upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-19 02:38:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Migrate code integrity to SetupCheck API

Browse source 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
This commit is contained in:
Côme Chilliet 2023-10-26 15:51:51 +02:00
parent 32bf74af16
commit f06b8da249
No known key found for this signature in database
GPG key ID: A3E2F658B28C760A
8 changed files with 67 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
apps/settings/composer/composer/autoload_classmap.php
View file

@ -79,6 +79,7 @@ return array(
'OCA\\Settings\\SetupChecks\\AppDirsWithDifferentOwner' => $baseDir . '/../lib/SetupChecks/AppDirsWithDifferentOwner.php',
'OCA\\Settings\\SetupChecks\\BruteForceThrottler' => $baseDir . '/../lib/SetupChecks/BruteForceThrottler.php',
'OCA\\Settings\\SetupChecks\\CheckUserCertificates' => $baseDir . '/../lib/SetupChecks/CheckUserCertificates.php',
'OCA\\Settings\\SetupChecks\\CodeIntegrity' => $baseDir . '/../lib/SetupChecks/CodeIntegrity.php',
'OCA\\Settings\\SetupChecks\\DatabaseHasMissingColumns' => $baseDir . '/../lib/SetupChecks/DatabaseHasMissingColumns.php',
'OCA\\Settings\\SetupChecks\\DatabaseHasMissingIndices' => $baseDir . '/../lib/SetupChecks/DatabaseHasMissingIndices.php',
'OCA\\Settings\\SetupChecks\\DatabaseHasMissingPrimaryKeys' => $baseDir . '/../lib/SetupChecks/DatabaseHasMissingPrimaryKeys.php',

1
apps/settings/composer/composer/autoload_static.php
View file

@ -94,6 +94,7 @@ class ComposerStaticInitSettings
'OCA\\Settings\\SetupChecks\\AppDirsWithDifferentOwner' => __DIR__ . '/..' . '/../lib/SetupChecks/AppDirsWithDifferentOwner.php',
'OCA\\Settings\\SetupChecks\\BruteForceThrottler' => __DIR__ . '/..' . '/../lib/SetupChecks/BruteForceThrottler.php',
'OCA\\Settings\\SetupChecks\\CheckUserCertificates' => __DIR__ . '/..' . '/../lib/SetupChecks/CheckUserCertificates.php',
'OCA\\Settings\\SetupChecks\\CodeIntegrity' => __DIR__ . '/..' . '/../lib/SetupChecks/CodeIntegrity.php',
'OCA\\Settings\\SetupChecks\\DatabaseHasMissingColumns' => __DIR__ . '/..' . '/../lib/SetupChecks/DatabaseHasMissingColumns.php',
'OCA\\Settings\\SetupChecks\\DatabaseHasMissingIndices' => __DIR__ . '/..' . '/../lib/SetupChecks/DatabaseHasMissingIndices.php',
'OCA\\Settings\\SetupChecks\\DatabaseHasMissingPrimaryKeys' => __DIR__ . '/..' . '/../lib/SetupChecks/DatabaseHasMissingPrimaryKeys.php',

2
apps/settings/lib/AppInfo/Application.php
View file

@ -51,6 +51,7 @@ use OCA\Settings\Search\UserSearch;
use OCA\Settings\SetupChecks\AppDirsWithDifferentOwner;
use OCA\Settings\SetupChecks\BruteForceThrottler;
use OCA\Settings\SetupChecks\CheckUserCertificates;
use OCA\Settings\SetupChecks\CodeIntegrity;
use OCA\Settings\SetupChecks\DatabaseHasMissingColumns;
use OCA\Settings\SetupChecks\DatabaseHasMissingIndices;
use OCA\Settings\SetupChecks\DatabaseHasMissingPrimaryKeys;
@ -168,6 +169,7 @@ class Application extends App implements IBootstrap {
$context->registerSetupCheck(AppDirsWithDifferentOwner::class);
$context->registerSetupCheck(BruteForceThrottler::class);
$context->registerSetupCheck(CheckUserCertificates::class);
$context->registerSetupCheck(CodeIntegrity::class);
$context->registerSetupCheck(DatabaseHasMissingColumns::class);
$context->registerSetupCheck(DatabaseHasMissingIndices::class);
$context->registerSetupCheck(DatabaseHasMissingPrimaryKeys::class);

2
apps/settings/lib/Controller/CheckSetupController.php
View file

@ -406,8 +406,6 @@ Raw output
'isUsedTlsLibOutdated' => $this->isUsedTlsLibOutdated(),
'reverseProxyDocs' => $this->urlGenerator->linkToDocs('admin-reverse-proxy'),
'isCorrectMemcachedPHPModuleInstalled' => $this->isCorrectMemcachedPHPModuleInstalled(),
'hasPassedCodeIntegrityCheck' => $this->checker->hasPassedCheck(),
'codeIntegrityCheckerDocumentation' => $this->urlGenerator->linkToDocs('admin-code-integrity'),
'isSettimelimitAvailable' => $this->isSettimelimitAvailable(),
'areWebauthnExtensionsEnabled' => $this->areWebauthnExtensionsEnabled(),
'isMysqlUsedWithoutUTF8MB4' => $this->isMysqlUsedWithoutUTF8MB4(),

63
apps/settings/lib/SetupChecks/CodeIntegrity.php Normal file
View file

@ -0,0 +1,63 @@
<?php
declare(strict_types=1);
/**
* @copyright Copyright (c) 2023 Côme Chilliet <come.chilliet@nextcloud.com>
*
* @author Côme Chilliet <come.chilliet@nextcloud.com>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\Settings\SetupChecks;
use OC\IntegrityCheck\Checker;
use OCP\IL10N;
use OCP\IURLGenerator;
use OCP\SetupCheck\ISetupCheck;
use OCP\SetupCheck\SetupResult;
class CodeIntegrity implements ISetupCheck {
public function __construct(
private IL10N $l10n,
private IURLGenerator $urlGenerator,
private Checker $checker,
) {
}
public function getName(): string {
return $this->l10n->t('Code integrity');
}
public function getCategory(): string {
return 'security';
}
public function run(): SetupResult {
if (!$this->checker->isCodeCheckEnforced()) {
return SetupResult::info($this->l10n->t('Integrity checker has been disabled. Integrity cannot be verified.'));
} elseif ($this->checker->hasPassedCheck()) {
return SetupResult::success($this->l10n->t('No altered files'));
} else {
// FIXME: If setup check can link to settings pages this should link to /settings/integrity/failed and /settings/integrity/rescan?requesttoken=TOKEN
return SetupResult::error(
$this->l10n->t('Some files have not passed the integrity check.'),
$this->urlGenerator->linkToDocs('admin-code-integrity')
);
}
}
}

2
apps/settings/tests/Controller/CheckSetupControllerTest.php
View file

@ -254,8 +254,6 @@ class CheckSetupControllerTest extends TestCase {
'isUsedTlsLibOutdated' => '',
'reverseProxyDocs' => 'reverse-proxy-doc-link',
'isCorrectMemcachedPHPModuleInstalled' => true,
'hasPassedCodeIntegrityCheck' => true,
'codeIntegrityCheckerDocumentation' => 'http://docs.example.org/server/go.php?to=admin-code-integrity',
'isSettimelimitAvailable' => true,
'areWebauthnExtensionsEnabled' => false,
'isMysqlUsedWithoutUTF8MB4' => false,

10
core/js/setupchecks.js
View file

@ -230,16 +230,6 @@
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
});
}
if(!data.hasPassedCodeIntegrityCheck) {
messages.push({
msg: t('core', 'Some files have not passed the integrity check. Further information on how to resolve this issue can be found in the {linkstart1}documentation ↗{linkend}. ({linkstart2}List of invalid files…{linkend} / {linkstart3}Rescan…{linkend})')
.replace('{linkstart1}', '<a target="_blank" rel="noreferrer noopener" class="external" href="' + data.codeIntegrityCheckerDocumentation + '">')
.replace('{linkstart2}', '<a href="' + OC.generateUrl('/settings/integrity/failed') + '">')
.replace('{linkstart3}', '<a href="' + OC.generateUrl('/settings/integrity/rescan?requesttoken={requesttoken}', {'requesttoken': OC.requestToken}) + '">')
.replace(/{linkend}/g, '</a>'),
type: OC.SetupChecks.MESSAGE_TYPE_ERROR
});
}
if(!data.isSettimelimitAvailable) {
messages.push({
msg: t('core', 'The PHP function "set_time_limit" is not available. This could result in scripts being halted mid-execution, breaking your installation. Enabling this function is strongly recommended.'),

15
core/js/tests/specs/setupchecksSpec.js
View file

@ -226,7 +226,6 @@ describe('OC.SetupChecks tests', function() {
suggestedOverwriteCliURL: '',
isFairUseOfFreePushService: true,
isCorrectMemcachedPHPModuleInstalled: true,
hasPassedCodeIntegrityCheck: true,
isSettimelimitAvailable: true,
cronErrors: [],
cronInfo: {
@ -272,7 +271,6 @@ describe('OC.SetupChecks tests', function() {
suggestedOverwriteCliURL: '',
isFairUseOfFreePushService: true,
isCorrectMemcachedPHPModuleInstalled: true,
hasPassedCodeIntegrityCheck: true,
isSettimelimitAvailable: true,
cronErrors: [],
cronInfo: {
@ -318,7 +316,6 @@ describe('OC.SetupChecks tests', function() {
suggestedOverwriteCliURL: '',
isFairUseOfFreePushService: true,
isCorrectMemcachedPHPModuleInstalled: true,
hasPassedCodeIntegrityCheck: true,
isSettimelimitAvailable: true,
cronErrors: [],
cronInfo: {
@ -364,7 +361,6 @@ describe('OC.SetupChecks tests', function() {
suggestedOverwriteCliURL: '',
isFairUseOfFreePushService: true,
isCorrectMemcachedPHPModuleInstalled: false,
hasPassedCodeIntegrityCheck: true,
isSettimelimitAvailable: true,
cronErrors: [],
cronInfo: {
@ -409,7 +405,6 @@ describe('OC.SetupChecks tests', function() {
isFairUseOfFreePushService: true,
reverseProxyDocs: 'https://docs.nextcloud.com/foo/bar.html',
isCorrectMemcachedPHPModuleInstalled: true,
hasPassedCodeIntegrityCheck: true,
isSettimelimitAvailable: false,
cronErrors: [],
cronInfo: {
@ -454,7 +449,6 @@ describe('OC.SetupChecks tests', function() {
isFairUseOfFreePushService: true,
reverseProxyDocs: 'https://docs.nextcloud.com/foo/bar.html',
isCorrectMemcachedPHPModuleInstalled: true,
hasPassedCodeIntegrityCheck: true,
isSettimelimitAvailable: true,
cronErrors: [],
cronInfo: {
@ -530,7 +524,6 @@ describe('OC.SetupChecks tests', function() {
suggestedOverwriteCliURL: '',
isFairUseOfFreePushService: true,
isCorrectMemcachedPHPModuleInstalled: true,
hasPassedCodeIntegrityCheck: true,
isSettimelimitAvailable: true,
cronErrors: [],
cronInfo: {
@ -581,7 +574,6 @@ describe('OC.SetupChecks tests', function() {
suggestedOverwriteCliURL: '',
isFairUseOfFreePushService: true,
isCorrectMemcachedPHPModuleInstalled: true,
hasPassedCodeIntegrityCheck: true,
isSettimelimitAvailable: true,
cronErrors: [],
cronInfo: {
@ -629,7 +621,6 @@ describe('OC.SetupChecks tests', function() {
suggestedOverwriteCliURL: '',
isFairUseOfFreePushService: true,
isCorrectMemcachedPHPModuleInstalled: true,
hasPassedCodeIntegrityCheck: true,
isSettimelimitAvailable: true,
cronErrors: [],
cronInfo: {
@ -674,7 +665,6 @@ describe('OC.SetupChecks tests', function() {
suggestedOverwriteCliURL: '',
isFairUseOfFreePushService: true,
isCorrectMemcachedPHPModuleInstalled: true,
hasPassedCodeIntegrityCheck: true,
isSettimelimitAvailable: true,
cronErrors: [],
cronInfo: {
@ -716,7 +706,6 @@ describe('OC.SetupChecks tests', function() {
suggestedOverwriteCliURL: '',
isFairUseOfFreePushService: true,
isCorrectMemcachedPHPModuleInstalled: true,
hasPassedCodeIntegrityCheck: true,
isSettimelimitAvailable: true,
cronErrors: [],
cronInfo: {
@ -748,7 +737,6 @@ describe('OC.SetupChecks tests', function() {
});
});
it('should return an error if gmp or bcmath are not enabled', function(done) {
var async = OC.SetupChecks.checkSetup();
@ -761,7 +749,6 @@ describe('OC.SetupChecks tests', function() {
suggestedOverwriteCliURL: '',
isFairUseOfFreePushService: true,
isCorrectMemcachedPHPModuleInstalled: true,
hasPassedCodeIntegrityCheck: true,
isSettimelimitAvailable: true,
cronErrors: [],
cronInfo: {
@ -805,7 +792,6 @@ describe('OC.SetupChecks tests', function() {
suggestedOverwriteCliURL: '',
isFairUseOfFreePushService: true,
isCorrectMemcachedPHPModuleInstalled: true,
hasPassedCodeIntegrityCheck: true,
isSettimelimitAvailable: true,
cronErrors: [],
cronInfo: {
@ -856,7 +842,6 @@ describe('OC.SetupChecks tests', function() {
suggestedOverwriteCliURL: '',
isFairUseOfFreePushService: true,
isCorrectMemcachedPHPModuleInstalled: true,
hasPassedCodeIntegrityCheck: true,
isSettimelimitAvailable: true,
cronErrors: [],
cronInfo: {