Do not fail integrity check if mimetype list is changed
Signed-off-by: Xheni Myrtaj <myrtajxheni@gmail.com>
This commit is contained in:
parent
89c701382f
commit
d227f4d34c
|
@ -0,0 +1,105 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
/**
|
||||
* @copyright Copyright (c) 2019 Xheni Myrtaj <xheni@protonmail.com>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OC\Core\Command\Maintenance\Mimetype;
|
||||
|
||||
|
||||
class GenerateMimetypeFileBuilder
|
||||
{
|
||||
/**
|
||||
* Generate mime type list file
|
||||
* @param $aliases
|
||||
* @return string
|
||||
*/
|
||||
public function generateFile($aliases): string {
|
||||
// Remove comments
|
||||
$keys = array_filter(array_keys($aliases), function($k) {
|
||||
return $k[0] === '_';
|
||||
});
|
||||
foreach($keys as $key) {
|
||||
unset($aliases[$key]);
|
||||
}
|
||||
|
||||
// Fetch all files
|
||||
$dir = new \DirectoryIterator(\OC::$SERVERROOT.'/core/img/filetypes');
|
||||
|
||||
$files = [];
|
||||
foreach($dir as $fileInfo) {
|
||||
if ($fileInfo->isFile()) {
|
||||
$file = preg_replace('/.[^.]*$/', '', $fileInfo->getFilename());
|
||||
$files[] = $file;
|
||||
}
|
||||
}
|
||||
|
||||
//Remove duplicates
|
||||
$files = array_values(array_unique($files));
|
||||
sort($files);
|
||||
|
||||
// Fetch all themes!
|
||||
$themes = [];
|
||||
$dirs = new \DirectoryIterator(\OC::$SERVERROOT.'/themes/');
|
||||
foreach($dirs as $dir) {
|
||||
//Valid theme dir
|
||||
if ($dir->isFile() || $dir->isDot()) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$theme = $dir->getFilename();
|
||||
$themeDir = $dir->getPath() . '/' . $theme . '/core/img/filetypes/';
|
||||
// Check if this theme has its own filetype icons
|
||||
if (!file_exists($themeDir)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$themes[$theme] = [];
|
||||
// Fetch all the theme icons!
|
||||
$themeIt = new \DirectoryIterator($themeDir);
|
||||
foreach ($themeIt as $fileInfo) {
|
||||
if ($fileInfo->isFile()) {
|
||||
$file = preg_replace('/.[^.]*$/', '', $fileInfo->getFilename());
|
||||
$themes[$theme][] = $file;
|
||||
}
|
||||
}
|
||||
|
||||
//Remove Duplicates
|
||||
$themes[$theme] = array_values(array_unique($themes[$theme]));
|
||||
sort($themes[$theme]);
|
||||
}
|
||||
|
||||
//Generate the JS
|
||||
return '/**
|
||||
* This file is automatically generated
|
||||
* DO NOT EDIT MANUALLY!
|
||||
*
|
||||
* You can update the list of MimeType Aliases in config/mimetypealiases.json
|
||||
* The list of files is fetched from core/img/filetypes
|
||||
* To regenerate this file run ./occ maintenance:mimetype:update-js
|
||||
*/
|
||||
OC.MimeTypeList={
|
||||
aliases: ' . json_encode($aliases, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) . ',
|
||||
files: ' . json_encode($files, JSON_PRETTY_PRINT) . ',
|
||||
themes: ' . json_encode($themes, JSON_PRETTY_PRINT) . '
|
||||
};
|
||||
';
|
||||
}
|
||||
|
||||
}
|
|
@ -53,78 +53,9 @@ class UpdateJS extends Command {
|
|||
// Fetch all the aliases
|
||||
$aliases = $this->mimetypeDetector->getAllAliases();
|
||||
|
||||
// Remove comments
|
||||
$keys = array_filter(array_keys($aliases), function($k) {
|
||||
return $k[0] === '_';
|
||||
});
|
||||
foreach($keys as $key) {
|
||||
unset($aliases[$key]);
|
||||
}
|
||||
|
||||
// Fetch all files
|
||||
$dir = new \DirectoryIterator(\OC::$SERVERROOT.'/core/img/filetypes');
|
||||
|
||||
$files = [];
|
||||
foreach($dir as $fileInfo) {
|
||||
if ($fileInfo->isFile()) {
|
||||
$file = preg_replace('/.[^.]*$/', '', $fileInfo->getFilename());
|
||||
$files[] = $file;
|
||||
}
|
||||
}
|
||||
|
||||
//Remove duplicates
|
||||
$files = array_values(array_unique($files));
|
||||
sort($files);
|
||||
|
||||
// Fetch all themes!
|
||||
$themes = [];
|
||||
$dirs = new \DirectoryIterator(\OC::$SERVERROOT.'/themes/');
|
||||
foreach($dirs as $dir) {
|
||||
//Valid theme dir
|
||||
if ($dir->isFile() || $dir->isDot()) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$theme = $dir->getFilename();
|
||||
$themeDir = $dir->getPath() . '/' . $theme . '/core/img/filetypes/';
|
||||
// Check if this theme has its own filetype icons
|
||||
if (!file_exists($themeDir)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$themes[$theme] = [];
|
||||
// Fetch all the theme icons!
|
||||
$themeIt = new \DirectoryIterator($themeDir);
|
||||
foreach ($themeIt as $fileInfo) {
|
||||
if ($fileInfo->isFile()) {
|
||||
$file = preg_replace('/.[^.]*$/', '', $fileInfo->getFilename());
|
||||
$themes[$theme][] = $file;
|
||||
}
|
||||
}
|
||||
|
||||
//Remove Duplicates
|
||||
$themes[$theme] = array_values(array_unique($themes[$theme]));
|
||||
sort($themes[$theme]);
|
||||
}
|
||||
|
||||
//Generate the JS
|
||||
$js = '/**
|
||||
* This file is automatically generated
|
||||
* DO NOT EDIT MANUALLY!
|
||||
*
|
||||
* You can update the list of MimeType Aliases in config/mimetypealiases.json
|
||||
* The list of files is fetched from core/img/filetypes
|
||||
* To regenerate this file run ./occ maintenance:mimetype:update-js
|
||||
*/
|
||||
OC.MimeTypeList={
|
||||
aliases: ' . json_encode($aliases, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) . ',
|
||||
files: ' . json_encode($files, JSON_PRETTY_PRINT) . ',
|
||||
themes: ' . json_encode($themes, JSON_PRETTY_PRINT) . '
|
||||
};
|
||||
';
|
||||
|
||||
//Output the JS
|
||||
file_put_contents(\OC::$SERVERROOT.'/core/js/mimetypelist.js', $js);
|
||||
// Output the JS
|
||||
$generatedMimetypeFile = new GenerateMimetypeFileBuilder();
|
||||
file_put_contents(\OC::$SERVERROOT.'/core/js/mimetypelist.js', $generatedMimetypeFile->generateFile($aliases));
|
||||
|
||||
$output->writeln('<info>mimetypelist.js is updated');
|
||||
}
|
||||
|
|
|
@ -133,6 +133,12 @@ class Detection implements IMimeTypeDetector {
|
|||
return $this->mimeTypeAlias;
|
||||
}
|
||||
|
||||
public function getOnlyDefaultAliases() {
|
||||
$this->loadMappings();
|
||||
$this->mimeTypeAlias = json_decode(file_get_contents($this->defaultConfigDir . '/mimetypealiases.dist.json'), true);
|
||||
return $this->mimeTypeAlias;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add mimetype mappings if they are not yet present
|
||||
*/
|
||||
|
|
|
@ -27,6 +27,7 @@ declare(strict_types=1);
|
|||
|
||||
namespace OC\IntegrityCheck;
|
||||
|
||||
use OC\Core\Command\Maintenance\Mimetype\GenerateMimetypeFileBuilder;
|
||||
use OC\IntegrityCheck\Exceptions\InvalidSignatureException;
|
||||
use OC\IntegrityCheck\Helpers\AppLocator;
|
||||
use OC\IntegrityCheck\Helpers\EnvironmentHelper;
|
||||
|
@ -34,6 +35,7 @@ use OC\IntegrityCheck\Helpers\FileAccessHelper;
|
|||
use OC\IntegrityCheck\Iterator\ExcludeFileByNameFilterIterator;
|
||||
use OC\IntegrityCheck\Iterator\ExcludeFoldersByPathFilterIterator;
|
||||
use OCP\App\IAppManager;
|
||||
use OCP\Files\IMimeTypeDetector;
|
||||
use OCP\ICache;
|
||||
use OCP\ICacheFactory;
|
||||
use OCP\IConfig;
|
||||
|
@ -67,6 +69,8 @@ class Checker {
|
|||
private $appManager;
|
||||
/** @var ITempManager */
|
||||
private $tempManager;
|
||||
/** @var IMimeTypeDetector */
|
||||
private $mimeTypeDetector;
|
||||
|
||||
/**
|
||||
* @param EnvironmentHelper $environmentHelper
|
||||
|
@ -76,6 +80,7 @@ class Checker {
|
|||
* @param ICacheFactory $cacheFactory
|
||||
* @param IAppManager $appManager
|
||||
* @param ITempManager $tempManager
|
||||
* @param IMimeTypeDetector $mimeTypeDetector
|
||||
*/
|
||||
public function __construct(EnvironmentHelper $environmentHelper,
|
||||
FileAccessHelper $fileAccessHelper,
|
||||
|
@ -83,7 +88,8 @@ class Checker {
|
|||
IConfig $config = null,
|
||||
ICacheFactory $cacheFactory,
|
||||
IAppManager $appManager = null,
|
||||
ITempManager $tempManager) {
|
||||
ITempManager $tempManager,
|
||||
IMimeTypeDetector $mimeTypeDetector) {
|
||||
$this->environmentHelper = $environmentHelper;
|
||||
$this->fileAccessHelper = $fileAccessHelper;
|
||||
$this->appLocator = $appLocator;
|
||||
|
@ -91,6 +97,7 @@ class Checker {
|
|||
$this->cache = $cacheFactory->createDistributed(self::CACHE_KEY);
|
||||
$this->appManager = $appManager;
|
||||
$this->tempManager = $tempManager;
|
||||
$this->mimeTypeDetector = $mimeTypeDetector;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -193,6 +200,14 @@ class Checker {
|
|||
continue;
|
||||
}
|
||||
}
|
||||
if($filename === $this->environmentHelper->getServerRoot().'/core/js/mimetypelist.js') {
|
||||
$oldMimetypeList = new GenerateMimetypeFileBuilder();
|
||||
$newFile = $oldMimetypeList->generateFile($this->mimeTypeDetector->getAllAliases());
|
||||
if($newFile === file_get_contents($filename)) {
|
||||
$hashes[$relativeFileName] = hash('sha512', $oldMimetypeList->generateFile($this->mimeTypeDetector->getOnlyDefaultAliases()));
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
$hashes[$relativeFileName] = hash_file('sha512', $filename);
|
||||
}
|
||||
|
@ -220,10 +235,10 @@ class Checker {
|
|||
$signature = $privateKey->sign(json_encode($hashes));
|
||||
|
||||
return [
|
||||
'hashes' => $hashes,
|
||||
'signature' => base64_encode($signature),
|
||||
'certificate' => $certificate->saveX509($certificate->currentCert),
|
||||
];
|
||||
'hashes' => $hashes,
|
||||
'signature' => base64_encode($signature),
|
||||
'certificate' => $certificate->saveX509($certificate->currentCert),
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -244,8 +259,8 @@ class Checker {
|
|||
$iterator = $this->getFolderIterator($path);
|
||||
$hashes = $this->generateHashes($iterator, $path);
|
||||
$signature = $this->createSignatureData($hashes, $certificate, $privateKey);
|
||||
$this->fileAccessHelper->file_put_contents(
|
||||
$appInfoDir . '/signature.json',
|
||||
$this->fileAccessHelper->file_put_contents(
|
||||
$appInfoDir . '/signature.json',
|
||||
json_encode($signature, JSON_PRETTY_PRINT)
|
||||
);
|
||||
} catch (\Exception $e){
|
||||
|
@ -327,7 +342,7 @@ class Checker {
|
|||
// Verify if certificate has proper CN. "core" CN is always trusted.
|
||||
if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
|
||||
throw new InvalidSignatureException(
|
||||
sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN'])
|
||||
sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN'])
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -484,16 +499,16 @@ class Checker {
|
|||
$path = $this->appLocator->getAppPath($appId);
|
||||
}
|
||||
$result = $this->verify(
|
||||
$path . '/appinfo/signature.json',
|
||||
$path,
|
||||
$appId
|
||||
$path . '/appinfo/signature.json',
|
||||
$path,
|
||||
$appId
|
||||
);
|
||||
} catch (\Exception $e) {
|
||||
$result = [
|
||||
'EXCEPTION' => [
|
||||
'class' => \get_class($e),
|
||||
'message' => $e->getMessage(),
|
||||
],
|
||||
'EXCEPTION' => [
|
||||
'class' => \get_class($e),
|
||||
'message' => $e->getMessage(),
|
||||
],
|
||||
];
|
||||
}
|
||||
$this->storeResults($appId, $result);
|
||||
|
@ -534,16 +549,16 @@ class Checker {
|
|||
public function verifyCoreSignature(): array {
|
||||
try {
|
||||
$result = $this->verify(
|
||||
$this->environmentHelper->getServerRoot() . '/core/signature.json',
|
||||
$this->environmentHelper->getServerRoot(),
|
||||
'core'
|
||||
$this->environmentHelper->getServerRoot() . '/core/signature.json',
|
||||
$this->environmentHelper->getServerRoot(),
|
||||
'core'
|
||||
);
|
||||
} catch (\Exception $e) {
|
||||
$result = [
|
||||
'EXCEPTION' => [
|
||||
'class' => \get_class($e),
|
||||
'message' => $e->getMessage(),
|
||||
],
|
||||
'EXCEPTION' => [
|
||||
'class' => \get_class($e),
|
||||
'message' => $e->getMessage(),
|
||||
],
|
||||
];
|
||||
}
|
||||
$this->storeResults('core', $result);
|
||||
|
|
|
@ -791,7 +791,8 @@ class Server extends ServerContainer implements IServerContainer {
|
|||
$config,
|
||||
$c->getMemCacheFactory(),
|
||||
$appManager,
|
||||
$c->getTempManager()
|
||||
$c->getTempManager(),
|
||||
$c->getMimeTypeDetector()
|
||||
);
|
||||
});
|
||||
$this->registerService(\OCP\IRequest::class, function ($c) {
|
||||
|
|
|
@ -7,7 +7,6 @@
|
|||
"_comment5": "./occ maintenance:mimetype:update-js",
|
||||
"_comment6": "Otherwise your update won't propagate through the system.",
|
||||
|
||||
|
||||
"application/coreldraw": "image",
|
||||
"application/epub+zip": "text",
|
||||
"application/font-sfnt": "image",
|
||||
|
@ -100,6 +99,7 @@
|
|||
"text/x-ldif": "text/code",
|
||||
"text/x-python": "text/code",
|
||||
"text/x-shellscript": "text/code",
|
||||
"web": "text/code"
|
||||
"web": "text/code",
|
||||
"application/internet-shortcut": "link"
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue