud.com>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\IntegrityCheck\Helpers;
diff --git a/lib/private/IntegrityCheck/Iterator/ExcludeFileByNameFilterIterator.php b/lib/private/IntegrityCheck/Iterator/ExcludeFileByNameFilterIterator.php
index 6d26a40aef4..d28eae2740b 100644
--- a/lib/private/IntegrityCheck/Iterator/ExcludeFileByNameFilterIterator.php
+++ b/lib/private/IntegrityCheck/Iterator/ExcludeFileByNameFilterIterator.php
@@ -1,28 +1,10 @@
<?php
declare(strict_types=1);
-
/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Daniel Kesselberg <mail@danielkesselberg.de>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Romain Rivière <lecoyote@lecoyote.org>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\IntegrityCheck\Iterator;
@@ -42,10 +24,11 @@ class ExcludeFileByNameFilterIterator extends \RecursiveFilterIterator {
*/
private $excludedFilenames = [
'.DS_Store', // Mac OS X
- 'Thumbs.db', // Microsoft Windows
'.directory', // Dolphin (KDE)
- '.webapp', // Gentoo/Funtoo & derivatives use a tool known as webapp-config to manage web-apps.
'.rnd',
+ '.webapp', // Gentoo/Funtoo & derivatives use a tool known as webapp-config to manage web-apps.
+ 'Thumbs.db', // Microsoft Windows
+ 'nextcloud-init-sync.lock' // Used by nextcloud/docker to prevent running the initialization script on multiple containers at the same time: https://github.com/nextcloud/docker/issues/2299.
];
/**
diff --git a/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php b/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php
index a0b48158b9f..f6d4c7afd4a 100644
--- a/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php
+++ b/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php
@@ -1,29 +1,10 @@
<?php
declare(strict_types=1);
-
/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author RealRancor <Fisch.666@gmx.de>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\IntegrityCheck\Iterator;
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-14 18:42:04 +0000