Make OC\IntegrityCheck strict

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2018-02-21 13:27:29 +01:00
parent 7c6cc013eb
commit 4d5f2e64a5
No known key found for this signature in database
GPG key ID: F941078878347C0C
6 changed files with 38 additions and 33 deletions

View file

@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
@ -97,9 +98,9 @@ class Checker {
*
* @return bool
*/
public function isCodeCheckEnforced() {
public function isCodeCheckEnforced(): bool {
$notSignedChannels = [ '', 'git'];
if (in_array($this->environmentHelper->getChannel(), $notSignedChannels, true)) {
if (\in_array($this->environmentHelper->getChannel(), $notSignedChannels, true)) {
return false;
}
@ -108,10 +109,9 @@ class Checker {
* applicable for very specific scenarios and we should not advertise it
* too prominent. So please do not add it to config.sample.php.
*/
$isIntegrityCheckDisabled = false;
if ($this->config !== null) {
$isIntegrityCheckDisabled = $this->config->getSystemValue('integrity.check.disabled', false);
} else {
$isIntegrityCheckDisabled = false;
}
if ($isIntegrityCheckDisabled === true) {
return false;
@ -128,7 +128,7 @@ class Checker {
* @return \RecursiveIteratorIterator
* @throws \Exception
*/
private function getFolderIterator($folderToIterate, $root = '') {
private function getFolderIterator(string $folderToIterate, string $root = ''): \RecursiveIteratorIterator {
$dirItr = new \RecursiveDirectoryIterator(
$folderToIterate,
\RecursiveDirectoryIterator::SKIP_DOTS
@ -156,12 +156,12 @@ class Checker {
* @return array Array of hashes.
*/
private function generateHashes(\RecursiveIteratorIterator $iterator,
$path) {
string $path): array {
$hashes = [];
$copiedWebserverSettingFiles = false;
$tmpFolder = '';
$baseDirectoryLength = strlen($path);
$baseDirectoryLength = \strlen($path);
foreach($iterator as $filename => $data) {
/** @var \DirectoryIterator $data */
if($data->isDir()) {
@ -220,7 +220,7 @@ class Checker {
if($filename === $this->environmentHelper->getServerRoot() . '/.htaccess') {
$fileContent = file_get_contents($tmpFolder . '/.htaccess');
$explodedArray = explode('#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####', $fileContent);
if(count($explodedArray) === 2) {
if(\count($explodedArray) === 2) {
$hashes[$relativeFileName] = hash('sha512', $explodedArray[0]);
continue;
}
@ -238,11 +238,11 @@ class Checker {
* @param array $hashes
* @param X509 $certificate
* @param RSA $privateKey
* @return string
* @return array
*/
private function createSignatureData(array $hashes,
X509 $certificate,
RSA $privateKey) {
RSA $privateKey): array {
ksort($hashes);
$privateKey->setSignatureMode(RSA::SIGNATURE_PSS);
@ -328,13 +328,13 @@ class Checker {
* @throws InvalidSignatureException
* @throws \Exception
*/
private function verify($signaturePath, $basePath, $certificateCN) {
private function verify(string $signaturePath, string $basePath, string $certificateCN): array {
if(!$this->isCodeCheckEnforced()) {
return [];
}
$signatureData = json_decode($this->fileAccessHelper->file_get_contents($signaturePath), true);
if(!is_array($signatureData)) {
if(!\is_array($signatureData)) {
throw new InvalidSignatureException('Signature data not found.');
}
@ -422,7 +422,7 @@ class Checker {
*
* @return bool
*/
public function hasPassedCheck() {
public function hasPassedCheck(): bool {
$results = $this->getResults();
if(empty($results)) {
return true;
@ -434,9 +434,9 @@ class Checker {
/**
* @return array
*/
public function getResults() {
public function getResults(): array {
$cachedResults = $this->cache->get(self::CACHE_KEY);
if(!is_null($cachedResults)) {
if(!\is_null($cachedResults)) {
return json_decode($cachedResults, true);
}
@ -452,7 +452,7 @@ class Checker {
* @param string $scope
* @param array $result
*/
private function storeResults($scope, array $result) {
private function storeResults(string $scope, array $result) {
$resultArray = $this->getResults();
unset($resultArray[$scope]);
if(!empty($result)) {
@ -505,7 +505,7 @@ class Checker {
* @param string $path Optional path. If none is given it will be guessed.
* @return array
*/
public function verifyAppSignature($appId, $path = '') {
public function verifyAppSignature(string $appId, string $path = ''): array {
try {
if($path === '') {
$path = $this->appLocator->getAppPath($appId);
@ -518,7 +518,7 @@ class Checker {
} catch (\Exception $e) {
$result = [
'EXCEPTION' => [
'class' => get_class($e),
'class' => \get_class($e),
'message' => $e->getMessage(),
],
];
@ -558,7 +558,7 @@ class Checker {
*
* @return array
*/
public function verifyCoreSignature() {
public function verifyCoreSignature(): array {
try {
$result = $this->verify(
$this->environmentHelper->getServerRoot() . '/core/signature.json',
@ -568,7 +568,7 @@ class Checker {
} catch (\Exception $e) {
$result = [
'EXCEPTION' => [
'class' => get_class($e),
'class' => \get_class($e),
'message' => $e->getMessage(),
],
];

View file

@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
@ -37,7 +38,7 @@ class AppLocator {
* @return string
* @throws \Exception If the app cannot be found
*/
public function getAppPath($appId) {
public function getAppPath(string $appId): string {
$path = \OC_App::getAppPath($appId);
if($path === false) {
@ -51,7 +52,7 @@ class AppLocator {
*
* @return array
*/
public function getAllApps() {
public function getAllApps(): array {
return \OC_App::getAllApps();
}
}

View file

@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
@ -34,7 +35,7 @@ class EnvironmentHelper {
*
* @return string
*/
public function getServerRoot() {
public function getServerRoot(): string {
return rtrim(\OC::$SERVERROOT, '/');
}
@ -43,7 +44,7 @@ class EnvironmentHelper {
*
* @return string
*/
public function getChannel() {
public function getChannel(): string {
return \OC_Util::getChannel();
}
}

View file

@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
@ -36,7 +37,7 @@ class FileAccessHelper {
* @param string $filename
* @return string|false
*/
public function file_get_contents($filename) {
public function file_get_contents(string $filename) {
return file_get_contents($filename);
}
@ -46,7 +47,7 @@ class FileAccessHelper {
* @param string $filename
* @return bool
*/
public function file_exists($filename) {
public function file_exists(string $filename): bool {
return file_exists($filename);
}
@ -58,9 +59,9 @@ class FileAccessHelper {
* @return int
* @throws \Exception
*/
public function file_put_contents($filename, $data) {
public function file_put_contents(string $filename, string $data): int {
$bytesWritten = @file_put_contents($filename, $data);
if ($bytesWritten === false || $bytesWritten !== strlen($data)){
if ($bytesWritten === false || $bytesWritten !== \strlen($data)){
throw new \Exception('Failed to write into ' . $filename);
}
return $bytesWritten;
@ -70,7 +71,7 @@ class FileAccessHelper {
* @param string $path
* @return bool
*/
public function is_writable($path) {
public function is_writable(string $path): bool {
return is_writable($path);
}
@ -78,7 +79,7 @@ class FileAccessHelper {
* @param string $path
* @throws \Exception
*/
public function assertDirectoryExists($path) {
public function assertDirectoryExists(string $path) {
if (!is_dir($path)) {
throw new \Exception('Directory ' . $path . ' does not exist.');
}

View file

@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
@ -52,7 +53,7 @@ class ExcludeFileByNameFilterIterator extends \RecursiveFilterIterator {
return true;
}
return !in_array(
return !\in_array(
$this->current()->getFilename(),
$this->excludedFilenames,
true

View file

@ -1,4 +1,5 @@
<?php
declare(strict_types=1);
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
@ -24,7 +25,7 @@
namespace OC\IntegrityCheck\Iterator;
class ExcludeFoldersByPathFilterIterator extends \RecursiveFilterIterator {
private $excludedFolders = [];
private $excludedFolders;
public function __construct(\RecursiveIterator $iterator, $root = '') {
parent::__construct($iterator);
@ -59,7 +60,7 @@ class ExcludeFoldersByPathFilterIterator extends \RecursiveFilterIterator {
* @return bool
*/
public function accept() {
return !in_array(
return !\in_array(
$this->current()->getPathName(),
$this->excludedFolders,
true