From 9ed7ea004616499cd989d4914dc98e0464d77f13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=B4me=20Chilliet?= Date: Thu, 26 Oct 2023 15:51:51 +0200 Subject: [PATCH] Migrate code integrity to SetupCheck API MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Côme Chilliet --- .../composer/composer/autoload_classmap.php | 1 + .../composer/composer/autoload_static.php | 1 + apps/settings/lib/AppInfo/Application.php | 2 + .../lib/Controller/CheckSetupController.php | 2 - .../lib/SetupChecks/CodeIntegrity.php | 63 +++++++++++++++++++ .../Controller/CheckSetupControllerTest.php | 2 - core/js/setupchecks.js | 10 --- core/js/tests/specs/setupchecksSpec.js | 21 ------- 8 files changed, 67 insertions(+), 35 deletions(-) create mode 100644 apps/settings/lib/SetupChecks/CodeIntegrity.php diff --git a/apps/settings/composer/composer/autoload_classmap.php b/apps/settings/composer/composer/autoload_classmap.php index c69b49ec309c2..d18528ff4d465 100644 --- a/apps/settings/composer/composer/autoload_classmap.php +++ b/apps/settings/composer/composer/autoload_classmap.php @@ -74,6 +74,7 @@ 'OCA\\Settings\\Settings\\Personal\\Security\\WebAuthn' => $baseDir . '/../lib/Settings/Personal/Security/WebAuthn.php', 'OCA\\Settings\\Settings\\Personal\\ServerDevNotice' => $baseDir . '/../lib/Settings/Personal/ServerDevNotice.php', 'OCA\\Settings\\SetupChecks\\CheckUserCertificates' => $baseDir . '/../lib/SetupChecks/CheckUserCertificates.php', + 'OCA\\Settings\\SetupChecks\\CodeIntegrity' => $baseDir . '/../lib/SetupChecks/CodeIntegrity.php', 'OCA\\Settings\\SetupChecks\\DefaultPhoneRegionSet' => $baseDir . '/../lib/SetupChecks/DefaultPhoneRegionSet.php', 'OCA\\Settings\\SetupChecks\\EmailTestSuccessful' => $baseDir . '/../lib/SetupChecks/EmailTestSuccessful.php', 'OCA\\Settings\\SetupChecks\\FileLocking' => $baseDir . '/../lib/SetupChecks/FileLocking.php', diff --git a/apps/settings/composer/composer/autoload_static.php b/apps/settings/composer/composer/autoload_static.php index eba8fadc98a7c..5512082304f21 100644 --- a/apps/settings/composer/composer/autoload_static.php +++ b/apps/settings/composer/composer/autoload_static.php @@ -89,6 +89,7 @@ class ComposerStaticInitSettings 'OCA\\Settings\\Settings\\Personal\\Security\\WebAuthn' => __DIR__ . '/..' . '/../lib/Settings/Personal/Security/WebAuthn.php', 'OCA\\Settings\\Settings\\Personal\\ServerDevNotice' => __DIR__ . '/..' . '/../lib/Settings/Personal/ServerDevNotice.php', 'OCA\\Settings\\SetupChecks\\CheckUserCertificates' => __DIR__ . '/..' . '/../lib/SetupChecks/CheckUserCertificates.php', + 'OCA\\Settings\\SetupChecks\\CodeIntegrity' => __DIR__ . '/..' . '/../lib/SetupChecks/CodeIntegrity.php', 'OCA\\Settings\\SetupChecks\\DefaultPhoneRegionSet' => __DIR__ . '/..' . '/../lib/SetupChecks/DefaultPhoneRegionSet.php', 'OCA\\Settings\\SetupChecks\\EmailTestSuccessful' => __DIR__ . '/..' . '/../lib/SetupChecks/EmailTestSuccessful.php', 'OCA\\Settings\\SetupChecks\\FileLocking' => __DIR__ . '/..' . '/../lib/SetupChecks/FileLocking.php', diff --git a/apps/settings/lib/AppInfo/Application.php b/apps/settings/lib/AppInfo/Application.php index 0770418c3bb7e..518dc88bfa04a 100644 --- a/apps/settings/lib/AppInfo/Application.php +++ b/apps/settings/lib/AppInfo/Application.php @@ -49,6 +49,7 @@ use OCA\Settings\Search\SectionSearch; use OCA\Settings\Search\UserSearch; use OCA\Settings\SetupChecks\CheckUserCertificates; +use OCA\Settings\SetupChecks\CodeIntegrity; use OCA\Settings\SetupChecks\DefaultPhoneRegionSet; use OCA\Settings\SetupChecks\EmailTestSuccessful; use OCA\Settings\SetupChecks\FileLocking; @@ -154,6 +155,7 @@ public function register(IRegistrationContext $context): void { ); }); $context->registerSetupCheck(CheckUserCertificates::class); + $context->registerSetupCheck(CodeIntegrity::class); $context->registerSetupCheck(DefaultPhoneRegionSet::class); $context->registerSetupCheck(EmailTestSuccessful::class); $context->registerSetupCheck(FileLocking::class); diff --git a/apps/settings/lib/Controller/CheckSetupController.php b/apps/settings/lib/Controller/CheckSetupController.php index f5849cce5a83a..80dd695298001 100644 --- a/apps/settings/lib/Controller/CheckSetupController.php +++ b/apps/settings/lib/Controller/CheckSetupController.php @@ -752,8 +752,6 @@ public function check() { 'forwardedForHeadersWorking' => $this->forwardedForHeadersWorking(), 'reverseProxyDocs' => $this->urlGenerator->linkToDocs('admin-reverse-proxy'), 'isCorrectMemcachedPHPModuleInstalled' => $this->isCorrectMemcachedPHPModuleInstalled(), - 'hasPassedCodeIntegrityCheck' => $this->checker->hasPassedCheck(), - 'codeIntegrityCheckerDocumentation' => $this->urlGenerator->linkToDocs('admin-code-integrity'), 'OpcacheSetupRecommendations' => $this->getOpcacheSetupRecommendations(), 'isSettimelimitAvailable' => $this->isSettimelimitAvailable(), 'hasFreeTypeSupport' => $this->hasFreeTypeSupport(), diff --git a/apps/settings/lib/SetupChecks/CodeIntegrity.php b/apps/settings/lib/SetupChecks/CodeIntegrity.php new file mode 100644 index 0000000000000..234e1fbf05888 --- /dev/null +++ b/apps/settings/lib/SetupChecks/CodeIntegrity.php @@ -0,0 +1,63 @@ + + * + * @author Côme Chilliet + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ +namespace OCA\Settings\SetupChecks; + +use OC\IntegrityCheck\Checker; +use OCP\IL10N; +use OCP\IURLGenerator; +use OCP\SetupCheck\ISetupCheck; +use OCP\SetupCheck\SetupResult; + +class CodeIntegrity implements ISetupCheck { + public function __construct( + private IL10N $l10n, + private IURLGenerator $urlGenerator, + private Checker $checker, + ) { + } + + public function getName(): string { + return $this->l10n->t('Code integrity'); + } + + public function getCategory(): string { + return 'security'; + } + + public function run(): SetupResult { + if (!$this->checker->isCodeCheckEnforced()) { + return SetupResult::info($this->l10n->t('Integrity checker has been disabled. Integrity cannot be verified.')); + } elseif ($this->checker->hasPassedCheck()) { + return SetupResult::success($this->l10n->t('No altered files')); + } else { + // FIXME: If setup check can link to settings pages this should link to /settings/integrity/failed and /settings/integrity/rescan?requesttoken=TOKEN + return SetupResult::error( + $this->l10n->t('Some files have not passed the integrity check.'), + $this->urlGenerator->linkToDocs('admin-code-integrity') + ); + } + } +} diff --git a/apps/settings/tests/Controller/CheckSetupControllerTest.php b/apps/settings/tests/Controller/CheckSetupControllerTest.php index 157db6218770b..0ca3c77559f1e 100644 --- a/apps/settings/tests/Controller/CheckSetupControllerTest.php +++ b/apps/settings/tests/Controller/CheckSetupControllerTest.php @@ -447,8 +447,6 @@ public function testCheck() { 'forwardedForHeadersWorking' => false, 'reverseProxyDocs' => 'reverse-proxy-doc-link', 'isCorrectMemcachedPHPModuleInstalled' => true, - 'hasPassedCodeIntegrityCheck' => true, - 'codeIntegrityCheckerDocumentation' => 'http://docs.example.org/server/go.php?to=admin-code-integrity', 'OpcacheSetupRecommendations' => ['recommendation1', 'recommendation2'], 'isSettimelimitAvailable' => true, 'hasFreeTypeSupport' => false, diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js index 029096b43b2e4..80b6e07757831 100644 --- a/core/js/setupchecks.js +++ b/core/js/setupchecks.js @@ -246,16 +246,6 @@ type: OC.SetupChecks.MESSAGE_TYPE_WARNING }); } - if(!data.hasPassedCodeIntegrityCheck) { - messages.push({ - msg: t('core', 'Some files have not passed the integrity check. Further information on how to resolve this issue can be found in the {linkstart1}documentation ↗{linkend}. ({linkstart2}List of invalid files…{linkend} / {linkstart3}Rescan…{linkend})') - .replace('{linkstart1}', '') - .replace('{linkstart2}', '') - .replace('{linkstart3}', '') - .replace(/{linkend}/g, ''), - type: OC.SetupChecks.MESSAGE_TYPE_ERROR - }); - } if(data.OpcacheSetupRecommendations.length > 0) { var listOfOPcacheRecommendations = ""; data.OpcacheSetupRecommendations.forEach(function(element){ diff --git a/core/js/tests/specs/setupchecksSpec.js b/core/js/tests/specs/setupchecksSpec.js index 984c27fa973ca..cf7e3f80503b1 100644 --- a/core/js/tests/specs/setupchecksSpec.js +++ b/core/js/tests/specs/setupchecksSpec.js @@ -227,7 +227,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -288,7 +287,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -349,7 +347,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -406,7 +403,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: false, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -461,7 +457,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -519,7 +514,6 @@ describe('OC.SetupChecks tests', function() { forwardedForHeadersWorking: false, reverseProxyDocs: 'https://docs.nextcloud.com/foo/bar.html', isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -577,7 +571,6 @@ describe('OC.SetupChecks tests', function() { forwardedForHeadersWorking: true, reverseProxyDocs: 'https://docs.nextcloud.com/foo/bar.html', isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -633,7 +626,6 @@ describe('OC.SetupChecks tests', function() { forwardedForHeadersWorking: true, reverseProxyDocs: 'https://docs.nextcloud.com/foo/bar.html', isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: false, hasFreeTypeSupport: true, @@ -689,7 +681,6 @@ describe('OC.SetupChecks tests', function() { forwardedForHeadersWorking: true, reverseProxyDocs: 'https://docs.nextcloud.com/foo/bar.html', isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -764,7 +755,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -826,7 +816,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: ['recommendation1', 'recommendation2'], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -881,7 +870,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: false, @@ -936,7 +924,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -995,7 +982,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -1051,7 +1037,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -1104,7 +1089,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -1160,7 +1144,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -1216,7 +1199,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -1271,7 +1253,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -1326,7 +1307,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true, @@ -1388,7 +1368,6 @@ describe('OC.SetupChecks tests', function() { isFairUseOfFreePushService: true, forwardedForHeadersWorking: true, isCorrectMemcachedPHPModuleInstalled: true, - hasPassedCodeIntegrityCheck: true, OpcacheSetupRecommendations: [], isSettimelimitAvailable: true, hasFreeTypeSupport: true,