mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Do not fail integrity check if mimetype list is changed 

Signed-off-by: Xheni Myrtaj <myrtajxheni@gmail.com>
This commit is contained in:
Xheni Myrtaj 2019-05-27 21:54:58 +02:00
parent 89c701382f
commit d227f4d34c
No known key found for this signature in database
GPG Key ID: 771C6F62523BD536
6 changed files with 155 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
core/Command/Maintenance/Mimetype/GenerateMimetypeFileBuilder.php Normal file
View File

@ -0,0 +1,105 @@
<?php
declare(strict_types=1);
/**
* @copyright Copyright (c) 2019 Xheni Myrtaj <xheni@protonmail.com>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OC\Core\Command\Maintenance\Mimetype;
class GenerateMimetypeFileBuilder
{
/**
* Generate mime type list file
* @param $aliases
* @return string
*/
public function generateFile($aliases): string {
// Remove comments
$keys = array_filter(array_keys($aliases), function($k) {
return $k[0] === '_';
});
foreach($keys as $key) {
unset($aliases[$key]);
}
// Fetch all files
$dir = new \DirectoryIterator(\OC::$SERVERROOT.'/core/img/filetypes');
$files = [];
foreach($dir as $fileInfo) {
if ($fileInfo->isFile()) {
$file = preg_replace('/.[^.]*$/', '', $fileInfo->getFilename());
$files[] = $file;
}
}
//Remove duplicates
$files = array_values(array_unique($files));
sort($files);
// Fetch all themes!
$themes = [];
$dirs = new \DirectoryIterator(\OC::$SERVERROOT.'/themes/');
foreach($dirs as $dir) {
//Valid theme dir
if ($dir->isFile() || $dir->isDot()) {
continue;
}
$theme = $dir->getFilename();
$themeDir = $dir->getPath() . '/' . $theme . '/core/img/filetypes/';
// Check if this theme has its own filetype icons
if (!file_exists($themeDir)) {
continue;
}
$themes[$theme] = [];
// Fetch all the theme icons!
$themeIt = new \DirectoryIterator($themeDir);
foreach ($themeIt as $fileInfo) {
if ($fileInfo->isFile()) {
$file = preg_replace('/.[^.]*$/', '', $fileInfo->getFilename());
$themes[$theme][] = $file;
}
}
//Remove Duplicates
$themes[$theme] = array_values(array_unique($themes[$theme]));
sort($themes[$theme]);
}
//Generate the JS
return '/**
* This file is automatically generated
* DO NOT EDIT MANUALLY!
*
* You can update the list of MimeType Aliases in config/mimetypealiases.json
* The list of files is fetched from core/img/filetypes
* To regenerate this file run ./occ maintenance:mimetype:update-js
*/
OC.MimeTypeList={
aliases: ' . json_encode($aliases, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) . ',
files: ' . json_encode($files, JSON_PRETTY_PRINT) . ',
themes: ' . json_encode($themes, JSON_PRETTY_PRINT) . '
};
';
}
}

75
core/Command/Maintenance/Mimetype/UpdateJS.php
View File

@ -53,78 +53,9 @@ class UpdateJS extends Command {
// Fetch all the aliases // Fetch all the aliases
$aliases = $this->mimetypeDetector->getAllAliases(); $aliases = $this->mimetypeDetector->getAllAliases();
// Remove comments // Output the JS
$keys = array_filter(array_keys($aliases), function($k) { $generatedMimetypeFile = new GenerateMimetypeFileBuilder();
return $k[0] === '_'; file_put_contents(\OC::$SERVERROOT.'/core/js/mimetypelist.js', $generatedMimetypeFile->generateFile($aliases));
});
foreach($keys as $key) {
unset($aliases[$key]);
}
// Fetch all files
$dir = new \DirectoryIterator(\OC::$SERVERROOT.'/core/img/filetypes');
$files = [];
foreach($dir as $fileInfo) {
if ($fileInfo->isFile()) {
$file = preg_replace('/.[^.]*$/', '', $fileInfo->getFilename());
$files[] = $file;
}
}
//Remove duplicates
$files = array_values(array_unique($files));
sort($files);
// Fetch all themes!
$themes = [];
$dirs = new \DirectoryIterator(\OC::$SERVERROOT.'/themes/');
foreach($dirs as $dir) {
//Valid theme dir
if ($dir->isFile() || $dir->isDot()) {
continue;
}
$theme = $dir->getFilename();
$themeDir = $dir->getPath() . '/' . $theme . '/core/img/filetypes/';
// Check if this theme has its own filetype icons
if (!file_exists($themeDir)) {
continue;
}
$themes[$theme] = [];
// Fetch all the theme icons!
$themeIt = new \DirectoryIterator($themeDir);
foreach ($themeIt as $fileInfo) {
if ($fileInfo->isFile()) {
$file = preg_replace('/.[^.]*$/', '', $fileInfo->getFilename());
$themes[$theme][] = $file;
}
}
//Remove Duplicates
$themes[$theme] = array_values(array_unique($themes[$theme]));
sort($themes[$theme]);
}
//Generate the JS
$js = '/**
* This file is automatically generated
* DO NOT EDIT MANUALLY!
*
* You can update the list of MimeType Aliases in config/mimetypealiases.json
* The list of files is fetched from core/img/filetypes
* To regenerate this file run ./occ maintenance:mimetype:update-js
*/
OC.MimeTypeList={
aliases: ' . json_encode($aliases, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) . ',
files: ' . json_encode($files, JSON_PRETTY_PRINT) . ',
themes: ' . json_encode($themes, JSON_PRETTY_PRINT) . '
};
';
//Output the JS
file_put_contents(\OC::$SERVERROOT.'/core/js/mimetypelist.js', $js);
$output->writeln('<info>mimetypelist.js is updated'); $output->writeln('<info>mimetypelist.js is updated');
} }

6
lib/private/Files/Type/Detection.php
View File

@ -133,6 +133,12 @@ class Detection implements IMimeTypeDetector {
return $this->mimeTypeAlias; return $this->mimeTypeAlias;
} }
public function getOnlyDefaultAliases() {
$this->loadMappings();
$this->mimeTypeAlias = json_decode(file_get_contents($this->defaultConfigDir . '/mimetypealiases.dist.json'), true);
return $this->mimeTypeAlias;
}
/** /**
* Add mimetype mappings if they are not yet present * Add mimetype mappings if they are not yet present
*/ */

59
lib/private/IntegrityCheck/Checker.php
View File

@ -27,6 +27,7 @@ declare(strict_types=1);
namespace OC\IntegrityCheck; namespace OC\IntegrityCheck;
use OC\Core\Command\Maintenance\Mimetype\GenerateMimetypeFileBuilder;
use OC\IntegrityCheck\Exceptions\InvalidSignatureException; use OC\IntegrityCheck\Exceptions\InvalidSignatureException;
use OC\IntegrityCheck\Helpers\AppLocator; use OC\IntegrityCheck\Helpers\AppLocator;
use OC\IntegrityCheck\Helpers\EnvironmentHelper; use OC\IntegrityCheck\Helpers\EnvironmentHelper;
@ -34,6 +35,7 @@ use OC\IntegrityCheck\Helpers\FileAccessHelper;
use OC\IntegrityCheck\Iterator\ExcludeFileByNameFilterIterator; use OC\IntegrityCheck\Iterator\ExcludeFileByNameFilterIterator;
use OC\IntegrityCheck\Iterator\ExcludeFoldersByPathFilterIterator; use OC\IntegrityCheck\Iterator\ExcludeFoldersByPathFilterIterator;
use OCP\App\IAppManager; use OCP\App\IAppManager;
use OCP\Files\IMimeTypeDetector;
use OCP\ICache; use OCP\ICache;
use OCP\ICacheFactory; use OCP\ICacheFactory;
use OCP\IConfig; use OCP\IConfig;
@ -67,6 +69,8 @@ class Checker {
private $appManager; private $appManager;
/** @var ITempManager */ /** @var ITempManager */
private $tempManager; private $tempManager;
/** @var IMimeTypeDetector */
private $mimeTypeDetector;
/** /**
* @param EnvironmentHelper $environmentHelper * @param EnvironmentHelper $environmentHelper
@ -76,6 +80,7 @@ class Checker {
* @param ICacheFactory $cacheFactory * @param ICacheFactory $cacheFactory
* @param IAppManager $appManager * @param IAppManager $appManager
* @param ITempManager $tempManager * @param ITempManager $tempManager
* @param IMimeTypeDetector $mimeTypeDetector
*/ */
public function __construct(EnvironmentHelper $environmentHelper, public function __construct(EnvironmentHelper $environmentHelper,
FileAccessHelper $fileAccessHelper, FileAccessHelper $fileAccessHelper,
@ -83,7 +88,8 @@ class Checker {
IConfig $config = null, IConfig $config = null,
ICacheFactory $cacheFactory, ICacheFactory $cacheFactory,
IAppManager $appManager = null, IAppManager $appManager = null,
ITempManager $tempManager) { ITempManager $tempManager,
IMimeTypeDetector $mimeTypeDetector) {
$this->environmentHelper = $environmentHelper; $this->environmentHelper = $environmentHelper;
$this->fileAccessHelper = $fileAccessHelper; $this->fileAccessHelper = $fileAccessHelper;
$this->appLocator = $appLocator; $this->appLocator = $appLocator;
@ -91,6 +97,7 @@ class Checker {
$this->cache = $cacheFactory->createDistributed(self::CACHE_KEY); $this->cache = $cacheFactory->createDistributed(self::CACHE_KEY);
$this->appManager = $appManager; $this->appManager = $appManager;
$this->tempManager = $tempManager; $this->tempManager = $tempManager;
$this->mimeTypeDetector = $mimeTypeDetector;
} }
/** /**
@ -193,6 +200,14 @@ class Checker {
continue; continue;
} }
} }
if($filename === $this->environmentHelper->getServerRoot().'/core/js/mimetypelist.js') {
$oldMimetypeList = new GenerateMimetypeFileBuilder();
$newFile = $oldMimetypeList->generateFile($this->mimeTypeDetector->getAllAliases());
if($newFile === file_get_contents($filename)) {
$hashes[$relativeFileName] = hash('sha512', $oldMimetypeList->generateFile($this->mimeTypeDetector->getOnlyDefaultAliases()));
continue;
}
}
$hashes[$relativeFileName] = hash_file('sha512', $filename); $hashes[$relativeFileName] = hash_file('sha512', $filename);
} }
@ -220,10 +235,10 @@ class Checker {
$signature = $privateKey->sign(json_encode($hashes)); $signature = $privateKey->sign(json_encode($hashes));
return [ return [
'hashes' => $hashes, 'hashes' => $hashes,
'signature' => base64_encode($signature), 'signature' => base64_encode($signature),
'certificate' => $certificate->saveX509($certificate->currentCert), 'certificate' => $certificate->saveX509($certificate->currentCert),
]; ];
} }
/** /**
@ -244,8 +259,8 @@ class Checker {
$iterator = $this->getFolderIterator($path); $iterator = $this->getFolderIterator($path);
$hashes = $this->generateHashes($iterator, $path); $hashes = $this->generateHashes($iterator, $path);
$signature = $this->createSignatureData($hashes, $certificate, $privateKey); $signature = $this->createSignatureData($hashes, $certificate, $privateKey);
$this->fileAccessHelper->file_put_contents( $this->fileAccessHelper->file_put_contents(
$appInfoDir . '/signature.json', $appInfoDir . '/signature.json',
json_encode($signature, JSON_PRETTY_PRINT) json_encode($signature, JSON_PRETTY_PRINT)
); );
} catch (\Exception $e){ } catch (\Exception $e){
@ -327,7 +342,7 @@ class Checker {
// Verify if certificate has proper CN. "core" CN is always trusted. // Verify if certificate has proper CN. "core" CN is always trusted.
if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') { if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
throw new InvalidSignatureException( throw new InvalidSignatureException(
sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN']) sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN'])
); );
} }
@ -484,16 +499,16 @@ class Checker {
$path = $this->appLocator->getAppPath($appId); $path = $this->appLocator->getAppPath($appId);
} }
$result = $this->verify( $result = $this->verify(
$path . '/appinfo/signature.json', $path . '/appinfo/signature.json',
$path, $path,
$appId $appId
); );
} catch (\Exception $e) { } catch (\Exception $e) {
$result = [ $result = [
'EXCEPTION' => [ 'EXCEPTION' => [
'class' => \get_class($e), 'class' => \get_class($e),
'message' => $e->getMessage(), 'message' => $e->getMessage(),
], ],
]; ];
} }
$this->storeResults($appId, $result); $this->storeResults($appId, $result);
@ -534,16 +549,16 @@ class Checker {
public function verifyCoreSignature(): array { public function verifyCoreSignature(): array {
try { try {
$result = $this->verify( $result = $this->verify(
$this->environmentHelper->getServerRoot() . '/core/signature.json', $this->environmentHelper->getServerRoot() . '/core/signature.json',
$this->environmentHelper->getServerRoot(), $this->environmentHelper->getServerRoot(),
'core' 'core'
); );
} catch (\Exception $e) { } catch (\Exception $e) {
$result = [ $result = [
'EXCEPTION' => [ 'EXCEPTION' => [
'class' => \get_class($e), 'class' => \get_class($e),
'message' => $e->getMessage(), 'message' => $e->getMessage(),
], ],
]; ];
} }
$this->storeResults('core', $result); $this->storeResults('core', $result);

3
lib/private/Server.php
View File

@ -791,7 +791,8 @@ class Server extends ServerContainer implements IServerContainer {
$config, $config,
$c->getMemCacheFactory(), $c->getMemCacheFactory(),
$appManager, $appManager,
$c->getTempManager() $c->getTempManager(),
$c->getMimeTypeDetector()
); );
}); });
$this->registerService(\OCP\IRequest::class, function ($c) { $this->registerService(\OCP\IRequest::class, function ($c) {

4
resources/config/mimetypealiases.dist.json
View File

@ -7,7 +7,6 @@
"_comment5": "./occ maintenance:mimetype:update-js", "_comment5": "./occ maintenance:mimetype:update-js",
"_comment6": "Otherwise your update won't propagate through the system.", "_comment6": "Otherwise your update won't propagate through the system.",
"application/coreldraw": "image", "application/coreldraw": "image",
"application/epub+zip": "text", "application/epub+zip": "text",
"application/font-sfnt": "image", "application/font-sfnt": "image",
@ -100,6 +99,7 @@
"text/x-ldif": "text/code", "text/x-ldif": "text/code",
"text/x-python": "text/code", "text/x-python": "text/code",
"text/x-shellscript": "text/code", "text/x-shellscript": "text/code",
"web": "text/code" "web": "text/code",
"application/internet-shortcut": "link"
} }