From f76534064ec549fcb3501e432ee1f779501a7982 Mon Sep 17 00:00:00 2001 From: Franciska Perisa Date: Sun, 20 Mar 2022 14:25:05 +0100 Subject: [PATCH 01/56] Set up tuf_updates mysql queries --- .../sql/updates/mysql/4.2.0-2022-03-20.sql | 19 ++++++++++++++++ installation/sql/mysql/base.sql | 22 ++++++++++++++++++- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql diff --git a/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql b/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql new file mode 100644 index 00000000000..c84ad612f21 --- /dev/null +++ b/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql @@ -0,0 +1,19 @@ +-- +-- Table structure for table `#__tuf_updates` +-- + +CREATE TABLE IF NOT EXISTS `#__tuf_updates` ( + `id` int NOT NULL AUTO_INCREMENT, + `extension_id` int DEFAULT 0, + `version` varchar(32) DEFAULT '', + `timestamp_json` text NOT NULL, + `root_json` text NOT NULL, + `target_json` text NOT NULL, + `snapshot_json` text NOT NULL, + `mirrors_json` text NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci COMMENT='Secure TUF Updates'; + +-- -------------------------------------------------------- +INSERT INTO `tupsb_tuf_updates` (`extension_id`, `root_json`) +SELECT `extension_id`, '{"keytype": "ed25519", "scheme": "ed25519", "keyid": "02c3130c26fb3fe13fda279d578f3bc251f2ca3a42e5878de063e0ee345533c9", "keyid_hash_algorithms": ["sha256", "sha512"], "keyval": {"public": "f813a2882b305389cac36a9b8ebee7576ba7a7de671d2617074b03c12fb003aa", "private": "b7cb4fab28bae035a6fc5d46736e6f2d10ea4ef943e6aace8c637c1fd141ac72"}}' FROM `tupsb_extensions` WHERE `type`='file' AND `element`='joomla'; diff --git a/installation/sql/mysql/base.sql b/installation/sql/mysql/base.sql index dd7ab9e5a77..59dccdefd4e 100644 --- a/installation/sql/mysql/base.sql +++ b/installation/sql/mysql/base.sql @@ -836,7 +836,27 @@ CREATE TABLE IF NOT EXISTS `#__updates` ( `changelogurl` text, `extra_query` varchar(1000) DEFAULT '', PRIMARY KEY (`update_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci COMMENT='Available Updates'; +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci COMMENT='Available Updates';-- -------------------------------------------------------- + +-- +-- Table structure for table `#__tuf_updates` +-- + +CREATE TABLE IF NOT EXISTS `#__tuf_updates` ( + `id` int NOT NULL AUTO_INCREMENT, + `extension_id` int DEFAULT 0, + `timestamp_json` text DEFAULT '', + `root_json` text NOT NULL, + `target_json` text DEFAULT '', + `snapshot_json` text DEFAULT '', + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci COMMENT='Secure TUF Updates'; + +-- +-- Dumping data for table `#__tuf_updates` +-- +INSERT INTO `#__tuf_updates` (`extension_id`, `root_json`) +SELECT `extension_id`, '{"keytype": "ed25519", "scheme": "ed25519", "keyid": "02c3130c26fb3fe13fda279d578f3bc251f2ca3a42e5878de063e0ee345533c9", "keyid_hash_algorithms": ["sha256", "sha512"], "keyval": {"public": "f813a2882b305389cac36a9b8ebee7576ba7a7de671d2617074b03c12fb003aa", "private": "b7cb4fab28bae035a6fc5d46736e6f2d10ea4ef943e6aace8c637c1fd141ac72"}}' FROM `#__extensions` WHERE `type`='file' AND `element`='joomla'; -- -------------------------------------------------------- From fd82ae8d8ccf093ac3e098fd6f78b9b8aec92dc3 Mon Sep 17 00:00:00 2001 From: Benjamin Trenkle Date: Sun, 20 Mar 2022 14:48:29 +0100 Subject: [PATCH 02/56] Fix table structure for TUF metadatas --- .../sql/updates/mysql/4.2.0-2022-03-20.sql | 7 +++---- installation/sql/mysql/base.sql | 17 ++++++++++------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql b/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql index c84ad612f21..842a756818c 100644 --- a/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql +++ b/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql @@ -1,11 +1,10 @@ -- --- Table structure for table `#__tuf_updates` +-- Table structure for table `#__tuf_metadata` -- -CREATE TABLE IF NOT EXISTS `#__tuf_updates` ( +CREATE TABLE IF NOT EXISTS `#__tuf_metadata` ( `id` int NOT NULL AUTO_INCREMENT, `extension_id` int DEFAULT 0, - `version` varchar(32) DEFAULT '', `timestamp_json` text NOT NULL, `root_json` text NOT NULL, `target_json` text NOT NULL, @@ -15,5 +14,5 @@ CREATE TABLE IF NOT EXISTS `#__tuf_updates` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci COMMENT='Secure TUF Updates'; -- -------------------------------------------------------- -INSERT INTO `tupsb_tuf_updates` (`extension_id`, `root_json`) +INSERT INTO `#__tuf_metadata` (`extension_id`, `root_json`) SELECT `extension_id`, '{"keytype": "ed25519", "scheme": "ed25519", "keyid": "02c3130c26fb3fe13fda279d578f3bc251f2ca3a42e5878de063e0ee345533c9", "keyid_hash_algorithms": ["sha256", "sha512"], "keyval": {"public": "f813a2882b305389cac36a9b8ebee7576ba7a7de671d2617074b03c12fb003aa", "private": "b7cb4fab28bae035a6fc5d46736e6f2d10ea4ef943e6aace8c637c1fd141ac72"}}' FROM `tupsb_extensions` WHERE `type`='file' AND `element`='joomla'; diff --git a/installation/sql/mysql/base.sql b/installation/sql/mysql/base.sql index 59dccdefd4e..8cedde33cb6 100644 --- a/installation/sql/mysql/base.sql +++ b/installation/sql/mysql/base.sql @@ -836,26 +836,29 @@ CREATE TABLE IF NOT EXISTS `#__updates` ( `changelogurl` text, `extra_query` varchar(1000) DEFAULT '', PRIMARY KEY (`update_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci COMMENT='Available Updates';-- -------------------------------------------------------- +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci COMMENT='Available Updates'; + +-- -------------------------------------------------------- -- -- Table structure for table `#__tuf_updates` -- -CREATE TABLE IF NOT EXISTS `#__tuf_updates` ( +CREATE TABLE IF NOT EXISTS `#__tuf_metadata` ( `id` int NOT NULL AUTO_INCREMENT, `extension_id` int DEFAULT 0, - `timestamp_json` text DEFAULT '', + `timestamp_json` text NOT NULL, `root_json` text NOT NULL, - `target_json` text DEFAULT '', - `snapshot_json` text DEFAULT '', + `target_json` text NOT NULL, + `snapshot_json` text NOT NULL, + `mirrors_json` text NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci COMMENT='Secure TUF Updates'; -- --- Dumping data for table `#__tuf_updates` +-- Dumping data for table `#__tuf_metadata` -- -INSERT INTO `#__tuf_updates` (`extension_id`, `root_json`) +INSERT INTO `#__tuf_metadata` (`extension_id`, `root_json`) SELECT `extension_id`, '{"keytype": "ed25519", "scheme": "ed25519", "keyid": "02c3130c26fb3fe13fda279d578f3bc251f2ca3a42e5878de063e0ee345533c9", "keyid_hash_algorithms": ["sha256", "sha512"], "keyval": {"public": "f813a2882b305389cac36a9b8ebee7576ba7a7de671d2617074b03c12fb003aa", "private": "b7cb4fab28bae035a6fc5d46736e6f2d10ea4ef943e6aace8c637c1fd141ac72"}}' FROM `#__extensions` WHERE `type`='file' AND `element`='joomla'; -- -------------------------------------------------------- From f43a95ed11805c081b2e77cd438ba4b29a43073a Mon Sep 17 00:00:00 2001 From: Benjamin Trenkle Date: Sun, 20 Mar 2022 14:53:00 +0100 Subject: [PATCH 03/56] Change ordering of timestamp --- .../components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql | 2 +- installation/sql/mysql/base.sql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql b/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql index 842a756818c..ffee0bd2029 100644 --- a/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql +++ b/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql @@ -5,10 +5,10 @@ CREATE TABLE IF NOT EXISTS `#__tuf_metadata` ( `id` int NOT NULL AUTO_INCREMENT, `extension_id` int DEFAULT 0, - `timestamp_json` text NOT NULL, `root_json` text NOT NULL, `target_json` text NOT NULL, `snapshot_json` text NOT NULL, + `timestamp_json` text NOT NULL, `mirrors_json` text NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci COMMENT='Secure TUF Updates'; diff --git a/installation/sql/mysql/base.sql b/installation/sql/mysql/base.sql index 8cedde33cb6..d8e93662916 100644 --- a/installation/sql/mysql/base.sql +++ b/installation/sql/mysql/base.sql @@ -847,10 +847,10 @@ CREATE TABLE IF NOT EXISTS `#__updates` ( CREATE TABLE IF NOT EXISTS `#__tuf_metadata` ( `id` int NOT NULL AUTO_INCREMENT, `extension_id` int DEFAULT 0, - `timestamp_json` text NOT NULL, `root_json` text NOT NULL, `target_json` text NOT NULL, `snapshot_json` text NOT NULL, + `timestamp_json` text NOT NULL, `mirrors_json` text NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci COMMENT='Secure TUF Updates'; From 68ec0b1b8deb9670338fd5cea714324147628a88 Mon Sep 17 00:00:00 2001 From: Benjamin Trenkle Date: Sun, 20 Mar 2022 14:59:04 +0100 Subject: [PATCH 04/56] Add allow null --- .../com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql | 10 +++++----- installation/sql/mysql/base.sql | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql b/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql index ffee0bd2029..735f26797b3 100644 --- a/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql +++ b/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql @@ -5,11 +5,11 @@ CREATE TABLE IF NOT EXISTS `#__tuf_metadata` ( `id` int NOT NULL AUTO_INCREMENT, `extension_id` int DEFAULT 0, - `root_json` text NOT NULL, - `target_json` text NOT NULL, - `snapshot_json` text NOT NULL, - `timestamp_json` text NOT NULL, - `mirrors_json` text NOT NULL, + `root_json` text NULL, + `target_json` text NULL, + `snapshot_json` text NULL, + `timestamp_json` text NULL, + `mirrors_json` text NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci COMMENT='Secure TUF Updates'; diff --git a/installation/sql/mysql/base.sql b/installation/sql/mysql/base.sql index d8e93662916..408089985f1 100644 --- a/installation/sql/mysql/base.sql +++ b/installation/sql/mysql/base.sql @@ -847,11 +847,11 @@ CREATE TABLE IF NOT EXISTS `#__updates` ( CREATE TABLE IF NOT EXISTS `#__tuf_metadata` ( `id` int NOT NULL AUTO_INCREMENT, `extension_id` int DEFAULT 0, - `root_json` text NOT NULL, - `target_json` text NOT NULL, - `snapshot_json` text NOT NULL, - `timestamp_json` text NOT NULL, - `mirrors_json` text NOT NULL, + `root_json` text NULL, + `target_json` text NULL, + `snapshot_json` text NULL, + `timestamp_json` text NULL, + `mirrors_json` text NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci COMMENT='Secure TUF Updates'; From 37d23412b77b0d77e0eaab773fcd907529788db2 Mon Sep 17 00:00:00 2001 From: Benjamin Trenkle Date: Sun, 20 Mar 2022 15:00:55 +0100 Subject: [PATCH 05/56] Fix null values --- .../com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql | 10 +++++----- installation/sql/mysql/base.sql | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql b/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql index 735f26797b3..007d7a69130 100644 --- a/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql +++ b/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql @@ -5,11 +5,11 @@ CREATE TABLE IF NOT EXISTS `#__tuf_metadata` ( `id` int NOT NULL AUTO_INCREMENT, `extension_id` int DEFAULT 0, - `root_json` text NULL, - `target_json` text NULL, - `snapshot_json` text NULL, - `timestamp_json` text NULL, - `mirrors_json` text NULL, + `root_json` text DEFAULT NULL, + `target_json` text DEFAULT NULL, + `snapshot_json` text DEFAULT NULL, + `timestamp_json` text DEFAULT NULL, + `mirrors_json` text DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci COMMENT='Secure TUF Updates'; diff --git a/installation/sql/mysql/base.sql b/installation/sql/mysql/base.sql index 408089985f1..af4a39a2fa5 100644 --- a/installation/sql/mysql/base.sql +++ b/installation/sql/mysql/base.sql @@ -847,11 +847,11 @@ CREATE TABLE IF NOT EXISTS `#__updates` ( CREATE TABLE IF NOT EXISTS `#__tuf_metadata` ( `id` int NOT NULL AUTO_INCREMENT, `extension_id` int DEFAULT 0, - `root_json` text NULL, - `target_json` text NULL, - `snapshot_json` text NULL, - `timestamp_json` text NULL, - `mirrors_json` text NULL, + `root_json` text DEFAULT NULL, + `target_json` text DEFAULT NULL, + `snapshot_json` text DEFAULT NULL, + `timestamp_json` text DEFAULT NULL, + `mirrors_json` text DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci COMMENT='Secure TUF Updates'; From 351bb65e4c2d782ff1880d96d5470942dd1f4c70 Mon Sep 17 00:00:00 2001 From: Franciska Perisa Date: Sun, 20 Mar 2022 16:05:40 +0100 Subject: [PATCH 06/56] Add TUF databaseStorage --- libraries/src/TUF/DatabaseStorage.php | 57 +++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 libraries/src/TUF/DatabaseStorage.php diff --git a/libraries/src/TUF/DatabaseStorage.php b/libraries/src/TUF/DatabaseStorage.php new file mode 100644 index 00000000000..e34be138c21 --- /dev/null +++ b/libraries/src/TUF/DatabaseStorage.php @@ -0,0 +1,57 @@ + + * @license GNU General Public License version 2 or later; see LICENSE.txt + */ + +namespace Joomla\CMS\TUF; + +use Joomla\CMS\Table\Table; + +\defined('JPATH_PLATFORM') or die; + +/** + * @since VERSION + */ +class DatabaseStorage implements \ArrayAccess +{ + public function __construct(Table $table) + { + // $this->table = new \Joomla\CMS\Table\Extension($this->getDbo()); + // $installer->extension->load(ExtensionHelper::getExtensionRecord('joomla', 'file')->extension_id); + } + + /** + * {@inheritdoc} + */ + public function offsetExists($offset) + { + return file_exists($this->pathWithBasePath($offset)); + } + + /** + * {@inheritdoc} + */ + public function offsetGet($offset) + { + return file_get_contents($this->pathWithBasePath($offset)); + } + + /** + * {@inheritdoc} + */ + public function offsetSet($offset, $value) + { + file_put_contents($this->pathWithBasePath($offset), $value); + } + + /** + * {@inheritdoc} + */ + public function offsetUnset($offset) + { + @unlink($this->pathWithBasePath($offset)); + } +} From e69ec811e2b094e93f748cd95b2a51139910e3a7 Mon Sep 17 00:00:00 2001 From: Franciska Perisa Date: Sun, 20 Mar 2022 16:18:27 +0100 Subject: [PATCH 07/56] Create tuf table --- libraries/src/TUF/DatabaseStorage.php | 10 ++++++--- libraries/src/Table/Tuf.php | 31 +++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 3 deletions(-) create mode 100644 libraries/src/Table/Tuf.php diff --git a/libraries/src/TUF/DatabaseStorage.php b/libraries/src/TUF/DatabaseStorage.php index e34be138c21..400523a5888 100644 --- a/libraries/src/TUF/DatabaseStorage.php +++ b/libraries/src/TUF/DatabaseStorage.php @@ -17,10 +17,11 @@ */ class DatabaseStorage implements \ArrayAccess { - public function __construct(Table $table) + private Table $table; + + public function __construct() { - // $this->table = new \Joomla\CMS\Table\Extension($this->getDbo()); - // $installer->extension->load(ExtensionHelper::getExtensionRecord('joomla', 'file')->extension_id); + $this->table = new \Joomla\CMS\Table\Tuf(); } /** @@ -36,6 +37,7 @@ public function offsetExists($offset) */ public function offsetGet($offset) { + // return $this->table->load(''); return file_get_contents($this->pathWithBasePath($offset)); } @@ -44,6 +46,7 @@ public function offsetGet($offset) */ public function offsetSet($offset, $value) { + // return $this->table->store(''); file_put_contents($this->pathWithBasePath($offset), $value); } @@ -52,6 +55,7 @@ public function offsetSet($offset, $value) */ public function offsetUnset($offset) { + // return $this->table->delete(''); @unlink($this->pathWithBasePath($offset)); } } diff --git a/libraries/src/Table/Tuf.php b/libraries/src/Table/Tuf.php new file mode 100644 index 00000000000..0d4b7f9d178 --- /dev/null +++ b/libraries/src/Table/Tuf.php @@ -0,0 +1,31 @@ + + * @license GNU General Public License version 2 or later; see LICENSE.txt + */ + +namespace Joomla\CMS\Table; + +\defined('JPATH_PLATFORM') or die; + +/** + * TUF map table + * + * @since __DEPLOY_VERSION__ + */ +class Tuf extends Table +{ + /** + * Constructor + * + * @param \Joomla\Database\DatabaseDriver $db A database connector object + * + * @since __DEPLOY_VERSION__ + */ + public function __construct($db) + { + parent::__construct('#__tuf_metadata', 'id', $db); + } +} From 7571eada96e2e6e263aabe2a52e1e1c65bac8144 Mon Sep 17 00:00:00 2001 From: Franciska Perisa Date: Sun, 20 Mar 2022 16:49:57 +0100 Subject: [PATCH 08/56] Add TUF exceptions --- .../TUF/Exception/InvalidRoleException.php | 20 +++++++++++++++++++ .../TUF/Exception/RoleNotFoundException.php | 20 +++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 libraries/src/TUF/Exception/InvalidRoleException.php create mode 100644 libraries/src/TUF/Exception/RoleNotFoundException.php diff --git a/libraries/src/TUF/Exception/InvalidRoleException.php b/libraries/src/TUF/Exception/InvalidRoleException.php new file mode 100644 index 00000000000..b892f37992c --- /dev/null +++ b/libraries/src/TUF/Exception/InvalidRoleException.php @@ -0,0 +1,20 @@ + + * @license GNU General Public License version 2 or later; see LICENSE.txt + */ + +namespace Joomla\CMS\TUF\Exception; + +\defined('JPATH_PLATFORM') or die; + +/** + * Exception class defining an Invalid Role error + * + * @since __DEPLOY_VERSION__ + */ +class InvalidRoleException extends \RuntimeException +{ +} diff --git a/libraries/src/TUF/Exception/RoleNotFoundException.php b/libraries/src/TUF/Exception/RoleNotFoundException.php new file mode 100644 index 00000000000..2960147defa --- /dev/null +++ b/libraries/src/TUF/Exception/RoleNotFoundException.php @@ -0,0 +1,20 @@ + + * @license GNU General Public License version 2 or later; see LICENSE.txt + */ + +namespace Joomla\CMS\TUF\Exception; + +\defined('JPATH_PLATFORM') or die; + +/** + * Exception class defining that the Role could not be found + * + * @since __DEPLOY_VERSION__ + */ +class RoleNotFoundException extends \RuntimeException +{ +} From 702d21201ae70c5e7f17754e123f4ffa98d7a345 Mon Sep 17 00:00:00 2001 From: Benjamin Trenkle Date: Sun, 20 Mar 2022 16:50:30 +0100 Subject: [PATCH 09/56] Implement all ArrayAccess methods --- libraries/src/TUF/DatabaseStorage.php | 111 ++++++++++++++++++-------- 1 file changed, 79 insertions(+), 32 deletions(-) diff --git a/libraries/src/TUF/DatabaseStorage.php b/libraries/src/TUF/DatabaseStorage.php index 400523a5888..6a6fa028997 100644 --- a/libraries/src/TUF/DatabaseStorage.php +++ b/libraries/src/TUF/DatabaseStorage.php @@ -2,60 +2,107 @@ /** * Joomla! Content Management System * - * @copyright (C) 2019 Open Source Matters, Inc. + * @copyright (C) 2022 Open Source Matters, Inc. * @license GNU General Public License version 2 or later; see LICENSE.txt */ namespace Joomla\CMS\TUF; use Joomla\CMS\Table\Table; +use Joomla\CMS\Table\Tuf; +use Joomla\Database\DatabaseDriver; \defined('JPATH_PLATFORM') or die; /** - * @since VERSION + * @since __DEPLOY_VERSION__ */ class DatabaseStorage implements \ArrayAccess { - private Table $table; + /** + * The Tuf table object + * + * @var Table + */ + protected Table $table; - public function __construct() + /** + * Initialize the DatabaseStorage class + * + * @param DatabaseDriver $db + * @param integer $extensionId + */ + public function __construct(DatabaseDriver $db, int $extensionId) { - $this->table = new \Joomla\CMS\Table\Tuf(); + $this->table = new Tuf($db); + + $this->table->load($extensionId); } - /** - * {@inheritdoc} - */ - public function offsetExists($offset) - { - return file_exists($this->pathWithBasePath($offset)); - } + /** + * {@inheritdoc} + */ + public function offsetExists(mixed $offset): bool + { + $column = $this->getCleanColumn($offset); - /** - * {@inheritdoc} - */ - public function offsetGet($offset) - { - // return $this->table->load(''); - return file_get_contents($this->pathWithBasePath($offset)); - } + return substr($offset, -5) === '.json' && $this->table->hasField($column) && strlen($this->table->$column); + } - /** - * {@inheritdoc} - */ - public function offsetSet($offset, $value) - { - // return $this->table->store(''); - file_put_contents($this->pathWithBasePath($offset), $value); - } + /** + * {@inheritdoc} + */ + public function offsetGet($offset): mixed + { + if (!$this->offsetExists($offset)) + { + throw new \Exception('Table column does not exists'); + } + + $column = $this->getCleanColumn($offset); + + return $this->table->$column; + } + + /** + * {@inheritdoc} + */ + public function offsetSet($offset, $value): void + { + if (!$this->offsetExists($offset)) + { + throw new \Exception('Table column does not exists'); + } + + $this->table->$offset = $value; + + $this->table->store(); + } + + /** + * {@inheritdoc} + */ + public function offsetUnset($offset): void + { + if (!$this->offsetExists($offset)) + { + throw new \Exception('Table column does not exists'); + } + + $this->table->$offset = ''; + + $this->table->store(); + } /** - * {@inheritdoc} + * Convert file names to table columns + * + * @param string $name + * + * @return string */ - public function offsetUnset($offset) + protected function getCleanColumn($name): string { - // return $this->table->delete(''); - @unlink($this->pathWithBasePath($offset)); + return str_replace('.', '_', $name); } } From e83a573a46870e19ea19f3369cf9c7120dd1e844 Mon Sep 17 00:00:00 2001 From: Franciska Perisa Date: Sun, 20 Mar 2022 17:28:33 +0100 Subject: [PATCH 10/56] Set TUF exception --- libraries/src/TUF/DatabaseStorage.php | 7 ++++--- .../TUF/Exception/InvalidRoleException.php | 20 ------------------- .../TUF/Exception/RoleNotFoundException.php | 2 +- 3 files changed, 5 insertions(+), 24 deletions(-) delete mode 100644 libraries/src/TUF/Exception/InvalidRoleException.php diff --git a/libraries/src/TUF/DatabaseStorage.php b/libraries/src/TUF/DatabaseStorage.php index 6a6fa028997..98119e5dd14 100644 --- a/libraries/src/TUF/DatabaseStorage.php +++ b/libraries/src/TUF/DatabaseStorage.php @@ -10,6 +10,7 @@ use Joomla\CMS\Table\Table; use Joomla\CMS\Table\Tuf; +use Joomla\CMS\TUF\Exception\RoleNotFoundException; use Joomla\Database\DatabaseDriver; \defined('JPATH_PLATFORM') or die; @@ -56,7 +57,7 @@ public function offsetGet($offset): mixed { if (!$this->offsetExists($offset)) { - throw new \Exception('Table column does not exists'); + throw new RoleNotFoundException; } $column = $this->getCleanColumn($offset); @@ -71,7 +72,7 @@ public function offsetSet($offset, $value): void { if (!$this->offsetExists($offset)) { - throw new \Exception('Table column does not exists'); + throw new RoleNotFoundException; } $this->table->$offset = $value; @@ -86,7 +87,7 @@ public function offsetUnset($offset): void { if (!$this->offsetExists($offset)) { - throw new \Exception('Table column does not exists'); + throw new RoleNotFoundException; } $this->table->$offset = ''; diff --git a/libraries/src/TUF/Exception/InvalidRoleException.php b/libraries/src/TUF/Exception/InvalidRoleException.php deleted file mode 100644 index b892f37992c..00000000000 --- a/libraries/src/TUF/Exception/InvalidRoleException.php +++ /dev/null @@ -1,20 +0,0 @@ - - * @license GNU General Public License version 2 or later; see LICENSE.txt - */ - -namespace Joomla\CMS\TUF\Exception; - -\defined('JPATH_PLATFORM') or die; - -/** - * Exception class defining an Invalid Role error - * - * @since __DEPLOY_VERSION__ - */ -class InvalidRoleException extends \RuntimeException -{ -} diff --git a/libraries/src/TUF/Exception/RoleNotFoundException.php b/libraries/src/TUF/Exception/RoleNotFoundException.php index 2960147defa..fa90a250158 100644 --- a/libraries/src/TUF/Exception/RoleNotFoundException.php +++ b/libraries/src/TUF/Exception/RoleNotFoundException.php @@ -15,6 +15,6 @@ * * @since __DEPLOY_VERSION__ */ -class RoleNotFoundException extends \RuntimeException +class RoleNotFoundException extends \Exception { } From 798bc72fc27af5982de12ba1668b6c343b4c9f60 Mon Sep 17 00:00:00 2001 From: Magnus Singer Date: Wed, 23 Mar 2022 19:30:09 +0100 Subject: [PATCH 11/56] implement basic version of the tuf validator --- composer.json | 3 +- installation/sql/mysql/base.sql | 23 + libraries/src/TUF/DatabaseStorage.php | 109 ++++ .../TUF/Exception/RoleNotFoundException.php | 20 + libraries/src/TUF/TufValidation.php | 154 +++++ .../DurableStorageAccessValidator.php | 97 +++ .../src/Client/DurableStorage/FileStorage.php | 82 +++ .../src/TUF/src/Client/GuzzleFileFetcher.php | 172 +++++ .../src/Client/RepoFileFetcherInterface.php | 56 ++ .../src/TUF/src/Client/ResponseStream.php | 166 +++++ .../src/TUF/src/Client/SignatureVerifier.php | 153 +++++ libraries/src/TUF/src/Client/Updater.php | 600 ++++++++++++++++++ .../src/TUF/src/Constraints/Collection.php | 17 + .../src/Constraints/CollectionValidator.php | 30 + libraries/src/TUF/src/DelegatedRole.php | 96 +++ .../src/Exception/Attack/AttackException.php | 15 + .../Attack/DenialOfServiceAttackException.php | 10 + .../Attack/FreezeAttackException.php | 10 + .../Exception/Attack/InvalidHashException.php | 63 ++ .../Attack/RollbackAttackException.php | 10 + .../Attack/SignatureThresholdException.php | 10 + .../src/Exception/DownloadSizeException.php | 11 + .../src/TUF/src/Exception/FormatException.php | 30 + .../TUF/src/Exception/InvalidKeyException.php | 10 + .../TUF/src/Exception/MetadataException.php | 12 + .../TUF/src/Exception/NotFoundException.php | 32 + .../TUF/src/Exception/RepoFileNotFound.php | 11 + .../TUF/src/Exception/RoleExistsException.php | 10 + .../src/TUF/src/Exception/TufException.php | 10 + libraries/src/TUF/src/Helper/Clock.php | 22 + libraries/src/TUF/src/JsonNormalizer.php | 118 ++++ libraries/src/TUF/src/Key.php | 131 ++++ libraries/src/TUF/src/KeyDB.php | 125 ++++ .../src/TUF/src/Metadata/ConstraintsTrait.php | 173 +++++ libraries/src/TUF/src/Metadata/Factory.php | 71 +++ .../TUF/src/Metadata/FileInfoMetadataBase.php | 27 + .../src/TUF/src/Metadata/MetadataBase.php | 255 ++++++++ .../src/TUF/src/Metadata/RootMetadata.php | 100 +++ .../src/TUF/src/Metadata/SnapshotMetadata.php | 72 +++ .../src/TUF/src/Metadata/TargetsMetadata.php | 209 ++++++ .../TUF/src/Metadata/TimestampMetadata.php | 39 ++ .../Metadata/Verifier/FileInfoVerifier.php | 48 ++ .../src/Metadata/Verifier/RootVerifier.php | 63 ++ .../Metadata/Verifier/SnapshotVerifier.php | 79 +++ .../src/Metadata/Verifier/TargetsVerifier.php | 51 ++ .../Metadata/Verifier/TimestampVerifier.php | 40 ++ .../Verifier/TrustedAuthorityTrait.php | 78 +++ .../Metadata/Verifier/UniversalVerifier.php | 92 +++ .../src/Metadata/Verifier/VerifierBase.php | 140 ++++ libraries/src/TUF/src/Role.php | 122 ++++ libraries/src/TUF/src/RoleDB.php | 116 ++++ libraries/src/Table/Tuf.php | 31 + 52 files changed, 4223 insertions(+), 1 deletion(-) create mode 100644 libraries/src/TUF/DatabaseStorage.php create mode 100644 libraries/src/TUF/Exception/RoleNotFoundException.php create mode 100644 libraries/src/TUF/TufValidation.php create mode 100644 libraries/src/TUF/src/Client/DurableStorage/DurableStorageAccessValidator.php create mode 100644 libraries/src/TUF/src/Client/DurableStorage/FileStorage.php create mode 100644 libraries/src/TUF/src/Client/GuzzleFileFetcher.php create mode 100644 libraries/src/TUF/src/Client/RepoFileFetcherInterface.php create mode 100644 libraries/src/TUF/src/Client/ResponseStream.php create mode 100644 libraries/src/TUF/src/Client/SignatureVerifier.php create mode 100644 libraries/src/TUF/src/Client/Updater.php create mode 100644 libraries/src/TUF/src/Constraints/Collection.php create mode 100644 libraries/src/TUF/src/Constraints/CollectionValidator.php create mode 100644 libraries/src/TUF/src/DelegatedRole.php create mode 100644 libraries/src/TUF/src/Exception/Attack/AttackException.php create mode 100644 libraries/src/TUF/src/Exception/Attack/DenialOfServiceAttackException.php create mode 100644 libraries/src/TUF/src/Exception/Attack/FreezeAttackException.php create mode 100644 libraries/src/TUF/src/Exception/Attack/InvalidHashException.php create mode 100644 libraries/src/TUF/src/Exception/Attack/RollbackAttackException.php create mode 100644 libraries/src/TUF/src/Exception/Attack/SignatureThresholdException.php create mode 100644 libraries/src/TUF/src/Exception/DownloadSizeException.php create mode 100644 libraries/src/TUF/src/Exception/FormatException.php create mode 100644 libraries/src/TUF/src/Exception/InvalidKeyException.php create mode 100644 libraries/src/TUF/src/Exception/MetadataException.php create mode 100644 libraries/src/TUF/src/Exception/NotFoundException.php create mode 100644 libraries/src/TUF/src/Exception/RepoFileNotFound.php create mode 100644 libraries/src/TUF/src/Exception/RoleExistsException.php create mode 100644 libraries/src/TUF/src/Exception/TufException.php create mode 100644 libraries/src/TUF/src/Helper/Clock.php create mode 100644 libraries/src/TUF/src/JsonNormalizer.php create mode 100644 libraries/src/TUF/src/Key.php create mode 100644 libraries/src/TUF/src/KeyDB.php create mode 100644 libraries/src/TUF/src/Metadata/ConstraintsTrait.php create mode 100644 libraries/src/TUF/src/Metadata/Factory.php create mode 100644 libraries/src/TUF/src/Metadata/FileInfoMetadataBase.php create mode 100644 libraries/src/TUF/src/Metadata/MetadataBase.php create mode 100644 libraries/src/TUF/src/Metadata/RootMetadata.php create mode 100644 libraries/src/TUF/src/Metadata/SnapshotMetadata.php create mode 100644 libraries/src/TUF/src/Metadata/TargetsMetadata.php create mode 100644 libraries/src/TUF/src/Metadata/TimestampMetadata.php create mode 100644 libraries/src/TUF/src/Metadata/Verifier/FileInfoVerifier.php create mode 100644 libraries/src/TUF/src/Metadata/Verifier/RootVerifier.php create mode 100644 libraries/src/TUF/src/Metadata/Verifier/SnapshotVerifier.php create mode 100644 libraries/src/TUF/src/Metadata/Verifier/TargetsVerifier.php create mode 100644 libraries/src/TUF/src/Metadata/Verifier/TimestampVerifier.php create mode 100644 libraries/src/TUF/src/Metadata/Verifier/TrustedAuthorityTrait.php create mode 100644 libraries/src/TUF/src/Metadata/Verifier/UniversalVerifier.php create mode 100644 libraries/src/TUF/src/Metadata/Verifier/VerifierBase.php create mode 100644 libraries/src/TUF/src/Role.php create mode 100644 libraries/src/TUF/src/RoleDB.php create mode 100644 libraries/src/Table/Tuf.php diff --git a/composer.json b/composer.json index dc3a984f438..da23fceb15a 100644 --- a/composer.json +++ b/composer.json @@ -93,7 +93,8 @@ "ext-gd": "*", "web-auth/webauthn-lib": "2.1.*", "composer/ca-bundle": "^1.2", - "dragonmantank/cron-expression": "^3.1" + "dragonmantank/cron-expression": "^3.1", + "symfony/validator": "^5.4" }, "require-dev": { "phpunit/phpunit": "^8.5", diff --git a/installation/sql/mysql/base.sql b/installation/sql/mysql/base.sql index dd7ab9e5a77..e5a85182ec3 100644 --- a/installation/sql/mysql/base.sql +++ b/installation/sql/mysql/base.sql @@ -840,6 +840,29 @@ CREATE TABLE IF NOT EXISTS `#__updates` ( -- -------------------------------------------------------- +-- +-- Table structure for table `#__tuf_updates` +-- + +CREATE TABLE IF NOT EXISTS `#__tuf_metadata` ( + `id` int NOT NULL AUTO_INCREMENT, + `extension_id` int DEFAULT 0, + `root_json` text DEFAULT NULL, + `targets_json` text DEFAULT NULL, + `snapshot_json` text DEFAULT NULL, + `timestamp_json` text DEFAULT NULL, + `mirrors_json` text DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci COMMENT='Secure TUF Updates'; + +-- +-- Dumping data for table `#__tuf_metadata` +-- +INSERT INTO `#__tuf_metadata` (`extension_id`, `root_json`) +SELECT `extension_id`, '{"keytype": "ed25519", "scheme": "ed25519", "keyid": "02c3130c26fb3fe13fda279d578f3bc251f2ca3a42e5878de063e0ee345533c9", "keyid_hash_algorithms": ["sha256", "sha512"], "keyval": {"public": "f813a2882b305389cac36a9b8ebee7576ba7a7de671d2617074b03c12fb003aa", "private": "b7cb4fab28bae035a6fc5d46736e6f2d10ea4ef943e6aace8c637c1fd141ac72"}}' FROM `#__extensions` WHERE `type`='file' AND `element`='joomla'; + +-- -------------------------------------------------------- + -- -- Table structure for table `#__update_sites` -- diff --git a/libraries/src/TUF/DatabaseStorage.php b/libraries/src/TUF/DatabaseStorage.php new file mode 100644 index 00000000000..253cec551ae --- /dev/null +++ b/libraries/src/TUF/DatabaseStorage.php @@ -0,0 +1,109 @@ + + * @license GNU General Public License version 2 or later; see LICENSE.txt + */ + +namespace Joomla\CMS\TUF; + +use Joomla\CMS\Table\Table; +use Joomla\CMS\Table\Tuf; +use Joomla\CMS\TUF\Exception\RoleNotFoundException; +use Joomla\Database\DatabaseDriver; + +\defined('JPATH_PLATFORM') or die; + +/** + * @since __DEPLOY_VERSION__ + */ +class DatabaseStorage implements \ArrayAccess +{ + /** + * The Tuf table object + * + * @var Table + */ + protected Table $table; + + /** + * Initialize the DatabaseStorage class + * + * @param DatabaseDriver $db + * @param integer $extensionId + */ + public function __construct(DatabaseDriver $db, int $extensionId) + { + $this->table = new Tuf($db); + + $this->table->load($extensionId); + } + + /** + * {@inheritdoc} + */ + public function offsetExists(mixed $offset): bool + { + $column = $this->getCleanColumn($offset); + + return substr($offset, -5) === '_json' && $this->table->hasField($column) && strlen($this->table->$column); + } + + /** + * {@inheritdoc} + */ + public function offsetGet($offset): mixed + { + if (!$this->offsetExists($offset)) + { + throw new RoleNotFoundException; + } + + $column = $this->getCleanColumn($offset); + + return $this->table->$column; + } + + /** + * {@inheritdoc} + */ + public function offsetSet($offset, $value): void + { + if (!$this->offsetExists($offset)) + { + throw new RoleNotFoundException; + } + + $this->table->$offset = $value; + + $this->table->store(); + } + + /** + * {@inheritdoc} + */ + public function offsetUnset($offset): void + { + if (!$this->offsetExists($offset)) + { + throw new RoleNotFoundException; + } + + $this->table->$offset = ''; + + $this->table->store(); + } + + /** + * Convert file names to table columns + * + * @param string $name + * + * @return string + */ + protected function getCleanColumn($name): string + { + return str_replace('.', '_', $name); + } +} diff --git a/libraries/src/TUF/Exception/RoleNotFoundException.php b/libraries/src/TUF/Exception/RoleNotFoundException.php new file mode 100644 index 00000000000..fa90a250158 --- /dev/null +++ b/libraries/src/TUF/Exception/RoleNotFoundException.php @@ -0,0 +1,20 @@ + + * @license GNU General Public License version 2 or later; see LICENSE.txt + */ + +namespace Joomla\CMS\TUF\Exception; + +\defined('JPATH_PLATFORM') or die; + +/** + * Exception class defining that the Role could not be found + * + * @since __DEPLOY_VERSION__ + */ +class RoleNotFoundException extends \Exception +{ +} diff --git a/libraries/src/TUF/TufValidation.php b/libraries/src/TUF/TufValidation.php new file mode 100644 index 00000000000..73c9a595bbb --- /dev/null +++ b/libraries/src/TUF/TufValidation.php @@ -0,0 +1,154 @@ + + * @license GNU General Public License version 2 or later; see LICENSE.txt + */ + +namespace Joomla\CMS\TUF; + +use JLoader; +use Joomla\CMS\Factory; +use Joomla\Database\DatabaseDriver; +use Joomla\Database\ParameterType; +use Symfony\Component\OptionsResolver\Exception\InvalidOptionsException; +use Symfony\Component\OptionsResolver\Exception\UndefinedOptionsException; +use Symfony\Component\OptionsResolver\OptionsResolver; +use Tuf\Client\GuzzleFileFetcher; +use Tuf\Client\Updater; +use Tuf\Exception\Attack\FreezeAttackException; +use Tuf\Exception\Attack\RollbackAttackException; +use Tuf\Exception\Attack\SignatureThresholdException; +use Tuf\Exception\MetadataException; +use Tuf\JsonNormalizer; + +JLoader::registerNamespace('Tuf', JPATH_ROOT . '/libraries/src/TUF/src'); + +\defined('JPATH_PLATFORM') or die; + +/** + * @since __DEPLOY_VERSION__ + */ +class TufValidation +{ + /** + * The id of the extension to be updated + * + * @var integer + */ + private int $extensionId; + + /** + * The params of the validator + * + * @var mixed + */ + private mixed $params; + + /** + * Validating updates with TUF + * + * @param integer $extensionId The ID of the extension to be checked + * @param mixed $params The parameters containing the Base-URI, the Metadata- and Targets-Path and mirrors for + * the update + */ + public function __construct(int $extensionId, mixed $params) + { + $this->extensionId = $extensionId; + + $resolver = new OptionsResolver; + + try + { + $this->configureTufOptions($resolver); + } + catch (\Exception) + { + } + + try + { + $params = $resolver->resolve($params); + } + catch (\Exception $e) + { + if ($e instanceof UndefinedOptionsException || $e instanceof InvalidOptionsException) + { + throw $e; + } + } + + $this->params = $params; + } + + /** + * Configures default values or pass arguments to params + * + * @param OptionsResolver $resolver The OptionsResolver for the params + * @return void + */ + protected function configureTufOptions(OptionsResolver $resolver) + { + $resolver->setDefaults( + [ + 'url_prefix' => 'https://raw.githubusercontent.com', + 'metadata_path' => '/joomla/updates/test/repository/', + 'targets_path' => '/targets/', + 'mirrors' => [], + ] + ) + ->setAllowedTypes('url_prefix', 'string') + ->setAllowedTypes('metadata_path', 'string') + ->setAllowedTypes('targets_path', 'string') + ->setAllowedTypes('mirrors', 'array'); + } + + /** + * Checks for updates and writes it into the database if they are valid. Then it gets the targets.json content and + * returns it + * + * @return mixed Returns the targets.json if the validation is successful, otherwise null + */ + public function getValidUpdate(): mixed + { + $db = Factory::getContainer()->get(DatabaseDriver::class); + + // $db = Factory::getDbo(); + + $fileFetcher = GuzzleFileFetcher::createFromUri($this->params['url_prefix'], $this->params['metadata_path'], $this->params['targets_path']); + $updater = new Updater( + $fileFetcher, + $this->params['mirrors'], + new DatabaseStorage($db, $this->extensionId) + ); + + try + { + // Refresh the data if needed, it will be written inside the DB, then we fetch it afterwards and return it to + // the caller + $updater->refresh(); + $query = $db->getQuery(true) + ->select('targets_json') + ->from($db->quoteName('#__tuf_metadata', 'map')) + ->where($db->quoteName('map.id') . ' = :id') + ->bind(':id', $this->extensionId, ParameterType::INTEGER); + $db->setQuery($query); + + $resultArray = (array) $db->loadObject(); + + return JsonNormalizer::decode($resultArray['targets_json']); + } + catch (FreezeAttackException | MetadataException | SignatureThresholdException | RollbackAttackException $e) + { + // When the validation fails, for example when one file is written but the others don't, we roll back everything + // and cancel the update + $query = $db->getQuery(true) + ->delete('#__tuf_metadata') + ->columns(['snapshot_json', 'targets_json', 'timestamp_json']); + $db->setQuery($query); + + return null; + } + } +} diff --git a/libraries/src/TUF/src/Client/DurableStorage/DurableStorageAccessValidator.php b/libraries/src/TUF/src/Client/DurableStorage/DurableStorageAccessValidator.php new file mode 100644 index 00000000000..50da999d9cc --- /dev/null +++ b/libraries/src/TUF/src/Client/DurableStorage/DurableStorageAccessValidator.php @@ -0,0 +1,97 @@ +backend = $backend; + } + + /** + * Verifies that a given offset is valid. + * + * This is meant as a security measure to reduce the likelihood of + * undesired storage behavior. For example, a filesystem storage can't be + * tricked into executing in a different directory. + * + * @param mixed $offset + * The ArrayAccess offset. + * + * @return void + * + * @throws \OutOfBoundsException + * Thrown if the offset is not a string, or if it is not a valid + * filename (characters other than alphanumeric characters, periods, + * underscores, or hyphens). + */ + protected function throwIfInvalidOffset($offset): void + { + //if (! is_string($offset) || !preg_match("|^[\w._-]+$|", $offset)) { + if (! is_string($offset)) { + throw new \OutOfBoundsException("Array offset '$offset' is not a valid durable storage key."); + } + } + + /** + * {@inheritdoc} + */ + public function offsetExists($offset) + { + $this->throwIfInvalidOffset($offset); + return $this->backend->offsetExists($offset); + } + + /** + * {@inheritdoc} + */ + public function offsetGet($offset) + { + $this->throwIfInvalidOffset($offset); + return $this->backend->offsetGet($offset); + } + + /** + * {@inheritdoc} + */ + public function offsetSet($offset, $value) + { + $this->throwIfInvalidOffset($offset); + // @todo Consider enforcing an application-configurable maximum length + // here. https://github.com/php-tuf/php-tuf/issues/27 + if (! is_string($value)) { + $format = "Cannot store %s at offset $offset: only strings are allowed in durable storage."; + throw new \UnexpectedValueException(sprintf($format, gettype($value))); + } + $this->backend->offsetSet($offset, $value); + } + + /** + * {@inheritdoc} + */ + public function offsetUnset($offset) + { + $this->throwIfInvalidOffset($offset); + $this->backend->offsetUnset($offset); + } +} diff --git a/libraries/src/TUF/src/Client/DurableStorage/FileStorage.php b/libraries/src/TUF/src/Client/DurableStorage/FileStorage.php new file mode 100644 index 00000000000..271a5c97094 --- /dev/null +++ b/libraries/src/TUF/src/Client/DurableStorage/FileStorage.php @@ -0,0 +1,82 @@ +basePath = $basePath; + } + + /** + * Returns a full path for an item in the storage. + * + * @param mixed $offset + * The ArrayAccess offset for the item. + * + * @return string + * The full path for the item in the storage. + */ + protected function pathWithBasePath($offset): string + { + return $this->basePath . DIRECTORY_SEPARATOR . $offset; + } + + /** + * {@inheritdoc} + */ + public function offsetExists($offset) + { + return file_exists($this->pathWithBasePath($offset)); + } + + /** + * {@inheritdoc} + */ + public function offsetGet($offset) + { + return file_get_contents($this->pathWithBasePath($offset)); + } + + /** + * {@inheritdoc} + */ + public function offsetSet($offset, $value) + { + file_put_contents($this->pathWithBasePath($offset), $value); + } + + /** + * {@inheritdoc} + */ + public function offsetUnset($offset) + { + @unlink($this->pathWithBasePath($offset)); + } +} diff --git a/libraries/src/TUF/src/Client/GuzzleFileFetcher.php b/libraries/src/TUF/src/Client/GuzzleFileFetcher.php new file mode 100644 index 00000000000..163bfb8914b --- /dev/null +++ b/libraries/src/TUF/src/Client/GuzzleFileFetcher.php @@ -0,0 +1,172 @@ +client = $client; + $this->metadataPrefix = $metadataPrefix; + $this->targetsPrefix = $targetsPrefix; + } + + /** + * Creates an instance of this class with a specific base URI. + * + * @param string $baseUri + * The base URI from which to fetch files. + * @param string $metadataPrefix + * (optional) The path prefix for metadata. Defaults to '/metadata/'. + * @param string $targetsPrefix + * (optional) The path prefix for targets. Defaults to '/targets/'. + * + * @return static + * A new instance of this class. + */ + public static function createFromUri(string $baseUri, string $metadataPrefix = '/metadata/', string $targetsPrefix = '/targets/'): self + { + $client = new Client(['base_uri' => $baseUri]); + return new static($client, $metadataPrefix, $targetsPrefix); + } + + /** + * {@inheritDoc} + */ + public function fetchMetadata(string $fileName, int $maxBytes): PromiseInterface + { + return $this->fetchFile($this->metadataPrefix . $fileName, $maxBytes); + } + + /** + * {@inheritDoc} + * + * @param array $options + * (optional) Additional request options to pass to the Guzzle client. + * See \GuzzleHttp\RequestOptions. + * @param string $url + * (optional) An arbitrary URL from which the target should be downloaded. + * If passed, takes precedence over $fileName. + */ + public function fetchTarget(string $fileName, int $maxBytes, array $options = [], string $url = null): PromiseInterface + { + $location = $url ?: $this->targetsPrefix . $fileName; + return $this->fetchFile($location, $maxBytes, $options); + } + + /** + * Fetches a file from a URL. + * + * @param string $url + * The URL of the file to fetch. + * @param integer $maxBytes + * The maximum number of bytes to download. + * @param array $options + * (optional) Additional request options to pass to the Guzzle client. + * See \GuzzleHttp\RequestOptions. + * + * @return \GuzzleHttp\Promise\PromiseInterface + * A promise representing the eventual result of the operation. + */ + protected function fetchFile(string $url, int $maxBytes, array $options = []): PromiseInterface + { + // Create a progress callback to abort the download if it exceeds + // $maxBytes. This will only work with cURL, so we also verify the + // download size when request is finished. + $progress = function (int $expectedBytes, int $downloadedBytes) use ($url, $maxBytes) { + if ($expectedBytes > $maxBytes || $downloadedBytes > $maxBytes) { + throw new DownloadSizeException("$url exceeded $maxBytes bytes"); + } + }; + $options += [RequestOptions::PROGRESS => $progress]; + + return $this->client->requestAsync('GET', $url, $options) + ->then( + function (ResponseInterface $response) { + return new ResponseStream($response); + }, + $this->onRejected($url) + ); + } + + /** + * Creates a callback function for when the promise is rejected. + * + * @param string $fileName + * The file name being fetched from the remote repo. + * + * @return \Closure + * The callback function. + */ + private function onRejected(string $fileName): \Closure + { + return function (\Throwable $e) use ($fileName) { + if ($e instanceof ClientException) { + if ($e->getCode() === 404) { + throw new RepoFileNotFound("$fileName not found", 0, $e); + } else { + // Re-throwing the original exception will blow away the + // backtrace, so wrap the exception in a more generic one to aid + // in debugging. + throw new \RuntimeException($e->getMessage(), $e->getCode(), $e); + } + } + throw $e; + }; + } + + /** + * {@inheritDoc} + */ + public function fetchMetadataIfExists(string $fileName, int $maxBytes): ?string + { + try { + return $this->fetchMetadata($fileName, $maxBytes)->wait(); + } catch (RepoFileNotFound $exception) { + return null; + } + } +} diff --git a/libraries/src/TUF/src/Client/RepoFileFetcherInterface.php b/libraries/src/TUF/src/Client/RepoFileFetcherInterface.php new file mode 100644 index 00000000000..e776fb51876 --- /dev/null +++ b/libraries/src/TUF/src/Client/RepoFileFetcherInterface.php @@ -0,0 +1,56 @@ +response = $response; + } + + /** + * Returns the response that produced this stream. + * + * @return \Psr\Http\Message\ResponseInterface + * The response. + */ + public function getResponse(): ResponseInterface + { + return $this->response; + } + + /** + * {@inheritDoc} + */ + public function __toString() + { + return $this->getResponse()->getBody()->__toString(); + } + + /** + * {@inheritDoc} + */ + public function close() + { + $this->getResponse()->getBody()->close(); + } + + /** + * {@inheritDoc} + */ + public function detach() + { + return $this->getResponse()->getBody()->detach(); + } + + /** + * {@inheritDoc} + */ + public function getSize() + { + return $this->getResponse()->getBody()->getSize(); + } + + /** + * {@inheritDoc} + */ + public function tell() + { + return $this->getResponse()->getBody()->tell(); + } + + /** + * {@inheritDoc} + */ + public function eof() + { + return $this->getResponse()->getBody()->eof(); + } + + /** + * {@inheritDoc} + */ + public function isSeekable() + { + return $this->getResponse()->getBody()->isSeekable(); + } + + /** + * {@inheritDoc} + */ + public function seek($offset, $whence = SEEK_SET) + { + return $this->getResponse()->getBody()->seek($offset, $whence); + } + + /** + * {@inheritDoc} + */ + public function rewind() + { + return $this->getResponse()->getBody()->rewind(); + } + + /** + * {@inheritDoc} + */ + public function isWritable() + { + return $this->getResponse()->getBody()->isWritable(); + } + + /** + * {@inheritDoc} + */ + public function write($string) + { + return $this->getResponse()->getBody()->write($string); + } + + /** + * {@inheritDoc} + */ + public function isReadable() + { + return $this->getResponse()->getBody()->isReadable(); + } + + /** + * {@inheritDoc} + */ + public function read($length) + { + return $this->getResponse()->getBody()->read($length); + } + + /** + * {@inheritDoc} + */ + public function getContents() + { + return $this->getResponse()->getBody()->getContents(); + } + + /** + * {@inheritDoc} + */ + public function getMetadata($key = null): string + { + return $this->getResponse()->getBody()->getMetadata($key); + } +} diff --git a/libraries/src/TUF/src/Client/SignatureVerifier.php b/libraries/src/TUF/src/Client/SignatureVerifier.php new file mode 100644 index 00000000000..3395498207d --- /dev/null +++ b/libraries/src/TUF/src/Client/SignatureVerifier.php @@ -0,0 +1,153 @@ +roleDb = $roleDb; + $this->keyDb = $keyDb; + } + + /** + * Creates a SignatureVerifier object from a RootMetadata object. + * + * @param RootMetadata $rootMetadata + * @param bool $allowUntrustedAccess + * + * @return static + */ + public static function createFromRootMetadata(RootMetadata $rootMetadata, bool $allowUntrustedAccess = false): self + { + return new static( + RoleDB::createFromRootMetadata($rootMetadata, $allowUntrustedAccess), + KeyDB::createFromRootMetadata($rootMetadata, $allowUntrustedAccess) + ); + } + + /** + * Checks signatures on a verifiable structure. + * + * @param \Tuf\Metadata\MetadataBase $metadata + * The metadata to check signatures on. + * + * @return void + * + * @throws \Tuf\Exception\Attack\SignatureThresholdException + * Thrown if the signature threshold has not be reached. + */ + public function checkSignatures(MetadataBase $metadata): void + { + $signatures = $metadata->getSignatures(); + + $role = $this->roleDb->getRole($metadata->getRole()); + $needVerified = $role->getThreshold(); + $verifiedKeySignatures = []; + + $canonicalBytes = JsonNormalizer::asNormalizedJson($metadata->getSigned()); + + foreach ($signatures as $signature) + { + // Don't allow the same key to be counted twice. + if ($role->isKeyIdAcceptable($signature['keyid']) && $this->verifySingleSignature($canonicalBytes, $signature)) + { + $verifiedKeySignatures[$signature['keyid']] = true; + } + + // @todo Determine if we should check all signatures and warn for + // bad signatures even if this method returns TRUE because the + // threshold has been met. + // https://github.com/php-tuf/php-tuf/issues/172 + if (count($verifiedKeySignatures) >= $needVerified) + { + break; + } + } + + if (count($verifiedKeySignatures) < $needVerified) + { + throw new SignatureThresholdException("Signature threshold not met on " . $metadata->getRole()); + } + } + + /** + * Verifies a single signature. + * + * @param string $bytes + * The canonical JSON string of the 'signed' section of the given file. + * @param \ArrayAccess $signatureMeta + * The ArrayAccess object of metadata for the signature. Each signature + * metadata contains two elements: + * - keyid: The identifier of the key signing the role data. + * - sig: The hex-encoded signature of the canonical form of the + * metadata for the role. + * + * @return boolean + * TRUE if the signature is valid for $bytes. + */ + private function verifySingleSignature(string $bytes, \ArrayAccess $signatureMeta): bool + { + // Get the pubkey from the key database. + $pubkey = $this->keyDb->getKey($signatureMeta['keyid'])->getPublic(); + + // Encode the pubkey and signature, and check that the signature is + // valid for the given data and pubkey. + $pubkeyBytes = hex2bin($pubkey); + $sigBytes = hex2bin($signatureMeta['sig']); + + // @todo Check that the key type in $signatureMeta is ed25519; return + // false if not. + // https://github.com/php-tuf/php-tuf/issues/168 + return \sodium_crypto_sign_verify_detached($sigBytes, $bytes, $pubkeyBytes); + } + + /** + * Adds a role to the signature verifier. + * + * @param \Tuf\Role $role + */ + public function addRole(Role $role): void + { + if (!$this->roleDb->roleExists($role->getName())) + { + $this->roleDb->addRole($role); + } + } + + /** + * Adds a key to the signature verifier. + * + * @param string $keyId + * @param \Tuf\Key $key + */ + public function addKey(string $keyId, Key $key): void + { + $this->keyDb->addKey($keyId, $key); + } +} diff --git a/libraries/src/TUF/src/Client/Updater.php b/libraries/src/TUF/src/Client/Updater.php new file mode 100644 index 00000000000..d993141105f --- /dev/null +++ b/libraries/src/TUF/src/Client/Updater.php @@ -0,0 +1,600 @@ +repoFileFetcher = $repoFileFetcher; + $this->mirrors = $mirrors; + $this->durableStorage = new DurableStorageAccessValidator($durableStorage); + $this->clock = new Clock(); + $this->metadataFactory = new MetadataFactory($this->durableStorage); + } + + /** + * Gets the type for the file name. + * + * @param string $fileName + * The file name. + * + * @return string + * The type. + */ + private static function getFileNameType(string $fileName): string + { + $parts = explode('.', $fileName); + array_pop($parts); + return array_pop($parts); + } + + /** + * @todo Add docs. See python comments: + * https://github.com/theupdateframework/tuf/blob/1cf085a360aaad739e1cc62fa19a2ece270bb693/tuf/client/updater.py#L999 + * https://github.com/php-tuf/php-tuf/issues/162 + * @todo The Python implementation has an optional flag to "unsafely update + * root if necessary". Do we need it? + * https://github.com/php-tuf/php-tuf/issues/21 + * + * @param bool $force + * (optional) If false, return early if this updater has already been + * refreshed. Defaults to false. + * + * @return boolean + * TRUE if the data was successfully refreshed. + * + * @see https://github.com/php-tuf/php-tuf/issues/21 + * + * @throws \Tuf\Exception\MetadataException + * Throw if an upated root metadata file is not valid. + * @throws \Tuf\Exception\Attack\FreezeAttackException + * Throw if a freeze attack is detected. + * @throws \Tuf\Exception\Attack\RollbackAttackException + * Throw if a rollback attack is detected. + * @throws \Tuf\Exception\Attack\SignatureThresholdException + * Thrown if the signature threshold has not be reached. + */ + public function refresh(bool $force = false): bool + { + if ($force) { + $this->isRefreshed = false; + $this->metadataExpiration = null; + } + if ($this->isRefreshed) { + return true; + } + + // § 5.1 + $this->metadataExpiration = $this->getUpdateStartTime(); + + // § 5.2 + /** @var \Tuf\Metadata\RootMetadata $rootData */ + $rootData = $this->metadataFactory->load('root'); + + $this->signatureVerifier = SignatureVerifier::createFromRootMetadata($rootData); + $this->universalVerifier = new UniversalVerifier($this->metadataFactory, $this->signatureVerifier, $this->metadataExpiration); + + // § 5.3 + $this->updateRoot($rootData); + + // § 5.4 + $newTimestampData = $this->updateTimestamp(); + + $snapshotInfo = $newTimestampData->getFileMetaInfo('snapshot.json'); + $snapShotVersion = $snapshotInfo['version']; + + // § 5.5 + if ($rootData->supportsConsistentSnapshots()) { + // § 5.5.1 + $newSnapshotContents = $this->fetchFile("$snapShotVersion.snapshot.json"); + + $newSnapshotData = SnapshotMetadata::createFromJson($newSnapshotContents); + + $this->universalVerifier->verify(SnapshotMetadata::TYPE, $newSnapshotData); + + // § 5.5.7 + // TODO: here change .json to _json + $this->durableStorage['snapshot_json'] = $newSnapshotContents; + } else { + // @todo Add support for not using consistent snapshots in + // https://github.com/php-tuf/php-tuf/issues/97 + throw new \UnexpectedValueException("Currently only repos using consistent snapshots are supported."); + } + + // § 5.6 + if ($rootData->supportsConsistentSnapshots()) { + $this->fetchAndVerifyTargetsMetadata('targets'); + } else { + // @todo Add support for not using consistent snapshots in + // https://github.com/php-tuf/php-tuf/issues/97 + throw new \UnexpectedValueException("Currently only repos using consistent snapshots are supported."); + } + $this->isRefreshed = true; + return true; + } + + /** + * Updates the timestamp role, per section 5.3 of the TUF spec. + */ + private function updateTimestamp(): TimestampMetadata + { + // § 5.4.1 + $newTimestampContents = $this->fetchFile('timestamp.json'); + $newTimestampData = TimestampMetadata::createFromJson($newTimestampContents); + + $this->universalVerifier->verify(TimestampMetadata::TYPE, $newTimestampData); + + // § 5.4.5: Persist timestamp metadata + // TODO: here change .json to _json + $this->durableStorage['timestamp_json'] = $newTimestampContents; + + return $newTimestampData; + } + + + + /** + * Updates the root metadata if needed. + * + * @param \Tuf\Metadata\RootMetadata $rootData + * The current root metadata. + * + * @return void + *@throws \Tuf\Exception\Attack\FreezeAttackException + * Throw if a freeze attack is detected. + * @throws \Tuf\Exception\Attack\RollbackAttackException + * Throw if a rollback attack is detected. + * @throws \Tuf\Exception\Attack\SignatureThresholdException + * Thrown if an updated root file is not signed with the need signatures. + * + * @throws \Tuf\Exception\MetadataException + * Throw if an upated root metadata file is not valid. + */ + private function updateRoot(RootMetadata &$rootData): void + { + // § 5.3.1 needs no action, since we currently require consistent + // snapshots. + $rootsDownloaded = 0; + $originalRootData = $rootData; + // § 5.3.2 and 5.3.3 + $nextVersion = $rootData->getVersion() + 1; + while ($nextRootContents = $this->repoFileFetcher->fetchMetadataIfExists("$nextVersion.root.json", static::MAXIMUM_DOWNLOAD_BYTES)) { + $rootsDownloaded++; + if ($rootsDownloaded > static::MAX_ROOT_DOWNLOADS) { + throw new DenialOfServiceAttackException("The maximum number root files have already been downloaded: " . static::MAX_ROOT_DOWNLOADS); + } + $nextRoot = RootMetadata::createFromJson($nextRootContents); + $this->universalVerifier->verify(RootMetadata::TYPE, $nextRoot); + + // § 5.3.6 Needs no action. The expiration of the new (intermediate) + // root metadata file does not matter yet, because we will check for + // it in § 5.3.10. + // § 5.3.7 + $rootData = $nextRoot; + + // § 5.3.8 + // TODO: here change .json to _json + $this->durableStorage['root_json'] = $nextRootContents; + // § 5.3.9: repeat from § 5.3.2. + $nextVersion = $rootData->getVersion() + 1; + } + // § 5.3.10 + RootVerifier::checkFreezeAttack($rootData, $this->metadataExpiration); + + // § 5.3.11: Delete the trusted timestamp and snapshot files if either + // file has rooted keys. + if ($rootsDownloaded && + (static::hasRotatedKeys($originalRootData, $rootData, 'timestamp') + || static::hasRotatedKeys($originalRootData, $rootData, 'snapshot'))) { + unset($this->durableStorage['timestamp_json'], $this->durableStorage['snapshot_json']); + } + // § 5.3.12 needs no action because we currently require consistent + // snapshots. + } + + /** + * Determines if the new root metadata has rotated keys for a role. + * + * @param \Tuf\Metadata\RootMetadata $previousRootData + * The previous root metadata. + * @param \Tuf\Metadata\RootMetadata $newRootData + * The new root metadta. + * @param string $role + * The role to check for rotated keys. + * + * @return boolean + * True if the keys for the role have been rotated, otherwise false. + */ + private static function hasRotatedKeys(RootMetadata $previousRootData, RootMetadata $newRootData, string $role): bool + { + $previousRole = $previousRootData->getRoles()[$role] ?? null; + $newRole = $newRootData->getRoles()[$role] ?? null; + if ($previousRole && $newRole) { + return !$previousRole->keysMatch($newRole); + } + return false; + } + + /** + * Synchronously fetches a file from the remote repo. + * + * @param string $fileName + * The name of the file to fetch. + * @param integer $maxBytes + * (optional) The maximum number of bytes to download. + * + * @return string + * The contents of the fetched file. + */ + private function fetchFile(string $fileName, int $maxBytes = self::MAXIMUM_DOWNLOAD_BYTES): string + { + return $this->repoFileFetcher->fetchMetadata($fileName, $maxBytes) + ->then(function (StreamInterface $data) use ($fileName, $maxBytes) { + $this->checkLength($data, $maxBytes, $fileName); + return $data; + }) + ->wait(); + } + + /** + * Verifies the length of a data stream. + * + * @param \Psr\Http\Message\StreamInterface $data + * The data stream to check. + * @param int $maxBytes + * The maximum acceptable length of the stream, in bytes. + * @param string $fileName + * The filename associated with the stream. + * + * @throws \Tuf\Exception\DownloadSizeException + * If the stream's length exceeds $maxBytes in size. + */ + protected function checkLength(StreamInterface $data, int $maxBytes, string $fileName): void + { + $error = new DownloadSizeException("$fileName exceeded $maxBytes bytes"); + $size = $data->getSize(); + + if (isset($size)) { + if ($size > $maxBytes) { + throw $error; + } + } else { + // @todo Handle non-seekable streams. + // https://github.com/php-tuf/php-tuf/issues/169 + $data->rewind(); + $data->read($maxBytes); + + // If we reached the end of the stream, we didn't exceed the + // maximum number of bytes. + if ($data->eof() === false) { + throw $error; + } + $data->rewind(); + } + } + + /** + * Verifies a stream of data against a known TUF target. + * + * @param string $target + * The path of the target file. Needs to be known to the most recent + * targets metadata downloaded in ::refresh(). + * @param \Psr\Http\Message\StreamInterface $data + * A stream pointing to the downloaded target data. + * + * @throws \Tuf\Exception\MetadataException + * If the target has no trusted hash(es). + * @throws \Tuf\Exception\Attack\InvalidHashException + * If the data stream does not match the known hash(es) for the target. + */ + protected function verify(string $target, StreamInterface $data): void + { + $this->refresh(); + + $targetsMetadata = $this->getMetadataForTarget($target); + if ($targetsMetadata === null) { + throw new NotFoundException($target, 'Target'); + } + $maxBytes = $targetsMetadata->getLength($target) ?? static::MAXIMUM_DOWNLOAD_BYTES; + $this->checkLength($data, $maxBytes, $target); + + $hashes = $targetsMetadata->getHashes($target); + if (count($hashes) === 0) { + // § 5.7.2 + throw new MetadataException("No trusted hashes are available for '$target'"); + } + foreach ($hashes as $algo => $hash) { + // If the stream has a URI that refers to a file, use + // hash_file() to verify it. Otherwise, read the entire stream + // as a string and use hash() to verify it. + $uri = $data->getMetadata('uri'); + if ($uri && file_exists($uri)) { + $streamHash = hash_file($algo, $uri); + } else { + $streamHash = hash($algo, $data->getContents()); + $data->rewind(); + } + + if ($hash !== $streamHash) { + throw new InvalidHashException($data, "Invalid $algo hash for $target"); + } + } + } + + /** + * Downloads a target file, verifies it, and returns its contents. + * + * @param string $target + * The path of the target file. Needs to be known to the most recent + * targets metadata downloaded in ::refresh(). + * @param mixed ...$extra + * Additional arguments to pass to the file fetcher. + * + * @return \GuzzleHttp\Promise\PromiseInterface + * A promise representing the eventual verified result of the download + * operation. + */ + public function download(string $target, ...$extra): PromiseInterface + { + $this->refresh(); + + $targetsMetadata = $this->getMetadataForTarget($target); + if ($targetsMetadata === null) { + return new RejectedPromise(new NotFoundException($target, 'Target')); + } + + // If the target isn't known, immediately return a rejected promise. + try { + $length = $targetsMetadata->getLength($target) ?? static::MAXIMUM_DOWNLOAD_BYTES; + } catch (NotFoundException $e) { + return new RejectedPromise($e); + } + + return $this->repoFileFetcher->fetchTarget($target, $length, ...$extra) + ->then(function (StreamInterface $stream) use ($target) { + $this->verify($target, $stream); + return $stream; + }); + } + + /** + * Gets a target metadata object that contains the specified target, if any. + * + * @param string $target + * The path of the target file. + * + * @return \Tuf\Metadata\TargetsMetadata|null + * The targets metadata with information about the desired target, or null if no relevant metadata is found. + */ + protected function getMetadataForTarget(string $target): ?TargetsMetadata + { + // Search the top level targets metadata. + /** @var \Tuf\Metadata\TargetsMetadata $targetsMetadata */ + $targetsMetadata = $this->metadataFactory->load('targets'); + if ($targetsMetadata->hasTarget($target)) { + return $targetsMetadata; + } + // Recursively search any delegated roles. + return $this->searchDelegatedRolesForTarget($targetsMetadata, $target, ['targets']); + } + + /** + * Fetches and verifies a targets metadata file. + * + * The metadata file will be stored as '$role_json'. + * + * @param string $role + * The role name. This may be 'targets' or a delegated role. + */ + private function fetchAndVerifyTargetsMetadata(string $role): void + { + $newSnapshotData = $this->metadataFactory->load('snapshot'); + $targetsVersion = $newSnapshotData->getFileMetaInfo($role. ".json")['version']; + // § 5.6.1 + $newTargetsContent = $this->fetchFile("$targetsVersion.$role.json"); + $newTargetsData = TargetsMetadata::createFromJson($newTargetsContent, $role); + $this->universalVerifier->verify(TargetsMetadata::TYPE, $newTargetsData); + // § 5.5.6 + // TODO: here change .json to _json + $this->durableStorage[$role . "_json"] = $newTargetsContent; + } + + /** + * Returns the time that the update began. + * + * @return \DateTimeImmutable + * The time that the update began. + */ + private function getUpdateStartTime(): \DateTimeImmutable + { + return (new \DateTimeImmutable())->setTimestamp($this->clock->getCurrentTime()); + } + + /** + * Searches delegated roles for metadata concerning a specific target. + * + * @param \Tuf\Metadata\TargetsMetadata|null $targetsMetadata + * The targets metadata to search. + * @param string $target + * The path of the target file. + * @param string[] $searchedRoles + * The roles that have already been searched. This is for internal use only and should not be passed by calling code. + * @param bool $terminated + * (optional) For internal recursive calls only. This will be set to true if a terminating delegation is found in + * the search. + * + * + * @return \Tuf\Metadata\TargetsMetadata|null + * The target metadata that contains the metadata for the target or null if the target is not found. + */ + private function searchDelegatedRolesForTarget(TargetsMetadata $targetsMetadata, string $target, array $searchedRoles, bool &$terminated = false): ?TargetsMetadata + { + foreach ($targetsMetadata->getDelegatedKeys() as $keyId => $delegatedKey) { + $this->signatureVerifier->addKey($keyId, $delegatedKey); + } + foreach ($targetsMetadata->getDelegatedRoles() as $delegatedRole) { + $delegatedRoleName = $delegatedRole->getName(); + if (in_array($delegatedRoleName, $searchedRoles, true)) { + // § 5.6.7.1 + // If this role has been visited before, skip it (to avoid cycles in the delegation graph). + continue; + } + // § 5.6.7.1 + if (count($searchedRoles) > static::MAXIMUM_TARGET_ROLES) { + return null; + } + + $this->signatureVerifier->addRole($delegatedRole); + // Targets must match the paths of all roles in the delegation chain, so if the path does not match, + // do not evaluate this role or any roles it delegates to. + if ($delegatedRole->matchesPath($target)) { + $this->fetchAndVerifyTargetsMetadata($delegatedRoleName); + /** @var \Tuf\Metadata\TargetsMetadata $delegatedTargetsMetadata */ + $delegatedTargetsMetadata = $this->metadataFactory->load($delegatedRoleName); + if ($delegatedTargetsMetadata->hasTarget($target)) { + return $delegatedTargetsMetadata; + } + $searchedRoles[] = $delegatedRoleName; + // § 5.6.7.2.1 + // Recursively search the list of delegations in order of appearance. + $delegatedRolesMetadataSearchResult = $this->searchDelegatedRolesForTarget($delegatedTargetsMetadata, $target, $searchedRoles, $terminated); + if ($terminated || $delegatedRolesMetadataSearchResult) { + return $delegatedRolesMetadataSearchResult; + } + + // If $delegatedRole is terminating then we do not search any of the next delegated roles after it + // in the delegations from $targetsMetadata. + if ($delegatedRole->isTerminating()) { + $terminated = true; + // § 5.6.7.2.2 + // If the role is terminating then abort searching for a target. + return null; + } + } + } + return null; + } +} diff --git a/libraries/src/TUF/src/Constraints/Collection.php b/libraries/src/TUF/src/Constraints/Collection.php new file mode 100644 index 00000000000..77cae65fe82 --- /dev/null +++ b/libraries/src/TUF/src/Constraints/Collection.php @@ -0,0 +1,17 @@ +unsupportedFields as $unsupportedField) { + $existsInArray = \is_array($value) && \array_key_exists($unsupportedField, $value); + $existsInArrayAccess = $value instanceof \ArrayAccess && $value->offsetExists($unsupportedField); + if ($existsInArray || $existsInArrayAccess) { + $this->context->buildViolation('This field is not supported.') + ->atPath("[$unsupportedField]") + ->setInvalidValue(null) + ->setCode(Collection::MISSING_FIELD_ERROR) + ->addViolation(); + } + } + parent::validate($value, $constraint); + } +} diff --git a/libraries/src/TUF/src/DelegatedRole.php b/libraries/src/TUF/src/DelegatedRole.php new file mode 100644 index 00000000000..6c3744c8e86 --- /dev/null +++ b/libraries/src/TUF/src/DelegatedRole.php @@ -0,0 +1,96 @@ +terminating; + } + + /** + * DelegatedRole constructor. + * + * @param string $name + * @param int $threshold + * @param array $keyIds + * @param array $paths + * @param bool $terminating + */ + private function __construct(string $name, int $threshold, array $keyIds, array $paths, bool $terminating) + { + parent::__construct($name, $threshold, $keyIds); + $this->paths = $paths; + $this->terminating = $terminating; + } + + public static function createFromMetadata(\ArrayObject $roleInfo, string $name = null): Role + { + $roleConstraints = static::getRoleConstraints(); + $roleConstraints->fields += [ + 'name' => new Required( + [ + new Type('string'), + new NotBlank(), + ] + ), + 'terminating' => new Required(new Type('boolean')), + 'paths' => new Required(new Type('array')), + ]; + static::validate($roleInfo, $roleConstraints); + return new static( + $roleInfo['name'], + $roleInfo['threshold'], + $roleInfo['keyids'], + $roleInfo['paths'], + $roleInfo['terminating'] + ); + } + + /** + * Determines whether a target matches a path for this role. + * + * @param string $target + * The path of the target file. + * + * @return bool + * True if there is path match or no path criteria is set for the role, or + * false otherwise. + */ + public function matchesPath(string $target): bool + { + if ($this->paths) { + foreach ($this->paths as $path) { + if (fnmatch($path, $target)) { + return true; + } + } + return false; + } + // If no paths are set then any target is a match. + return true; + } +} diff --git a/libraries/src/TUF/src/Exception/Attack/AttackException.php b/libraries/src/TUF/src/Exception/Attack/AttackException.php new file mode 100644 index 00000000000..d267778ee60 --- /dev/null +++ b/libraries/src/TUF/src/Exception/Attack/AttackException.php @@ -0,0 +1,15 @@ +stream = $stream; + } + + /** + * Returns the untrusted stream object pointing to the downloaded target. + * + * WARNING: The contents of the stream failed TUF validation. Any code + * interacting it should treat it as unsafe and proceed with great caution. + * + * @return \Psr\Http\Message\StreamInterface + * The stream object. + */ + public function getStream(): StreamInterface + { + return $this->stream; + } +} diff --git a/libraries/src/TUF/src/Exception/Attack/RollbackAttackException.php b/libraries/src/TUF/src/Exception/Attack/RollbackAttackException.php new file mode 100644 index 00000000000..26a7a021731 --- /dev/null +++ b/libraries/src/TUF/src/Exception/Attack/RollbackAttackException.php @@ -0,0 +1,10 @@ +ksort(); + } elseif (is_object($structure)) { + throw new \RuntimeException('\Tuf\JsonNormalizer::rKeySort() is not intended to sort objects except \ArrayObject. Found: ' . get_class($structure)); + } + + foreach ($structure as $key => $value) { + if (is_array($value) || $value instanceof \ArrayObject) { + self::rKeySort($structure[$key]); + } + } + } + + /** + * Replaces all instance of \stdClass in the data structure with \ArrayObject. + * + * Symfony Validator library's built-in constraints cannot validate + * \stdClass objects. This method should only be used with the return value + * of json_decode therefore should not contain any objects except instances + * of \stdClass. + * + * @param array|\stdClass $data + * The data to convert. The data structure should contain no objects + * except \stdClass instances. + * + * @return iterable + * The data with all stdClass instances replaced with ArrayObject. + * + * @throws \RuntimeException + * Thrown if the an object other than \stdClass is found. + */ + private static function replaceStdClassWithArrayObject($data): iterable + { + if ($data instanceof \stdClass) { + $data = new \ArrayObject($data); + } elseif (!is_array($data)) { + throw new \RuntimeException('Cannot convert type: ' . get_class($data)); + } + foreach ($data as $key => $datum) { + if (is_array($datum) || is_object($datum)) { + $data[$key] = static::replaceStdClassWithArrayObject($datum); + } + } + return $data; + } +} diff --git a/libraries/src/TUF/src/Key.php b/libraries/src/TUF/src/Key.php new file mode 100644 index 00000000000..46bf17a1e74 --- /dev/null +++ b/libraries/src/TUF/src/Key.php @@ -0,0 +1,131 @@ +type = $type; + $this->scheme = $scheme; + $this->public = $public; + } + + /** + * Creates a key object from TUF metadata. + * + * @param \ArrayObject $keyInfo + * The key information from TUF metadata including. + * - keytype: The public key signature system, e.g. 'ed25519'. + * - scheme: The corresponding signature scheme, e.g. 'ed25519'. + * - keyval: An associative array containing the public key value. + + * + * @return static + * + * @see https://theupdateframework.github.io/specification/v1.0.18#document-formats + */ + public static function createFromMetadata(\ArrayObject $keyInfo): self + { + self::validate($keyInfo, static::getKeyConstraints()); + return new static( + $keyInfo['keytype'], + $keyInfo['scheme'], + $keyInfo['keyval']['public'] + ); + } + + /** + * Gets the public key value. + * + * @return string + * The public key value. + */ + public function getPublic(): string + { + return $this->public; + } + + /** + * Gets the key type. + * + * @return string + * The key type. + */ + public function getType(): string + { + return $this->type; + } + + /** + * Computes the key ID. + * + * Per specification section 4.2, the KEYID is a hexdigest of the SHA-256 + * hash of the canonical form of the key. + * + * @return string + * The key ID in hex format for the key metadata hashed using sha256. + * + * @see https://theupdateframework.github.io/specification/v1.0.18#document-formats + * + * @todo https://github.com/php-tuf/php-tuf/issues/56 + */ + public function getComputedKeyId(): string + { + // @see https://github.com/secure-systems-lab/securesystemslib/blob/master/securesystemslib/keys.py + // The keyid_hash_algorithms array value is based on the TUF settings, + // it's not expected to be part of the key metadata. The fact that it is + // currently included is a quirk of the TUF python code that may be + // fixed in future versions. Calculate using the normal TUF settings + // since this is how it's calculated in the securesystemslib code and + // any value for keyid_hash_algorithms in the key data in root.json is + // ignored. + $keyCanonicalStruct = [ + 'keytype' => $this->getType(), + 'scheme' => $this->scheme, + 'keyid_hash_algorithms' => ['sha256', 'sha512'], + 'keyval' => ['public' => $this->getPublic()], + ]; + $keyCanonicalForm = JsonNormalizer::asNormalizedJson($keyCanonicalStruct); + + return hash('sha256', $keyCanonicalForm, false); + } +} diff --git a/libraries/src/TUF/src/KeyDB.php b/libraries/src/TUF/src/KeyDB.php new file mode 100644 index 00000000000..43ce954b482 --- /dev/null +++ b/libraries/src/TUF/src/KeyDB.php @@ -0,0 +1,125 @@ +getKeys($allowUntrustedAccess) as $keyId => $key) { + $db->addKey($keyId, $key); + } + + return $db; + } + + /** + * Gets the supported encryption key types. + * + * @return string[] + * An array of supported encryption key type names (e.g. 'ed25519'). + */ + public static function getSupportedKeyTypes(): array + { + return ['ed25519']; + } + + /** + * Constructs a new KeyDB. + */ + public function __construct() + { + $this->keys = []; + } + + /** + * Adds key metadata to the key database while avoiding duplicates. + * + * @param string $keyId + * The key ID given as the object key in root.json or another keys list. + * @param \Tuf\Key + * The key. + * + * @return void + * + * @see https://theupdateframework.github.io/specification/v1.0.18#document-formats + */ + public function addKey(string $keyId, Key $key): void + { + if (! in_array($key->getType(), self::getSupportedKeyTypes(), true)) { + // @todo Convert this to a log line as per Python. + // https://github.com/php-tuf/php-tuf/issues/160 + throw new InvalidKeyException("Root metadata file contains an unsupported key type: \"${keyMeta['keytype']}\""); + } + // Per TUF specification 4.3, Clients MUST calculate each KEYID to + // verify this is correct for the associated key. + if ($keyId !== $key->getComputedKeyId()) { + throw new InvalidKeyException('The calculated KEYID does not match the value provided.'); + } + $this->keys[$keyId] = $key; + } + + /** + * Returns the key metadata for a given key ID. + * + * @param string $keyId + * The key ID. + * + * @return \Tuf\Key + * The key. + * + * @throws \Tuf\Exception\NotFoundException + * Thrown if the key ID is not found in the keydb database. + * + * @see https://theupdateframework.github.io/specification/v1.0.18#document-formats + */ + public function getKey(string $keyId): Key + { + if (empty($this->keys[$keyId])) { + throw new NotFoundException($keyId, 'key'); + } + return $this->keys[$keyId]; + } +} diff --git a/libraries/src/TUF/src/Metadata/ConstraintsTrait.php b/libraries/src/TUF/src/Metadata/ConstraintsTrait.php new file mode 100644 index 00000000000..a79fa6260df --- /dev/null +++ b/libraries/src/TUF/src/Metadata/ConstraintsTrait.php @@ -0,0 +1,173 @@ +validate($data, $constraints); + if (count($violations)) { + $exceptionMessages = []; + foreach ($violations as $violation) { + $exceptionMessages[] = (string) $violation; + } + throw new MetadataException(implode(", \n", $exceptionMessages)); + } + } + + /** + * Gets the common hash constraints. + * + * @return \Symfony\Component\Validator\Constraint[][] + * The hash constraints. + */ + protected static function getHashesConstraints(): array + { + return [ + 'hashes' => [ + new Count(['min' => 1]), + new Type('\ArrayObject'), + // The keys for 'hashes is not know but they all must be strings. + new All([ + new Type(['type' => 'string']), + new NotBlank(), + ]), + ], + ]; + } + + /** + * Gets the common version constraints. + * + * @return \Symfony\Component\Validator\Constraint[][] + * The version constraints. + */ + protected static function getVersionConstraints(): array + { + return [ + 'version' => [ + new Type(['type' => 'integer']), + new GreaterThanOrEqual(1), + ], + ]; + } + + /** + * Gets the common threshold constraints. + * + * @return \Symfony\Component\Validator\Constraint[][] + * The threshold constraints. + */ + protected static function getThresholdConstraints(): array + { + return [ + 'threshold' => [ + new Type(['type' => 'integer']), + new GreaterThanOrEqual(1), + ], + ]; + } + /** + * Gets the common keyids constraints. + * + * @return \Symfony\Component\Validator\Constraint[][] + * The keysids constraints. + */ + protected static function getKeyidsConstraints(): array + { + return [ + 'keyids' => [ + new Count(['min' => 1]), + new Type(['type' => 'array']), + // The keys for 'hashes is not know but they all must be strings. + new All([ + new Type(['type' => 'string']), + new NotBlank(), + ]), + ], + ]; + } + + /** + * Gets the common key Collection constraints. + * + * @return Collection + * The 'key' Collection constraint. + */ + protected static function getKeyConstraints(): Collection + { + return new Collection([ + // This field is not part of the TUF specification and is being + // removed from the Python TUF reference implementation in + // https://github.com/theupdateframework/tuf/issues/848. + // If it is provided though we only support the default value which + // is passed on from a setting in the Python `securesystemslib` + // library. + 'keyid_hash_algorithms' => new Optional([ + new EqualTo(['value' => ["sha256", "sha512"]]), + ]), + 'keytype' => [ + new Type(['type' => 'string']), + new NotBlank(), + ], + 'keyval' => [ + new Type('\ArrayObject'), + new Collection([ + 'public' => [ + new Type(['type' => 'string']), + new NotBlank(), + ], + ]), + ], + 'scheme' => [ + new Type(['type' => 'string']), + new NotBlank(), + ], + ]); + } + + /** + * Gets the role constraints. + * + * @return \Symfony\Component\Validator\Constraints\Collection + * The role constraints collection. + */ + protected static function getRoleConstraints(): Collection + { + return new Collection( + static::getKeyidsConstraints() + + static::getThresholdConstraints() + ); + } +} diff --git a/libraries/src/TUF/src/Metadata/Factory.php b/libraries/src/TUF/src/Metadata/Factory.php new file mode 100644 index 00000000000..601716a3352 --- /dev/null +++ b/libraries/src/TUF/src/Metadata/Factory.php @@ -0,0 +1,71 @@ +storage = $storage; + } + + /** + * Loads a value object for trusted metadata. + * + * @param string $role + * The role to be loaded. + * + * @return \Tuf\Metadata\MetadataBase|null + * The trusted metadata for the role, or NULL if none was found. + * @throws \Tuf\Exception\MetadataException + */ + public function load(string $role): ?MetadataBase + { + // TODO: this is changed from $role . ".json" to $role . "_json" + $fileName = $role . "_json"; + + if (isset($this->storage[$fileName])) + { + $json = $this->storage[$fileName]; + + switch ($role) + { + case RootMetadata::TYPE: + $currentMetadata = RootMetadata::createFromJson($json); + break; + case SnapshotMetadata::TYPE: + $currentMetadata = SnapshotMetadata::createFromJson($json); + break; + case TimestampMetadata::TYPE: + $currentMetadata = TimestampMetadata::createFromJson($json); + break; + default: + $currentMetadata = TargetsMetadata::createFromJson($json, $role); + } + + $currentMetadata->trust(); + + return $currentMetadata; + } + else + { + return null; + } + } +} diff --git a/libraries/src/TUF/src/Metadata/FileInfoMetadataBase.php b/libraries/src/TUF/src/Metadata/FileInfoMetadataBase.php new file mode 100644 index 00000000000..cd7e6410407 --- /dev/null +++ b/libraries/src/TUF/src/Metadata/FileInfoMetadataBase.php @@ -0,0 +1,27 @@ +ensureIsTrusted($allowUntrustedAccess); + $signed = $this->getSigned(); + return $signed['meta'][$key] ?? null; + } +} diff --git a/libraries/src/TUF/src/Metadata/MetadataBase.php b/libraries/src/TUF/src/Metadata/MetadataBase.php new file mode 100644 index 00000000000..76ce37ff6cc --- /dev/null +++ b/libraries/src/TUF/src/Metadata/MetadataBase.php @@ -0,0 +1,255 @@ +metadata = $metadata; + $this->sourceJson = $sourceJson; + } + + /** + * Gets the original JSON source. + * + * @return string + * The JSON source. + */ + public function getSource():string + { + return $this->sourceJson; + } + + /** + * Create an instance and also validate the decoded JSON. + * + * @param string $json + * A JSON string representing TUF metadata. + * + * @return static + * The new instance. + * + * @throws \Tuf\Exception\MetadataException + * Thrown if validation fails. + */ + public static function createFromJson(string $json): self + { + $data = JsonNormalizer::decode($json); + static::validate($data, new Collection(static::getConstraints())); + + return new static($data, $json); + } + + /** + * Gets the constraints for top-level metadata. + * + * @return \Symfony\Component\Validator\Constraint[] + * Array of constraints. + */ + protected static function getConstraints(): array + { + return [ + 'signatures' => new Required( + [ + new Type('array'), + new Count(['min' => 1]), + new All( + [ + new Collection( + [ + 'keyid' => [ + new NotBlank, + new Type(['type' => 'string']), + ], + 'sig' => [ + new NotBlank, + new Type(['type' => 'string']), + ], + ] + ), + ] + ), + ] + ), + 'signed' => new Required( + [ + new Collection(static::getSignedCollectionOptions()), + ] + ), + ]; + } + + /** + * Gets options for the 'signed' metadata property. + * + * @return array + * An options array as expected by + * \Symfony\Component\Validator\Constraints\Collection::__construct(). + */ + protected static function getSignedCollectionOptions(): array + { + return [ + 'fields' => [ + '_type' => [ + new EqualTo(['value' => static::TYPE]), + new Type(['type' => 'string']), + ], + 'expires' => new DateTime(['value' => \DateTimeInterface::ISO8601]), + // We only expect to work with major version 1. + 'spec_version' => [ + new NotBlank, + new Type(['type' => 'string']), + //new Regex(['pattern' => '/^1\.[0-9]+\.[0-9]+$/']), + ], + ] + static::getVersionConstraints(), + 'allowExtraFields' => true, + ]; + } + + /** + * Get signed. + * + * @return \ArrayObject + * The "signed" section of the data. + */ + public function getSigned(): \ArrayObject + { + return (new DeepCopy)->copy($this->metadata['signed']); + } + + /** + * Get version. + * + * @return integer + * The version. + */ + public function getVersion(): int + { + return $this->getSigned()['version']; + } + + /** + * Get the expires date string. + * + * @return string + * The date string. + */ + public function getExpires(): string + { + return $this->getSigned()['expires']; + } + + /** + * Get signatures. + * + * @return array + * The "signatures" section of the data. + */ + public function getSignatures(): array + { + return (new DeepCopy)->copy($this->metadata['signatures']); + } + + /** + * Get the metadata type. + * + * @return string + * The type. + */ + public function getType(): string + { + return $this->getSigned()['_type']; + } + + /** + * Gets the role for the metadata. + * + * @return string + * The type. + */ + public function getRole(): string + { + // For most metadata types the 'type' and the 'role' are the same. + // Metadata types that need to specify a different role should override + // this method. + return $this->getType(); + } + + /** + * Sets the metadata as trusted. + * + * @return void + */ + public function trust(): void + { + $this->isTrusted = true; + } + + /** + * Ensures that the metadata is trusted or the caller explicitly expects untrusted metadata. + * + * @param boolean $allowUntrustedAccess + * Whether this method should access even if the metadata is not trusted. + * + * @return void + */ + public function ensureIsTrusted(bool $allowUntrustedAccess = false): void + { + if (!$allowUntrustedAccess && !$this->isTrusted) + { + throw new \RuntimeException("Cannot use untrusted '{$this->getRole()}'. metadata."); + } + } +} diff --git a/libraries/src/TUF/src/Metadata/RootMetadata.php b/libraries/src/TUF/src/Metadata/RootMetadata.php new file mode 100644 index 00000000000..9558f23060f --- /dev/null +++ b/libraries/src/TUF/src/Metadata/RootMetadata.php @@ -0,0 +1,100 @@ + 1]), + new All([ + static::getKeyConstraints(), + ]), + ]); + $roleConstraints = static::getRoleConstraints(); + $options['fields']['roles'] = new Collection([ + 'targets' => new Required($roleConstraints), + 'timestamp' => new Required($roleConstraints), + 'snapshot' => new Required($roleConstraints), + 'root' => new Required($roleConstraints), + 'mirror' => new Optional($roleConstraints), + ]); + $options['fields']['consistent_snapshot'] = new Required([ + new Type('boolean'), + new EqualTo(true), + ]); + return $options; + } + + /** + * Gets the roles from the metadata. + * + * @param boolean $allowUntrustedAccess + * Whether this method should access even if the metadata is not trusted. + * + * @return \Tuf\Role[] + * The roles. + */ + public function getRoles(bool $allowUntrustedAccess = false): array + { + $this->ensureIsTrusted($allowUntrustedAccess); + $roles = []; + foreach ($this->getSigned()['roles'] as $roleName => $roleInfo) { + $roles[$roleName] = Role::createFromMetadata($roleInfo, $roleName); + } + return $roles; + } + + /** + * Gets the keys for the root metadata. + * + * @param boolean $allowUntrustedAccess + * Whether this method should access even if the metadata is not trusted. + * + * @return \Tuf\Key[] + * The keys for the metadata. + */ + public function getKeys(bool $allowUntrustedAccess = false): array + { + $this->ensureIsTrusted($allowUntrustedAccess); + $keys = []; + foreach ($this->getSigned()['keys'] as $keyId => $keyInfo) { + $keys[$keyId] = Key::createFromMetadata($keyInfo); + } + return $keys; + } + + /** + * Determines whether consistent snapshots are supported. + * + * @return boolean + * Whether consistent snapshots are supported. + */ + public function supportsConsistentSnapshots(): bool + { + $this->ensureIsTrusted(); + return $this->getSigned()['consistent_snapshot']; + } +} diff --git a/libraries/src/TUF/src/Metadata/SnapshotMetadata.php b/libraries/src/TUF/src/Metadata/SnapshotMetadata.php new file mode 100644 index 00000000000..7978a3afb30 --- /dev/null +++ b/libraries/src/TUF/src/Metadata/SnapshotMetadata.php @@ -0,0 +1,72 @@ + 1]), + new All( + [ + new Collection( + [ + 'fields' => static::getSnapshotMetaConstraints(), + 'allowExtraFields' => true, + ] + ), + ] + ), + ] + ); + + return $options; + } + + /** + * Returns the fields required or optional for a snapshot meta file + * + * @return array + */ + private static function getSnapshotMetaConstraints() + { + return [ + 'version' => [ + new Type(['type' => 'integer']), + new GreaterThanOrEqual(1), + ], + new Optional( + [ + new Collection( + [ + 'length' => [ + new Type(['type' => 'integer']), + new GreaterThanOrEqual(1), + ], + ] + static::getHashesConstraints() + ), + ] + ), + ]; + } +} diff --git a/libraries/src/TUF/src/Metadata/TargetsMetadata.php b/libraries/src/TUF/src/Metadata/TargetsMetadata.php new file mode 100644 index 00000000000..dec63edf377 --- /dev/null +++ b/libraries/src/TUF/src/Metadata/TargetsMetadata.php @@ -0,0 +1,209 @@ +role = $roleName; + return $newMetadata; + } + + /** + * {@inheritdoc} + */ + protected static function getSignedCollectionOptions(): array + { + $options = parent::getSignedCollectionOptions(); + $options['fields']['delegations'] = new Optional([ + new Collection([ + 'keys' => new Required([ + new Type('\ArrayObject'), + new All([ + static::getKeyConstraints(), + ]), + ]), + 'roles' => new All([ + new Type('\ArrayObject'), + new TufCollection([ + 'fields' => [ + 'name' => [ + new NotBlank(), + new Type(['type' => 'string']), + ], + 'paths' => [ + new Type(['type' => 'array']), + new All([ + new Type(['type' => 'string']), + new NotBlank(), + ]), + ], + 'terminating' => [ + new Type(['type' => 'boolean']), + ], + ] + static::getKeyidsConstraints() + static::getThresholdConstraints(), + // @todo Support 'path_hash_prefixes' in + // https://github.com/php-tuf/php-tuf/issues/191 + 'unsupportedFields' => ['path_hash_prefixes'], + ]), + ]), + ]), + ]); + $options['fields']['targets'] = new Required([ + new All([ + new Collection([ + 'length' => [ + new Type(['type' => 'integer']), + new GreaterThanOrEqual(1), + ], + 'custom' => new Optional([ + new Type('\ArrayObject'), + ]), + ] + static::getHashesConstraints()), + ]), + + ]); + return $options; + } + + /** + * Returns the length, in bytes, of a specific target. + * + * @param string $target + * The target path. + * + * @return integer + * The length (size) of the target, in bytes. + */ + public function getLength(string $target): int + { + return $this->getInfo($target)['length']; + } + + /** + * {@inheritdoc} + */ + public function getRole(): string + { + return $this->role ?? $this->getType(); + } + + /** + * Returns the known hashes for a specific target. + * + * @param string $target + * The target path. + * + * @return \ArrayObject + * The known hashes for the object. The keys are the hash algorithm (e.g. + * 'sha256') and the values are the hash digest. + */ + public function getHashes(string $target): \ArrayObject + { + return $this->getInfo($target)['hashes']; + } + + /** + * Determines if a target is specified in the current metadata. + * + * @param string $target + * The target path. + * + * @return bool + * True if the target is specified, or false otherwise. + */ + public function hasTarget(string $target): bool + { + try { + $this->getInfo($target); + return true; + } catch (NotFoundException $exception) { + return false; + } + } + + /** + * Gets info about a specific target. + * + * @param string $target + * The target path. + * + * @return \ArrayObject + * The target's info. + * + * @throws \Tuf\Exception\NotFoundException + * Thrown if the target is not mentioned in this metadata. + */ + protected function getInfo(string $target): \ArrayObject + { + $signed = $this->getSigned(); + if (isset($signed['targets'][$target])) { + return $signed['targets'][$target]; + } + throw new NotFoundException($target, 'Target'); + } + + /** + * Gets the delegated keys if any. + * + * @return \Tuf\Key[] + * The delegated keys. + */ + public function getDelegatedKeys(): array + { + $keys = []; + foreach ($this->getSigned()['delegations']['keys'] as $keyId => $keyInfo) { + $keys[$keyId] = Key::createFromMetadata($keyInfo); + } + return $keys; + } + + /** + * Gets the delegated roles if any. + * + * @return \Tuf\DelegatedRole[] + * The delegated roles. + */ + public function getDelegatedRoles(): array + { + $roles = []; + foreach ($this->getSigned()['delegations']['roles'] as $roleInfo) { + $role = DelegatedRole::createFromMetadata($roleInfo); + $roles[$role->getName()] = $role; + } + return $roles; + } +} diff --git a/libraries/src/TUF/src/Metadata/TimestampMetadata.php b/libraries/src/TUF/src/Metadata/TimestampMetadata.php new file mode 100644 index 00000000000..7325d78c9db --- /dev/null +++ b/libraries/src/TUF/src/Metadata/TimestampMetadata.php @@ -0,0 +1,39 @@ + 1]), + new All([ + new Collection([ + 'length' => [ + new Type(['type' => 'integer']), + new GreaterThanOrEqual(1), + ], + ] + static::getHashesConstraints() + static::getVersionConstraints()), + ]), + ]); + return $options; + } +} diff --git a/libraries/src/TUF/src/Metadata/Verifier/FileInfoVerifier.php b/libraries/src/TUF/src/Metadata/Verifier/FileInfoVerifier.php new file mode 100644 index 00000000000..db0f3e36ab3 --- /dev/null +++ b/libraries/src/TUF/src/Metadata/Verifier/FileInfoVerifier.php @@ -0,0 +1,48 @@ +trustedMetadata->getSigned()['meta']; + $type = $this->trustedMetadata->getType(); + foreach ($localMetaFileInfos as $fileName => $localFileInfo) { + /** @var \Tuf\Metadata\SnapshotMetadata|\Tuf\Metadata\TimestampMetadata $untrustedMetadata */ + if ($remoteFileInfo = $untrustedMetadata->getFileMetaInfo($fileName, true)) { + if ($remoteFileInfo['version'] < $localFileInfo['version']) { + $message = "Remote $type metadata file '$fileName' version \"${$remoteFileInfo['version']}\" " . + "is less than previously seen version \"${$localFileInfo['version']}\""; + throw new RollbackAttackException($message); + } + } + } + } +} diff --git a/libraries/src/TUF/src/Metadata/Verifier/RootVerifier.php b/libraries/src/TUF/src/Metadata/Verifier/RootVerifier.php new file mode 100644 index 00000000000..b4201bb1f25 --- /dev/null +++ b/libraries/src/TUF/src/Metadata/Verifier/RootVerifier.php @@ -0,0 +1,63 @@ +signatureVerifier->checkSignatures($untrustedMetadata); + $this->signatureVerifier = SignatureVerifier::createFromRootMetadata($untrustedMetadata, true); + $this->signatureVerifier->checkSignatures($untrustedMetadata); + // § 5.3.5 + $this->checkRollbackAttack($untrustedMetadata); + } + + /** + * {@inheritDoc} + */ + protected function checkRollbackAttack(MetadataBase $untrustedMetadata): void + { + $expectedUntrustedVersion = $this->trustedMetadata->getVersion() + 1; + $untrustedVersion = $untrustedMetadata->getVersion(); + if ($expectedUntrustedVersion && ($untrustedMetadata->getVersion() !== $expectedUntrustedVersion)) { + throw new RollbackAttackException("Remote 'root' metadata version \"$$untrustedVersion\" " . + "does not the expected version \"$$expectedUntrustedVersion\""); + } + parent::checkRollbackAttack($untrustedMetadata); + } + + /** + * {@inheritdoc} + * + * Overridden to make public. + * + * After attempting to update the root metadata, the new or non-updated metadata must be checked + * for a freeze attack. We cannot check for a freeze attack in ::verify() because when the client + * is many root files behind, only the last version to be downloaded needs to be checked for a + * freeze attack. + */ + public static function checkFreezeAttack(MetadataBase $metadata, \DateTimeImmutable $expiration): void + { + parent::checkFreezeAttack($metadata, $expiration); + } +} diff --git a/libraries/src/TUF/src/Metadata/Verifier/SnapshotVerifier.php b/libraries/src/TUF/src/Metadata/Verifier/SnapshotVerifier.php new file mode 100644 index 00000000000..7f0f7a023e5 --- /dev/null +++ b/libraries/src/TUF/src/Metadata/Verifier/SnapshotVerifier.php @@ -0,0 +1,79 @@ +setTrustedAuthority($timestampMetadata); + } + + /** + * {@inheritdoc} + */ + public function verify(MetadataBase $untrustedMetadata): void + { + // § 5.5.2 + $this->checkAgainstHashesFromTrustedAuthority($untrustedMetadata); + + // § 5.5.3 + $this->signatureVerifier->checkSignatures($untrustedMetadata); + + // § 5.5.4 + $this->checkAgainstVersionFromTrustedAuthority($untrustedMetadata); + + // If the timestamp or snapshot keys were rotating then the snapshot file + // will not exist. + if ($this->trustedMetadata) { + // § 5.5.5 + $this->checkRollbackAttack($untrustedMetadata); + } + + // § 5.5.6 + static::checkFreezeAttack($untrustedMetadata, $this->metadataExpiration); + } + + /** + * {@inheritdoc} + */ + protected function checkRollbackAttack(MetadataBase $untrustedMetadata): void + { + // TUF-SPEC-v1.0.16 Section 5.4.4 + /** @var TimestampMetadata $untrustedMetadata */ + $this->checkFileInfoVersions($untrustedMetadata); + $localMetaFileInfos = $this->trustedMetadata->getSigned()['meta']; + foreach ($localMetaFileInfos as $fileName => $localFileInfo) { + /** @var \Tuf\Metadata\SnapshotMetadata|\Tuf\Metadata\TimestampMetadata $untrustedMetadata */ + if (!$untrustedMetadata->getFileMetaInfo($fileName, true)) { + // § 5.5.5 + // Any targets metadata filename that was listed in the trusted snapshot metadata file, if any, MUST + // continue to be listed in the new snapshot metadata file. + throw new RollbackAttackException("Remote snapshot metadata file references '$fileName' but this is not present in the remote file"); + } + } + } +} diff --git a/libraries/src/TUF/src/Metadata/Verifier/TargetsVerifier.php b/libraries/src/TUF/src/Metadata/Verifier/TargetsVerifier.php new file mode 100644 index 00000000000..bcdfa021dc0 --- /dev/null +++ b/libraries/src/TUF/src/Metadata/Verifier/TargetsVerifier.php @@ -0,0 +1,51 @@ +setTrustedAuthority($snapshotMetadata); + } + + /** + * {@inheritdoc} + */ + public function verify(MetadataBase $untrustedMetadata): void + { + // § 5.6.2 + $this->checkAgainstHashesFromTrustedAuthority($untrustedMetadata); + + // § 5.6.3 + $this->signatureVerifier->checkSignatures($untrustedMetadata); + + // § 5.6.4 + $this->checkAgainstVersionFromTrustedAuthority($untrustedMetadata); + + // § 5.6.5 + static::checkFreezeAttack($untrustedMetadata, $this->metadataExpiration); + } +} diff --git a/libraries/src/TUF/src/Metadata/Verifier/TimestampVerifier.php b/libraries/src/TUF/src/Metadata/Verifier/TimestampVerifier.php new file mode 100644 index 00000000000..8d28459bbd8 --- /dev/null +++ b/libraries/src/TUF/src/Metadata/Verifier/TimestampVerifier.php @@ -0,0 +1,40 @@ +signatureVerifier->checkSignatures($untrustedMetadata); + // If the timestamp or snapshot keys were rotating then the timestamp file + // will not exist. + if ($this->trustedMetadata) { + // § 5.4.3 + $this->checkRollbackAttack($untrustedMetadata); + } + // § 5.4.4 + static::checkFreezeAttack($untrustedMetadata, $this->metadataExpiration); + } + + /** + * {@inheritdoc} + */ + protected function checkRollbackAttack(MetadataBase $untrustedMetadata): void + { + // § 5.3.2.1 + parent::checkRollbackAttack($untrustedMetadata); + // § 5.3.2.2 + /** @var \Tuf\Metadata\SnapshotMetadata $untrustedMetadata */ + $this->checkFileInfoVersions($untrustedMetadata); + } +} diff --git a/libraries/src/TUF/src/Metadata/Verifier/TrustedAuthorityTrait.php b/libraries/src/TUF/src/Metadata/Verifier/TrustedAuthorityTrait.php new file mode 100644 index 00000000000..6456244f063 --- /dev/null +++ b/libraries/src/TUF/src/Metadata/Verifier/TrustedAuthorityTrait.php @@ -0,0 +1,78 @@ +ensureIsTrusted(); + $this->authority = $authority; + } + + /** + * Verifies the hashes of untrusted metadata against hashes in the trusted metadata. + * + * @param \Tuf\Metadata\MetadataBase $untrustedMetadata + * The untrusted metadata. + * + * @throws \Tuf\Exception\MetadataException + * Thrown if the new metadata object cannot be verified. + * + * @return void + */ + protected function checkAgainstHashesFromTrustedAuthority(MetadataBase $untrustedMetadata): void + { + $role = $untrustedMetadata->getRole(); + $fileInfo = $this->authority->getFileMetaInfo($role . '.json'); + if (isset($fileInfo['hashes'])) { + foreach ($fileInfo['hashes'] as $algo => $hash) { + if ($hash !== hash($algo, $untrustedMetadata->getSource())) { + /** @var \Tuf\Metadata\MetadataBase $authorityMetadata */ + throw new MetadataException("The '{$role}' contents does not match hash '$algo' specified in the '{$this->authority->getType()}' metadata."); + } + } + } + } + + /** + * Verifies the version of untrusted metadata against the version in trusted metadata. + * + * @param \Tuf\Metadata\MetadataBase $untrustedMetadata + * The untrusted metadata. + * + * @throws \Tuf\Exception\MetadataException + * Thrown if the new metadata object cannot be verified. + * + * @return void + */ + protected function checkAgainstVersionFromTrustedAuthority(MetadataBase $untrustedMetadata): void + { + $role = $untrustedMetadata->getRole(); + $fileInfo = $this->authority->getFileMetaInfo($role . '.json'); + $expectedVersion = $fileInfo['version']; + if ($expectedVersion !== $untrustedMetadata->getVersion()) { + throw new MetadataException("Expected {$role} version {$expectedVersion} does not match actual version {$untrustedMetadata->getVersion()}."); + } + } +} diff --git a/libraries/src/TUF/src/Metadata/Verifier/UniversalVerifier.php b/libraries/src/TUF/src/Metadata/Verifier/UniversalVerifier.php new file mode 100644 index 00000000000..085530c937a --- /dev/null +++ b/libraries/src/TUF/src/Metadata/Verifier/UniversalVerifier.php @@ -0,0 +1,92 @@ +metadataFactory = $metadataFactory; + $this->signatureVerifier = $signatureVerifier; + $this->metadataExpiration = $metadataExpiration; + } + + /** + * Verifies an untrusted metadata object for a role. + * + * @param string $role + * The metadata role (e.g. 'root', 'targets', etc.) + * @param \Tuf\Metadata\MetadataBase $untrustedMetadata + * The untrusted metadata object. + * + * @throws \Tuf\Exception\Attack\FreezeAttackException + * @throws \Tuf\Exception\Attack\RollbackAttackException + * @throws \Tuf\Exception\Attack\InvalidHashException + * @throws \Tuf\Exception\Attack\SignatureThresholdException + */ + public function verify(string $role, MetadataBase $untrustedMetadata): void + { + $trustedMetadata = $this->metadataFactory->load($role); + switch ($role) { + case RootMetadata::TYPE: + $verifier = new RootVerifier($this->signatureVerifier, $this->metadataExpiration, $trustedMetadata); + break; + case SnapshotMetadata::TYPE: + /** @var \Tuf\Metadata\TimestampMetadata $timestampMetadata */ + $timestampMetadata = $this->metadataFactory->load(TimestampMetadata::TYPE); + $verifier = new SnapshotVerifier($this->signatureVerifier, $this->metadataExpiration, $trustedMetadata, $timestampMetadata); + break; + case TimestampMetadata::TYPE: + $verifier = new TimestampVerifier($this->signatureVerifier, $this->metadataExpiration, $trustedMetadata); + break; + default: + /** @var \Tuf\Metadata\SnapshotMetadata $snapshotMetadata */ + $snapshotMetadata = $this->metadataFactory->load(SnapshotMetadata::TYPE); + $verifier = new TargetsVerifier($this->signatureVerifier, $this->metadataExpiration, $trustedMetadata, $snapshotMetadata); + } + $verifier->verify($untrustedMetadata); + // If the verifier didn't throw an exception, we can trust this metadata. + $untrustedMetadata->trust(); + } +} diff --git a/libraries/src/TUF/src/Metadata/Verifier/VerifierBase.php b/libraries/src/TUF/src/Metadata/Verifier/VerifierBase.php new file mode 100644 index 00000000000..6c571e2eb21 --- /dev/null +++ b/libraries/src/TUF/src/Metadata/Verifier/VerifierBase.php @@ -0,0 +1,140 @@ +signatureVerifier = $signatureVerifier; + $this->metadataExpiration = $metadataExpiration; + if ($trustedMetadata) { + $trustedMetadata->ensureIsTrusted(); + } + $this->trustedMetadata = $trustedMetadata; + } + + /** + * Verify metadata according to the specification. + * + * @param \Tuf\Metadata\MetadataBase $untrustedMetadata + * The untrusted metadata to verify. + * + * @throws \Tuf\Exception\Attack\FreezeAttackException + * @throws \Tuf\Exception\Attack\RollbackAttackException + * @throws \Tuf\Exception\Attack\InvalidHashException + * @throws \Tuf\Exception\Attack\SignatureThresholdException + */ + abstract public function verify(MetadataBase $untrustedMetadata): void; + + /** + * Checks for a rollback attack. + * + * Verifies that an incoming remote version of a metadata file is greater + * than or equal to the last known version. + * + * @param \Tuf\Metadata\MetadataBase $untrustedMetadata + * The untrusted metadata. + * + * @return void + * + * @throws \Tuf\Exception\Attack\RollbackAttackException + * Thrown if a potential rollback attack is detected. + */ + protected function checkRollbackAttack(MetadataBase $untrustedMetadata): void + { + $type = $this->trustedMetadata->getType(); + $remoteVersion = $untrustedMetadata->getVersion(); + $localVersion = $this->trustedMetadata->getVersion(); + if ($remoteVersion < $localVersion) { + $message = "Remote $type metadata version \"$$remoteVersion\" " . + "is less than previously seen $type version \"$$localVersion\""; + throw new RollbackAttackException($message); + } + } + + /** + * Checks for a freeze attack. + * + * Verifies that metadata has not expired, and assumes a potential freeze + * attack if it has. + * + * @param \Tuf\Metadata\MetadataBase $metadata + * The metadata to check. + * @param \DateTimeImmutable $expiration + * The metadata expiration. + * + * @return void + * + * @throws \Tuf\Exception\Attack\FreezeAttackException Thrown if a potential freeze attack is detected. + */ + protected static function checkFreezeAttack(MetadataBase $metadata, \DateTimeImmutable $expiration): void + { + $metadataExpiration = static::metadataTimestampToDatetime($metadata->getExpires()); + if ($metadataExpiration < $expiration) { + $format = "Remote %s metadata expired on %s"; + throw new FreezeAttackException(sprintf($format, $metadata->getRole(), $metadataExpiration->format('c'))); + } + } + + /** + * Converts a metadata timestamp string into an immutable DateTime object. + * + * @param string $timestamp + * The timestamp string in the metadata. + * + * @return \DateTimeImmutable + * An immutable DateTime object for the given timestamp. + * + * @throws FormatException + * Thrown if the timestamp string format is not valid. + */ + protected static function metadataTimestampToDateTime(string $timestamp): \DateTimeImmutable + { + $dateTime = \DateTimeImmutable::createFromFormat("Y-m-d\TH:i:sT", $timestamp); + if ($dateTime === false) { + throw new FormatException($timestamp, "Could not be interpreted as a DateTime"); + } + return $dateTime; + } +} diff --git a/libraries/src/TUF/src/Role.php b/libraries/src/TUF/src/Role.php new file mode 100644 index 00000000000..91d2e4f5297 --- /dev/null +++ b/libraries/src/TUF/src/Role.php @@ -0,0 +1,122 @@ +name = $name; + $this->threshold = $threshold; + $this->keyIds = $keyIds; + } + + /** + * Creates a role object from TUF metadata. + * + * @param \ArrayObject $roleInfo + * The role information from TUF metadata. + * @param string $name + * The name of the role. + * + * @return static + * + * @see https://theupdateframework.github.io/specification/v1.0.18#document-formats + */ + public static function createFromMetadata(\ArrayObject $roleInfo, string $name): Role + { + self::validate($roleInfo, static::getRoleConstraints()); + return new static( + $name, + $roleInfo['threshold'], + $roleInfo['keyids'] + ); + } + + /** + * Checks if this role's key IDs match another role's. + * + * @param \Tuf\Role $other + * + * @return bool + */ + public function keysMatch(Role $other): bool + { + return $this->keyIds === $other->keyIds; + } + + /** + * Gets the role name. + * + * @return string + */ + public function getName(): string + { + return $this->name; + } + + /** + * Gets the threshold required. + * + * @return int + * The threshold number of signatures required for the role. + */ + public function getThreshold(): int + { + return $this->threshold; + } + + + /** + * Checks whether the given key is authorized for the role. + * + * @param string $keyId + * The key ID to check. + * + * @return boolean + * TRUE if the key is authorized for the given role, or FALSE + * otherwise. + */ + public function isKeyIdAcceptable(string $keyId): bool + { + return in_array($keyId, $this->keyIds, true); + } +} diff --git a/libraries/src/TUF/src/RoleDB.php b/libraries/src/TUF/src/RoleDB.php new file mode 100644 index 00000000000..9f06b059773 --- /dev/null +++ b/libraries/src/TUF/src/RoleDB.php @@ -0,0 +1,116 @@ +getRoles($allowUntrustedAccess) as $roleName => $roleInfo) { + $db->addRole($roleInfo); + } + + return $db; + } + + /** + * Constructs a new RoleDB object. + */ + public function __construct() + { + $this->roles = []; + } + + /** + * Adds role metadata to the database. + * + * @param string $roleName + * The role name. + * @param \Tuf\Role $role + * The role to add. + * + * @return void + * + * @throws \Exception Thrown if the role already exists. + */ + public function addRole(Role $role): void + { + if ($this->roleExists($role->getName())) { + throw new RoleExistsException('Role already exists: ' . $role->getName()); + } + + $this->roles[$role->getName()] = $role; + } + + /** + * Verifies whether a given role name is stored in the role database. + * + * @param string $roleName + * The role name. + * + * @return boolean + * True if the role is found in the role database; false otherwise. + */ + public function roleExists(string $roleName): bool + { + return !empty($this->roles[$roleName]); + } + + /** + * Gets the role information. + * + * @param string $roleName + * The role name. + * + * @return \Tuf\Role + * The role. + * + * @throws \Tuf\Exception\NotFoundException + * Thrown if the role does not exist. + * + * @see https://theupdateframework.github.io/specification/v1.0.18#document-formats + */ + public function getRole(string $roleName): Role + { + if (! $this->roleExists($roleName)) { + throw new NotFoundException($roleName, 'role'); + } + + /** @var \Tuf\Role $role */ + $role = $this->roles[$roleName]; + return $role; + } +} diff --git a/libraries/src/Table/Tuf.php b/libraries/src/Table/Tuf.php new file mode 100644 index 00000000000..0d4b7f9d178 --- /dev/null +++ b/libraries/src/Table/Tuf.php @@ -0,0 +1,31 @@ + + * @license GNU General Public License version 2 or later; see LICENSE.txt + */ + +namespace Joomla\CMS\Table; + +\defined('JPATH_PLATFORM') or die; + +/** + * TUF map table + * + * @since __DEPLOY_VERSION__ + */ +class Tuf extends Table +{ + /** + * Constructor + * + * @param \Joomla\Database\DatabaseDriver $db A database connector object + * + * @since __DEPLOY_VERSION__ + */ + public function __construct($db) + { + parent::__construct('#__tuf_metadata', 'id', $db); + } +} From 0a3f0b4f3cace860535ac7063f41566b07fe32f9 Mon Sep 17 00:00:00 2001 From: Magnus Singer Date: Wed, 23 Mar 2022 23:22:36 +0100 Subject: [PATCH 12/56] remove php-tuf library --- libraries/src/TUF/TufValidation.php | 3 - .../DurableStorageAccessValidator.php | 97 --- .../src/Client/DurableStorage/FileStorage.php | 82 --- .../src/TUF/src/Client/GuzzleFileFetcher.php | 172 ----- .../src/Client/RepoFileFetcherInterface.php | 56 -- .../src/TUF/src/Client/ResponseStream.php | 166 ----- .../src/TUF/src/Client/SignatureVerifier.php | 153 ----- libraries/src/TUF/src/Client/Updater.php | 600 ------------------ .../src/TUF/src/Constraints/Collection.php | 17 - .../src/Constraints/CollectionValidator.php | 30 - libraries/src/TUF/src/DelegatedRole.php | 96 --- .../src/Exception/Attack/AttackException.php | 15 - .../Attack/DenialOfServiceAttackException.php | 10 - .../Attack/FreezeAttackException.php | 10 - .../Exception/Attack/InvalidHashException.php | 63 -- .../Attack/RollbackAttackException.php | 10 - .../Attack/SignatureThresholdException.php | 10 - .../src/Exception/DownloadSizeException.php | 11 - .../src/TUF/src/Exception/FormatException.php | 30 - .../TUF/src/Exception/InvalidKeyException.php | 10 - .../TUF/src/Exception/MetadataException.php | 12 - .../TUF/src/Exception/NotFoundException.php | 32 - .../TUF/src/Exception/RepoFileNotFound.php | 11 - .../TUF/src/Exception/RoleExistsException.php | 10 - .../src/TUF/src/Exception/TufException.php | 10 - libraries/src/TUF/src/Helper/Clock.php | 22 - libraries/src/TUF/src/JsonNormalizer.php | 118 ---- libraries/src/TUF/src/Key.php | 131 ---- libraries/src/TUF/src/KeyDB.php | 125 ---- .../src/TUF/src/Metadata/ConstraintsTrait.php | 173 ----- libraries/src/TUF/src/Metadata/Factory.php | 71 --- .../TUF/src/Metadata/FileInfoMetadataBase.php | 27 - .../src/TUF/src/Metadata/MetadataBase.php | 255 -------- .../src/TUF/src/Metadata/RootMetadata.php | 100 --- .../src/TUF/src/Metadata/SnapshotMetadata.php | 72 --- .../src/TUF/src/Metadata/TargetsMetadata.php | 209 ------ .../TUF/src/Metadata/TimestampMetadata.php | 39 -- .../Metadata/Verifier/FileInfoVerifier.php | 48 -- .../src/Metadata/Verifier/RootVerifier.php | 63 -- .../Metadata/Verifier/SnapshotVerifier.php | 79 --- .../src/Metadata/Verifier/TargetsVerifier.php | 51 -- .../Metadata/Verifier/TimestampVerifier.php | 40 -- .../Verifier/TrustedAuthorityTrait.php | 78 --- .../Metadata/Verifier/UniversalVerifier.php | 92 --- .../src/Metadata/Verifier/VerifierBase.php | 140 ---- libraries/src/TUF/src/Role.php | 122 ---- libraries/src/TUF/src/RoleDB.php | 116 ---- 47 files changed, 3887 deletions(-) delete mode 100644 libraries/src/TUF/src/Client/DurableStorage/DurableStorageAccessValidator.php delete mode 100644 libraries/src/TUF/src/Client/DurableStorage/FileStorage.php delete mode 100644 libraries/src/TUF/src/Client/GuzzleFileFetcher.php delete mode 100644 libraries/src/TUF/src/Client/RepoFileFetcherInterface.php delete mode 100644 libraries/src/TUF/src/Client/ResponseStream.php delete mode 100644 libraries/src/TUF/src/Client/SignatureVerifier.php delete mode 100644 libraries/src/TUF/src/Client/Updater.php delete mode 100644 libraries/src/TUF/src/Constraints/Collection.php delete mode 100644 libraries/src/TUF/src/Constraints/CollectionValidator.php delete mode 100644 libraries/src/TUF/src/DelegatedRole.php delete mode 100644 libraries/src/TUF/src/Exception/Attack/AttackException.php delete mode 100644 libraries/src/TUF/src/Exception/Attack/DenialOfServiceAttackException.php delete mode 100644 libraries/src/TUF/src/Exception/Attack/FreezeAttackException.php delete mode 100644 libraries/src/TUF/src/Exception/Attack/InvalidHashException.php delete mode 100644 libraries/src/TUF/src/Exception/Attack/RollbackAttackException.php delete mode 100644 libraries/src/TUF/src/Exception/Attack/SignatureThresholdException.php delete mode 100644 libraries/src/TUF/src/Exception/DownloadSizeException.php delete mode 100644 libraries/src/TUF/src/Exception/FormatException.php delete mode 100644 libraries/src/TUF/src/Exception/InvalidKeyException.php delete mode 100644 libraries/src/TUF/src/Exception/MetadataException.php delete mode 100644 libraries/src/TUF/src/Exception/NotFoundException.php delete mode 100644 libraries/src/TUF/src/Exception/RepoFileNotFound.php delete mode 100644 libraries/src/TUF/src/Exception/RoleExistsException.php delete mode 100644 libraries/src/TUF/src/Exception/TufException.php delete mode 100644 libraries/src/TUF/src/Helper/Clock.php delete mode 100644 libraries/src/TUF/src/JsonNormalizer.php delete mode 100644 libraries/src/TUF/src/Key.php delete mode 100644 libraries/src/TUF/src/KeyDB.php delete mode 100644 libraries/src/TUF/src/Metadata/ConstraintsTrait.php delete mode 100644 libraries/src/TUF/src/Metadata/Factory.php delete mode 100644 libraries/src/TUF/src/Metadata/FileInfoMetadataBase.php delete mode 100644 libraries/src/TUF/src/Metadata/MetadataBase.php delete mode 100644 libraries/src/TUF/src/Metadata/RootMetadata.php delete mode 100644 libraries/src/TUF/src/Metadata/SnapshotMetadata.php delete mode 100644 libraries/src/TUF/src/Metadata/TargetsMetadata.php delete mode 100644 libraries/src/TUF/src/Metadata/TimestampMetadata.php delete mode 100644 libraries/src/TUF/src/Metadata/Verifier/FileInfoVerifier.php delete mode 100644 libraries/src/TUF/src/Metadata/Verifier/RootVerifier.php delete mode 100644 libraries/src/TUF/src/Metadata/Verifier/SnapshotVerifier.php delete mode 100644 libraries/src/TUF/src/Metadata/Verifier/TargetsVerifier.php delete mode 100644 libraries/src/TUF/src/Metadata/Verifier/TimestampVerifier.php delete mode 100644 libraries/src/TUF/src/Metadata/Verifier/TrustedAuthorityTrait.php delete mode 100644 libraries/src/TUF/src/Metadata/Verifier/UniversalVerifier.php delete mode 100644 libraries/src/TUF/src/Metadata/Verifier/VerifierBase.php delete mode 100644 libraries/src/TUF/src/Role.php delete mode 100644 libraries/src/TUF/src/RoleDB.php diff --git a/libraries/src/TUF/TufValidation.php b/libraries/src/TUF/TufValidation.php index 73c9a595bbb..521d11561f8 100644 --- a/libraries/src/TUF/TufValidation.php +++ b/libraries/src/TUF/TufValidation.php @@ -8,7 +8,6 @@ namespace Joomla\CMS\TUF; -use JLoader; use Joomla\CMS\Factory; use Joomla\Database\DatabaseDriver; use Joomla\Database\ParameterType; @@ -23,8 +22,6 @@ use Tuf\Exception\MetadataException; use Tuf\JsonNormalizer; -JLoader::registerNamespace('Tuf', JPATH_ROOT . '/libraries/src/TUF/src'); - \defined('JPATH_PLATFORM') or die; /** diff --git a/libraries/src/TUF/src/Client/DurableStorage/DurableStorageAccessValidator.php b/libraries/src/TUF/src/Client/DurableStorage/DurableStorageAccessValidator.php deleted file mode 100644 index 50da999d9cc..00000000000 --- a/libraries/src/TUF/src/Client/DurableStorage/DurableStorageAccessValidator.php +++ /dev/null @@ -1,97 +0,0 @@ -backend = $backend; - } - - /** - * Verifies that a given offset is valid. - * - * This is meant as a security measure to reduce the likelihood of - * undesired storage behavior. For example, a filesystem storage can't be - * tricked into executing in a different directory. - * - * @param mixed $offset - * The ArrayAccess offset. - * - * @return void - * - * @throws \OutOfBoundsException - * Thrown if the offset is not a string, or if it is not a valid - * filename (characters other than alphanumeric characters, periods, - * underscores, or hyphens). - */ - protected function throwIfInvalidOffset($offset): void - { - //if (! is_string($offset) || !preg_match("|^[\w._-]+$|", $offset)) { - if (! is_string($offset)) { - throw new \OutOfBoundsException("Array offset '$offset' is not a valid durable storage key."); - } - } - - /** - * {@inheritdoc} - */ - public function offsetExists($offset) - { - $this->throwIfInvalidOffset($offset); - return $this->backend->offsetExists($offset); - } - - /** - * {@inheritdoc} - */ - public function offsetGet($offset) - { - $this->throwIfInvalidOffset($offset); - return $this->backend->offsetGet($offset); - } - - /** - * {@inheritdoc} - */ - public function offsetSet($offset, $value) - { - $this->throwIfInvalidOffset($offset); - // @todo Consider enforcing an application-configurable maximum length - // here. https://github.com/php-tuf/php-tuf/issues/27 - if (! is_string($value)) { - $format = "Cannot store %s at offset $offset: only strings are allowed in durable storage."; - throw new \UnexpectedValueException(sprintf($format, gettype($value))); - } - $this->backend->offsetSet($offset, $value); - } - - /** - * {@inheritdoc} - */ - public function offsetUnset($offset) - { - $this->throwIfInvalidOffset($offset); - $this->backend->offsetUnset($offset); - } -} diff --git a/libraries/src/TUF/src/Client/DurableStorage/FileStorage.php b/libraries/src/TUF/src/Client/DurableStorage/FileStorage.php deleted file mode 100644 index 271a5c97094..00000000000 --- a/libraries/src/TUF/src/Client/DurableStorage/FileStorage.php +++ /dev/null @@ -1,82 +0,0 @@ -basePath = $basePath; - } - - /** - * Returns a full path for an item in the storage. - * - * @param mixed $offset - * The ArrayAccess offset for the item. - * - * @return string - * The full path for the item in the storage. - */ - protected function pathWithBasePath($offset): string - { - return $this->basePath . DIRECTORY_SEPARATOR . $offset; - } - - /** - * {@inheritdoc} - */ - public function offsetExists($offset) - { - return file_exists($this->pathWithBasePath($offset)); - } - - /** - * {@inheritdoc} - */ - public function offsetGet($offset) - { - return file_get_contents($this->pathWithBasePath($offset)); - } - - /** - * {@inheritdoc} - */ - public function offsetSet($offset, $value) - { - file_put_contents($this->pathWithBasePath($offset), $value); - } - - /** - * {@inheritdoc} - */ - public function offsetUnset($offset) - { - @unlink($this->pathWithBasePath($offset)); - } -} diff --git a/libraries/src/TUF/src/Client/GuzzleFileFetcher.php b/libraries/src/TUF/src/Client/GuzzleFileFetcher.php deleted file mode 100644 index 163bfb8914b..00000000000 --- a/libraries/src/TUF/src/Client/GuzzleFileFetcher.php +++ /dev/null @@ -1,172 +0,0 @@ -client = $client; - $this->metadataPrefix = $metadataPrefix; - $this->targetsPrefix = $targetsPrefix; - } - - /** - * Creates an instance of this class with a specific base URI. - * - * @param string $baseUri - * The base URI from which to fetch files. - * @param string $metadataPrefix - * (optional) The path prefix for metadata. Defaults to '/metadata/'. - * @param string $targetsPrefix - * (optional) The path prefix for targets. Defaults to '/targets/'. - * - * @return static - * A new instance of this class. - */ - public static function createFromUri(string $baseUri, string $metadataPrefix = '/metadata/', string $targetsPrefix = '/targets/'): self - { - $client = new Client(['base_uri' => $baseUri]); - return new static($client, $metadataPrefix, $targetsPrefix); - } - - /** - * {@inheritDoc} - */ - public function fetchMetadata(string $fileName, int $maxBytes): PromiseInterface - { - return $this->fetchFile($this->metadataPrefix . $fileName, $maxBytes); - } - - /** - * {@inheritDoc} - * - * @param array $options - * (optional) Additional request options to pass to the Guzzle client. - * See \GuzzleHttp\RequestOptions. - * @param string $url - * (optional) An arbitrary URL from which the target should be downloaded. - * If passed, takes precedence over $fileName. - */ - public function fetchTarget(string $fileName, int $maxBytes, array $options = [], string $url = null): PromiseInterface - { - $location = $url ?: $this->targetsPrefix . $fileName; - return $this->fetchFile($location, $maxBytes, $options); - } - - /** - * Fetches a file from a URL. - * - * @param string $url - * The URL of the file to fetch. - * @param integer $maxBytes - * The maximum number of bytes to download. - * @param array $options - * (optional) Additional request options to pass to the Guzzle client. - * See \GuzzleHttp\RequestOptions. - * - * @return \GuzzleHttp\Promise\PromiseInterface - * A promise representing the eventual result of the operation. - */ - protected function fetchFile(string $url, int $maxBytes, array $options = []): PromiseInterface - { - // Create a progress callback to abort the download if it exceeds - // $maxBytes. This will only work with cURL, so we also verify the - // download size when request is finished. - $progress = function (int $expectedBytes, int $downloadedBytes) use ($url, $maxBytes) { - if ($expectedBytes > $maxBytes || $downloadedBytes > $maxBytes) { - throw new DownloadSizeException("$url exceeded $maxBytes bytes"); - } - }; - $options += [RequestOptions::PROGRESS => $progress]; - - return $this->client->requestAsync('GET', $url, $options) - ->then( - function (ResponseInterface $response) { - return new ResponseStream($response); - }, - $this->onRejected($url) - ); - } - - /** - * Creates a callback function for when the promise is rejected. - * - * @param string $fileName - * The file name being fetched from the remote repo. - * - * @return \Closure - * The callback function. - */ - private function onRejected(string $fileName): \Closure - { - return function (\Throwable $e) use ($fileName) { - if ($e instanceof ClientException) { - if ($e->getCode() === 404) { - throw new RepoFileNotFound("$fileName not found", 0, $e); - } else { - // Re-throwing the original exception will blow away the - // backtrace, so wrap the exception in a more generic one to aid - // in debugging. - throw new \RuntimeException($e->getMessage(), $e->getCode(), $e); - } - } - throw $e; - }; - } - - /** - * {@inheritDoc} - */ - public function fetchMetadataIfExists(string $fileName, int $maxBytes): ?string - { - try { - return $this->fetchMetadata($fileName, $maxBytes)->wait(); - } catch (RepoFileNotFound $exception) { - return null; - } - } -} diff --git a/libraries/src/TUF/src/Client/RepoFileFetcherInterface.php b/libraries/src/TUF/src/Client/RepoFileFetcherInterface.php deleted file mode 100644 index e776fb51876..00000000000 --- a/libraries/src/TUF/src/Client/RepoFileFetcherInterface.php +++ /dev/null @@ -1,56 +0,0 @@ -response = $response; - } - - /** - * Returns the response that produced this stream. - * - * @return \Psr\Http\Message\ResponseInterface - * The response. - */ - public function getResponse(): ResponseInterface - { - return $this->response; - } - - /** - * {@inheritDoc} - */ - public function __toString() - { - return $this->getResponse()->getBody()->__toString(); - } - - /** - * {@inheritDoc} - */ - public function close() - { - $this->getResponse()->getBody()->close(); - } - - /** - * {@inheritDoc} - */ - public function detach() - { - return $this->getResponse()->getBody()->detach(); - } - - /** - * {@inheritDoc} - */ - public function getSize() - { - return $this->getResponse()->getBody()->getSize(); - } - - /** - * {@inheritDoc} - */ - public function tell() - { - return $this->getResponse()->getBody()->tell(); - } - - /** - * {@inheritDoc} - */ - public function eof() - { - return $this->getResponse()->getBody()->eof(); - } - - /** - * {@inheritDoc} - */ - public function isSeekable() - { - return $this->getResponse()->getBody()->isSeekable(); - } - - /** - * {@inheritDoc} - */ - public function seek($offset, $whence = SEEK_SET) - { - return $this->getResponse()->getBody()->seek($offset, $whence); - } - - /** - * {@inheritDoc} - */ - public function rewind() - { - return $this->getResponse()->getBody()->rewind(); - } - - /** - * {@inheritDoc} - */ - public function isWritable() - { - return $this->getResponse()->getBody()->isWritable(); - } - - /** - * {@inheritDoc} - */ - public function write($string) - { - return $this->getResponse()->getBody()->write($string); - } - - /** - * {@inheritDoc} - */ - public function isReadable() - { - return $this->getResponse()->getBody()->isReadable(); - } - - /** - * {@inheritDoc} - */ - public function read($length) - { - return $this->getResponse()->getBody()->read($length); - } - - /** - * {@inheritDoc} - */ - public function getContents() - { - return $this->getResponse()->getBody()->getContents(); - } - - /** - * {@inheritDoc} - */ - public function getMetadata($key = null): string - { - return $this->getResponse()->getBody()->getMetadata($key); - } -} diff --git a/libraries/src/TUF/src/Client/SignatureVerifier.php b/libraries/src/TUF/src/Client/SignatureVerifier.php deleted file mode 100644 index 3395498207d..00000000000 --- a/libraries/src/TUF/src/Client/SignatureVerifier.php +++ /dev/null @@ -1,153 +0,0 @@ -roleDb = $roleDb; - $this->keyDb = $keyDb; - } - - /** - * Creates a SignatureVerifier object from a RootMetadata object. - * - * @param RootMetadata $rootMetadata - * @param bool $allowUntrustedAccess - * - * @return static - */ - public static function createFromRootMetadata(RootMetadata $rootMetadata, bool $allowUntrustedAccess = false): self - { - return new static( - RoleDB::createFromRootMetadata($rootMetadata, $allowUntrustedAccess), - KeyDB::createFromRootMetadata($rootMetadata, $allowUntrustedAccess) - ); - } - - /** - * Checks signatures on a verifiable structure. - * - * @param \Tuf\Metadata\MetadataBase $metadata - * The metadata to check signatures on. - * - * @return void - * - * @throws \Tuf\Exception\Attack\SignatureThresholdException - * Thrown if the signature threshold has not be reached. - */ - public function checkSignatures(MetadataBase $metadata): void - { - $signatures = $metadata->getSignatures(); - - $role = $this->roleDb->getRole($metadata->getRole()); - $needVerified = $role->getThreshold(); - $verifiedKeySignatures = []; - - $canonicalBytes = JsonNormalizer::asNormalizedJson($metadata->getSigned()); - - foreach ($signatures as $signature) - { - // Don't allow the same key to be counted twice. - if ($role->isKeyIdAcceptable($signature['keyid']) && $this->verifySingleSignature($canonicalBytes, $signature)) - { - $verifiedKeySignatures[$signature['keyid']] = true; - } - - // @todo Determine if we should check all signatures and warn for - // bad signatures even if this method returns TRUE because the - // threshold has been met. - // https://github.com/php-tuf/php-tuf/issues/172 - if (count($verifiedKeySignatures) >= $needVerified) - { - break; - } - } - - if (count($verifiedKeySignatures) < $needVerified) - { - throw new SignatureThresholdException("Signature threshold not met on " . $metadata->getRole()); - } - } - - /** - * Verifies a single signature. - * - * @param string $bytes - * The canonical JSON string of the 'signed' section of the given file. - * @param \ArrayAccess $signatureMeta - * The ArrayAccess object of metadata for the signature. Each signature - * metadata contains two elements: - * - keyid: The identifier of the key signing the role data. - * - sig: The hex-encoded signature of the canonical form of the - * metadata for the role. - * - * @return boolean - * TRUE if the signature is valid for $bytes. - */ - private function verifySingleSignature(string $bytes, \ArrayAccess $signatureMeta): bool - { - // Get the pubkey from the key database. - $pubkey = $this->keyDb->getKey($signatureMeta['keyid'])->getPublic(); - - // Encode the pubkey and signature, and check that the signature is - // valid for the given data and pubkey. - $pubkeyBytes = hex2bin($pubkey); - $sigBytes = hex2bin($signatureMeta['sig']); - - // @todo Check that the key type in $signatureMeta is ed25519; return - // false if not. - // https://github.com/php-tuf/php-tuf/issues/168 - return \sodium_crypto_sign_verify_detached($sigBytes, $bytes, $pubkeyBytes); - } - - /** - * Adds a role to the signature verifier. - * - * @param \Tuf\Role $role - */ - public function addRole(Role $role): void - { - if (!$this->roleDb->roleExists($role->getName())) - { - $this->roleDb->addRole($role); - } - } - - /** - * Adds a key to the signature verifier. - * - * @param string $keyId - * @param \Tuf\Key $key - */ - public function addKey(string $keyId, Key $key): void - { - $this->keyDb->addKey($keyId, $key); - } -} diff --git a/libraries/src/TUF/src/Client/Updater.php b/libraries/src/TUF/src/Client/Updater.php deleted file mode 100644 index d993141105f..00000000000 --- a/libraries/src/TUF/src/Client/Updater.php +++ /dev/null @@ -1,600 +0,0 @@ -repoFileFetcher = $repoFileFetcher; - $this->mirrors = $mirrors; - $this->durableStorage = new DurableStorageAccessValidator($durableStorage); - $this->clock = new Clock(); - $this->metadataFactory = new MetadataFactory($this->durableStorage); - } - - /** - * Gets the type for the file name. - * - * @param string $fileName - * The file name. - * - * @return string - * The type. - */ - private static function getFileNameType(string $fileName): string - { - $parts = explode('.', $fileName); - array_pop($parts); - return array_pop($parts); - } - - /** - * @todo Add docs. See python comments: - * https://github.com/theupdateframework/tuf/blob/1cf085a360aaad739e1cc62fa19a2ece270bb693/tuf/client/updater.py#L999 - * https://github.com/php-tuf/php-tuf/issues/162 - * @todo The Python implementation has an optional flag to "unsafely update - * root if necessary". Do we need it? - * https://github.com/php-tuf/php-tuf/issues/21 - * - * @param bool $force - * (optional) If false, return early if this updater has already been - * refreshed. Defaults to false. - * - * @return boolean - * TRUE if the data was successfully refreshed. - * - * @see https://github.com/php-tuf/php-tuf/issues/21 - * - * @throws \Tuf\Exception\MetadataException - * Throw if an upated root metadata file is not valid. - * @throws \Tuf\Exception\Attack\FreezeAttackException - * Throw if a freeze attack is detected. - * @throws \Tuf\Exception\Attack\RollbackAttackException - * Throw if a rollback attack is detected. - * @throws \Tuf\Exception\Attack\SignatureThresholdException - * Thrown if the signature threshold has not be reached. - */ - public function refresh(bool $force = false): bool - { - if ($force) { - $this->isRefreshed = false; - $this->metadataExpiration = null; - } - if ($this->isRefreshed) { - return true; - } - - // § 5.1 - $this->metadataExpiration = $this->getUpdateStartTime(); - - // § 5.2 - /** @var \Tuf\Metadata\RootMetadata $rootData */ - $rootData = $this->metadataFactory->load('root'); - - $this->signatureVerifier = SignatureVerifier::createFromRootMetadata($rootData); - $this->universalVerifier = new UniversalVerifier($this->metadataFactory, $this->signatureVerifier, $this->metadataExpiration); - - // § 5.3 - $this->updateRoot($rootData); - - // § 5.4 - $newTimestampData = $this->updateTimestamp(); - - $snapshotInfo = $newTimestampData->getFileMetaInfo('snapshot.json'); - $snapShotVersion = $snapshotInfo['version']; - - // § 5.5 - if ($rootData->supportsConsistentSnapshots()) { - // § 5.5.1 - $newSnapshotContents = $this->fetchFile("$snapShotVersion.snapshot.json"); - - $newSnapshotData = SnapshotMetadata::createFromJson($newSnapshotContents); - - $this->universalVerifier->verify(SnapshotMetadata::TYPE, $newSnapshotData); - - // § 5.5.7 - // TODO: here change .json to _json - $this->durableStorage['snapshot_json'] = $newSnapshotContents; - } else { - // @todo Add support for not using consistent snapshots in - // https://github.com/php-tuf/php-tuf/issues/97 - throw new \UnexpectedValueException("Currently only repos using consistent snapshots are supported."); - } - - // § 5.6 - if ($rootData->supportsConsistentSnapshots()) { - $this->fetchAndVerifyTargetsMetadata('targets'); - } else { - // @todo Add support for not using consistent snapshots in - // https://github.com/php-tuf/php-tuf/issues/97 - throw new \UnexpectedValueException("Currently only repos using consistent snapshots are supported."); - } - $this->isRefreshed = true; - return true; - } - - /** - * Updates the timestamp role, per section 5.3 of the TUF spec. - */ - private function updateTimestamp(): TimestampMetadata - { - // § 5.4.1 - $newTimestampContents = $this->fetchFile('timestamp.json'); - $newTimestampData = TimestampMetadata::createFromJson($newTimestampContents); - - $this->universalVerifier->verify(TimestampMetadata::TYPE, $newTimestampData); - - // § 5.4.5: Persist timestamp metadata - // TODO: here change .json to _json - $this->durableStorage['timestamp_json'] = $newTimestampContents; - - return $newTimestampData; - } - - - - /** - * Updates the root metadata if needed. - * - * @param \Tuf\Metadata\RootMetadata $rootData - * The current root metadata. - * - * @return void - *@throws \Tuf\Exception\Attack\FreezeAttackException - * Throw if a freeze attack is detected. - * @throws \Tuf\Exception\Attack\RollbackAttackException - * Throw if a rollback attack is detected. - * @throws \Tuf\Exception\Attack\SignatureThresholdException - * Thrown if an updated root file is not signed with the need signatures. - * - * @throws \Tuf\Exception\MetadataException - * Throw if an upated root metadata file is not valid. - */ - private function updateRoot(RootMetadata &$rootData): void - { - // § 5.3.1 needs no action, since we currently require consistent - // snapshots. - $rootsDownloaded = 0; - $originalRootData = $rootData; - // § 5.3.2 and 5.3.3 - $nextVersion = $rootData->getVersion() + 1; - while ($nextRootContents = $this->repoFileFetcher->fetchMetadataIfExists("$nextVersion.root.json", static::MAXIMUM_DOWNLOAD_BYTES)) { - $rootsDownloaded++; - if ($rootsDownloaded > static::MAX_ROOT_DOWNLOADS) { - throw new DenialOfServiceAttackException("The maximum number root files have already been downloaded: " . static::MAX_ROOT_DOWNLOADS); - } - $nextRoot = RootMetadata::createFromJson($nextRootContents); - $this->universalVerifier->verify(RootMetadata::TYPE, $nextRoot); - - // § 5.3.6 Needs no action. The expiration of the new (intermediate) - // root metadata file does not matter yet, because we will check for - // it in § 5.3.10. - // § 5.3.7 - $rootData = $nextRoot; - - // § 5.3.8 - // TODO: here change .json to _json - $this->durableStorage['root_json'] = $nextRootContents; - // § 5.3.9: repeat from § 5.3.2. - $nextVersion = $rootData->getVersion() + 1; - } - // § 5.3.10 - RootVerifier::checkFreezeAttack($rootData, $this->metadataExpiration); - - // § 5.3.11: Delete the trusted timestamp and snapshot files if either - // file has rooted keys. - if ($rootsDownloaded && - (static::hasRotatedKeys($originalRootData, $rootData, 'timestamp') - || static::hasRotatedKeys($originalRootData, $rootData, 'snapshot'))) { - unset($this->durableStorage['timestamp_json'], $this->durableStorage['snapshot_json']); - } - // § 5.3.12 needs no action because we currently require consistent - // snapshots. - } - - /** - * Determines if the new root metadata has rotated keys for a role. - * - * @param \Tuf\Metadata\RootMetadata $previousRootData - * The previous root metadata. - * @param \Tuf\Metadata\RootMetadata $newRootData - * The new root metadta. - * @param string $role - * The role to check for rotated keys. - * - * @return boolean - * True if the keys for the role have been rotated, otherwise false. - */ - private static function hasRotatedKeys(RootMetadata $previousRootData, RootMetadata $newRootData, string $role): bool - { - $previousRole = $previousRootData->getRoles()[$role] ?? null; - $newRole = $newRootData->getRoles()[$role] ?? null; - if ($previousRole && $newRole) { - return !$previousRole->keysMatch($newRole); - } - return false; - } - - /** - * Synchronously fetches a file from the remote repo. - * - * @param string $fileName - * The name of the file to fetch. - * @param integer $maxBytes - * (optional) The maximum number of bytes to download. - * - * @return string - * The contents of the fetched file. - */ - private function fetchFile(string $fileName, int $maxBytes = self::MAXIMUM_DOWNLOAD_BYTES): string - { - return $this->repoFileFetcher->fetchMetadata($fileName, $maxBytes) - ->then(function (StreamInterface $data) use ($fileName, $maxBytes) { - $this->checkLength($data, $maxBytes, $fileName); - return $data; - }) - ->wait(); - } - - /** - * Verifies the length of a data stream. - * - * @param \Psr\Http\Message\StreamInterface $data - * The data stream to check. - * @param int $maxBytes - * The maximum acceptable length of the stream, in bytes. - * @param string $fileName - * The filename associated with the stream. - * - * @throws \Tuf\Exception\DownloadSizeException - * If the stream's length exceeds $maxBytes in size. - */ - protected function checkLength(StreamInterface $data, int $maxBytes, string $fileName): void - { - $error = new DownloadSizeException("$fileName exceeded $maxBytes bytes"); - $size = $data->getSize(); - - if (isset($size)) { - if ($size > $maxBytes) { - throw $error; - } - } else { - // @todo Handle non-seekable streams. - // https://github.com/php-tuf/php-tuf/issues/169 - $data->rewind(); - $data->read($maxBytes); - - // If we reached the end of the stream, we didn't exceed the - // maximum number of bytes. - if ($data->eof() === false) { - throw $error; - } - $data->rewind(); - } - } - - /** - * Verifies a stream of data against a known TUF target. - * - * @param string $target - * The path of the target file. Needs to be known to the most recent - * targets metadata downloaded in ::refresh(). - * @param \Psr\Http\Message\StreamInterface $data - * A stream pointing to the downloaded target data. - * - * @throws \Tuf\Exception\MetadataException - * If the target has no trusted hash(es). - * @throws \Tuf\Exception\Attack\InvalidHashException - * If the data stream does not match the known hash(es) for the target. - */ - protected function verify(string $target, StreamInterface $data): void - { - $this->refresh(); - - $targetsMetadata = $this->getMetadataForTarget($target); - if ($targetsMetadata === null) { - throw new NotFoundException($target, 'Target'); - } - $maxBytes = $targetsMetadata->getLength($target) ?? static::MAXIMUM_DOWNLOAD_BYTES; - $this->checkLength($data, $maxBytes, $target); - - $hashes = $targetsMetadata->getHashes($target); - if (count($hashes) === 0) { - // § 5.7.2 - throw new MetadataException("No trusted hashes are available for '$target'"); - } - foreach ($hashes as $algo => $hash) { - // If the stream has a URI that refers to a file, use - // hash_file() to verify it. Otherwise, read the entire stream - // as a string and use hash() to verify it. - $uri = $data->getMetadata('uri'); - if ($uri && file_exists($uri)) { - $streamHash = hash_file($algo, $uri); - } else { - $streamHash = hash($algo, $data->getContents()); - $data->rewind(); - } - - if ($hash !== $streamHash) { - throw new InvalidHashException($data, "Invalid $algo hash for $target"); - } - } - } - - /** - * Downloads a target file, verifies it, and returns its contents. - * - * @param string $target - * The path of the target file. Needs to be known to the most recent - * targets metadata downloaded in ::refresh(). - * @param mixed ...$extra - * Additional arguments to pass to the file fetcher. - * - * @return \GuzzleHttp\Promise\PromiseInterface - * A promise representing the eventual verified result of the download - * operation. - */ - public function download(string $target, ...$extra): PromiseInterface - { - $this->refresh(); - - $targetsMetadata = $this->getMetadataForTarget($target); - if ($targetsMetadata === null) { - return new RejectedPromise(new NotFoundException($target, 'Target')); - } - - // If the target isn't known, immediately return a rejected promise. - try { - $length = $targetsMetadata->getLength($target) ?? static::MAXIMUM_DOWNLOAD_BYTES; - } catch (NotFoundException $e) { - return new RejectedPromise($e); - } - - return $this->repoFileFetcher->fetchTarget($target, $length, ...$extra) - ->then(function (StreamInterface $stream) use ($target) { - $this->verify($target, $stream); - return $stream; - }); - } - - /** - * Gets a target metadata object that contains the specified target, if any. - * - * @param string $target - * The path of the target file. - * - * @return \Tuf\Metadata\TargetsMetadata|null - * The targets metadata with information about the desired target, or null if no relevant metadata is found. - */ - protected function getMetadataForTarget(string $target): ?TargetsMetadata - { - // Search the top level targets metadata. - /** @var \Tuf\Metadata\TargetsMetadata $targetsMetadata */ - $targetsMetadata = $this->metadataFactory->load('targets'); - if ($targetsMetadata->hasTarget($target)) { - return $targetsMetadata; - } - // Recursively search any delegated roles. - return $this->searchDelegatedRolesForTarget($targetsMetadata, $target, ['targets']); - } - - /** - * Fetches and verifies a targets metadata file. - * - * The metadata file will be stored as '$role_json'. - * - * @param string $role - * The role name. This may be 'targets' or a delegated role. - */ - private function fetchAndVerifyTargetsMetadata(string $role): void - { - $newSnapshotData = $this->metadataFactory->load('snapshot'); - $targetsVersion = $newSnapshotData->getFileMetaInfo($role. ".json")['version']; - // § 5.6.1 - $newTargetsContent = $this->fetchFile("$targetsVersion.$role.json"); - $newTargetsData = TargetsMetadata::createFromJson($newTargetsContent, $role); - $this->universalVerifier->verify(TargetsMetadata::TYPE, $newTargetsData); - // § 5.5.6 - // TODO: here change .json to _json - $this->durableStorage[$role . "_json"] = $newTargetsContent; - } - - /** - * Returns the time that the update began. - * - * @return \DateTimeImmutable - * The time that the update began. - */ - private function getUpdateStartTime(): \DateTimeImmutable - { - return (new \DateTimeImmutable())->setTimestamp($this->clock->getCurrentTime()); - } - - /** - * Searches delegated roles for metadata concerning a specific target. - * - * @param \Tuf\Metadata\TargetsMetadata|null $targetsMetadata - * The targets metadata to search. - * @param string $target - * The path of the target file. - * @param string[] $searchedRoles - * The roles that have already been searched. This is for internal use only and should not be passed by calling code. - * @param bool $terminated - * (optional) For internal recursive calls only. This will be set to true if a terminating delegation is found in - * the search. - * - * - * @return \Tuf\Metadata\TargetsMetadata|null - * The target metadata that contains the metadata for the target or null if the target is not found. - */ - private function searchDelegatedRolesForTarget(TargetsMetadata $targetsMetadata, string $target, array $searchedRoles, bool &$terminated = false): ?TargetsMetadata - { - foreach ($targetsMetadata->getDelegatedKeys() as $keyId => $delegatedKey) { - $this->signatureVerifier->addKey($keyId, $delegatedKey); - } - foreach ($targetsMetadata->getDelegatedRoles() as $delegatedRole) { - $delegatedRoleName = $delegatedRole->getName(); - if (in_array($delegatedRoleName, $searchedRoles, true)) { - // § 5.6.7.1 - // If this role has been visited before, skip it (to avoid cycles in the delegation graph). - continue; - } - // § 5.6.7.1 - if (count($searchedRoles) > static::MAXIMUM_TARGET_ROLES) { - return null; - } - - $this->signatureVerifier->addRole($delegatedRole); - // Targets must match the paths of all roles in the delegation chain, so if the path does not match, - // do not evaluate this role or any roles it delegates to. - if ($delegatedRole->matchesPath($target)) { - $this->fetchAndVerifyTargetsMetadata($delegatedRoleName); - /** @var \Tuf\Metadata\TargetsMetadata $delegatedTargetsMetadata */ - $delegatedTargetsMetadata = $this->metadataFactory->load($delegatedRoleName); - if ($delegatedTargetsMetadata->hasTarget($target)) { - return $delegatedTargetsMetadata; - } - $searchedRoles[] = $delegatedRoleName; - // § 5.6.7.2.1 - // Recursively search the list of delegations in order of appearance. - $delegatedRolesMetadataSearchResult = $this->searchDelegatedRolesForTarget($delegatedTargetsMetadata, $target, $searchedRoles, $terminated); - if ($terminated || $delegatedRolesMetadataSearchResult) { - return $delegatedRolesMetadataSearchResult; - } - - // If $delegatedRole is terminating then we do not search any of the next delegated roles after it - // in the delegations from $targetsMetadata. - if ($delegatedRole->isTerminating()) { - $terminated = true; - // § 5.6.7.2.2 - // If the role is terminating then abort searching for a target. - return null; - } - } - } - return null; - } -} diff --git a/libraries/src/TUF/src/Constraints/Collection.php b/libraries/src/TUF/src/Constraints/Collection.php deleted file mode 100644 index 77cae65fe82..00000000000 --- a/libraries/src/TUF/src/Constraints/Collection.php +++ /dev/null @@ -1,17 +0,0 @@ -unsupportedFields as $unsupportedField) { - $existsInArray = \is_array($value) && \array_key_exists($unsupportedField, $value); - $existsInArrayAccess = $value instanceof \ArrayAccess && $value->offsetExists($unsupportedField); - if ($existsInArray || $existsInArrayAccess) { - $this->context->buildViolation('This field is not supported.') - ->atPath("[$unsupportedField]") - ->setInvalidValue(null) - ->setCode(Collection::MISSING_FIELD_ERROR) - ->addViolation(); - } - } - parent::validate($value, $constraint); - } -} diff --git a/libraries/src/TUF/src/DelegatedRole.php b/libraries/src/TUF/src/DelegatedRole.php deleted file mode 100644 index 6c3744c8e86..00000000000 --- a/libraries/src/TUF/src/DelegatedRole.php +++ /dev/null @@ -1,96 +0,0 @@ -terminating; - } - - /** - * DelegatedRole constructor. - * - * @param string $name - * @param int $threshold - * @param array $keyIds - * @param array $paths - * @param bool $terminating - */ - private function __construct(string $name, int $threshold, array $keyIds, array $paths, bool $terminating) - { - parent::__construct($name, $threshold, $keyIds); - $this->paths = $paths; - $this->terminating = $terminating; - } - - public static function createFromMetadata(\ArrayObject $roleInfo, string $name = null): Role - { - $roleConstraints = static::getRoleConstraints(); - $roleConstraints->fields += [ - 'name' => new Required( - [ - new Type('string'), - new NotBlank(), - ] - ), - 'terminating' => new Required(new Type('boolean')), - 'paths' => new Required(new Type('array')), - ]; - static::validate($roleInfo, $roleConstraints); - return new static( - $roleInfo['name'], - $roleInfo['threshold'], - $roleInfo['keyids'], - $roleInfo['paths'], - $roleInfo['terminating'] - ); - } - - /** - * Determines whether a target matches a path for this role. - * - * @param string $target - * The path of the target file. - * - * @return bool - * True if there is path match or no path criteria is set for the role, or - * false otherwise. - */ - public function matchesPath(string $target): bool - { - if ($this->paths) { - foreach ($this->paths as $path) { - if (fnmatch($path, $target)) { - return true; - } - } - return false; - } - // If no paths are set then any target is a match. - return true; - } -} diff --git a/libraries/src/TUF/src/Exception/Attack/AttackException.php b/libraries/src/TUF/src/Exception/Attack/AttackException.php deleted file mode 100644 index d267778ee60..00000000000 --- a/libraries/src/TUF/src/Exception/Attack/AttackException.php +++ /dev/null @@ -1,15 +0,0 @@ -stream = $stream; - } - - /** - * Returns the untrusted stream object pointing to the downloaded target. - * - * WARNING: The contents of the stream failed TUF validation. Any code - * interacting it should treat it as unsafe and proceed with great caution. - * - * @return \Psr\Http\Message\StreamInterface - * The stream object. - */ - public function getStream(): StreamInterface - { - return $this->stream; - } -} diff --git a/libraries/src/TUF/src/Exception/Attack/RollbackAttackException.php b/libraries/src/TUF/src/Exception/Attack/RollbackAttackException.php deleted file mode 100644 index 26a7a021731..00000000000 --- a/libraries/src/TUF/src/Exception/Attack/RollbackAttackException.php +++ /dev/null @@ -1,10 +0,0 @@ -ksort(); - } elseif (is_object($structure)) { - throw new \RuntimeException('\Tuf\JsonNormalizer::rKeySort() is not intended to sort objects except \ArrayObject. Found: ' . get_class($structure)); - } - - foreach ($structure as $key => $value) { - if (is_array($value) || $value instanceof \ArrayObject) { - self::rKeySort($structure[$key]); - } - } - } - - /** - * Replaces all instance of \stdClass in the data structure with \ArrayObject. - * - * Symfony Validator library's built-in constraints cannot validate - * \stdClass objects. This method should only be used with the return value - * of json_decode therefore should not contain any objects except instances - * of \stdClass. - * - * @param array|\stdClass $data - * The data to convert. The data structure should contain no objects - * except \stdClass instances. - * - * @return iterable - * The data with all stdClass instances replaced with ArrayObject. - * - * @throws \RuntimeException - * Thrown if the an object other than \stdClass is found. - */ - private static function replaceStdClassWithArrayObject($data): iterable - { - if ($data instanceof \stdClass) { - $data = new \ArrayObject($data); - } elseif (!is_array($data)) { - throw new \RuntimeException('Cannot convert type: ' . get_class($data)); - } - foreach ($data as $key => $datum) { - if (is_array($datum) || is_object($datum)) { - $data[$key] = static::replaceStdClassWithArrayObject($datum); - } - } - return $data; - } -} diff --git a/libraries/src/TUF/src/Key.php b/libraries/src/TUF/src/Key.php deleted file mode 100644 index 46bf17a1e74..00000000000 --- a/libraries/src/TUF/src/Key.php +++ /dev/null @@ -1,131 +0,0 @@ -type = $type; - $this->scheme = $scheme; - $this->public = $public; - } - - /** - * Creates a key object from TUF metadata. - * - * @param \ArrayObject $keyInfo - * The key information from TUF metadata including. - * - keytype: The public key signature system, e.g. 'ed25519'. - * - scheme: The corresponding signature scheme, e.g. 'ed25519'. - * - keyval: An associative array containing the public key value. - - * - * @return static - * - * @see https://theupdateframework.github.io/specification/v1.0.18#document-formats - */ - public static function createFromMetadata(\ArrayObject $keyInfo): self - { - self::validate($keyInfo, static::getKeyConstraints()); - return new static( - $keyInfo['keytype'], - $keyInfo['scheme'], - $keyInfo['keyval']['public'] - ); - } - - /** - * Gets the public key value. - * - * @return string - * The public key value. - */ - public function getPublic(): string - { - return $this->public; - } - - /** - * Gets the key type. - * - * @return string - * The key type. - */ - public function getType(): string - { - return $this->type; - } - - /** - * Computes the key ID. - * - * Per specification section 4.2, the KEYID is a hexdigest of the SHA-256 - * hash of the canonical form of the key. - * - * @return string - * The key ID in hex format for the key metadata hashed using sha256. - * - * @see https://theupdateframework.github.io/specification/v1.0.18#document-formats - * - * @todo https://github.com/php-tuf/php-tuf/issues/56 - */ - public function getComputedKeyId(): string - { - // @see https://github.com/secure-systems-lab/securesystemslib/blob/master/securesystemslib/keys.py - // The keyid_hash_algorithms array value is based on the TUF settings, - // it's not expected to be part of the key metadata. The fact that it is - // currently included is a quirk of the TUF python code that may be - // fixed in future versions. Calculate using the normal TUF settings - // since this is how it's calculated in the securesystemslib code and - // any value for keyid_hash_algorithms in the key data in root.json is - // ignored. - $keyCanonicalStruct = [ - 'keytype' => $this->getType(), - 'scheme' => $this->scheme, - 'keyid_hash_algorithms' => ['sha256', 'sha512'], - 'keyval' => ['public' => $this->getPublic()], - ]; - $keyCanonicalForm = JsonNormalizer::asNormalizedJson($keyCanonicalStruct); - - return hash('sha256', $keyCanonicalForm, false); - } -} diff --git a/libraries/src/TUF/src/KeyDB.php b/libraries/src/TUF/src/KeyDB.php deleted file mode 100644 index 43ce954b482..00000000000 --- a/libraries/src/TUF/src/KeyDB.php +++ /dev/null @@ -1,125 +0,0 @@ -getKeys($allowUntrustedAccess) as $keyId => $key) { - $db->addKey($keyId, $key); - } - - return $db; - } - - /** - * Gets the supported encryption key types. - * - * @return string[] - * An array of supported encryption key type names (e.g. 'ed25519'). - */ - public static function getSupportedKeyTypes(): array - { - return ['ed25519']; - } - - /** - * Constructs a new KeyDB. - */ - public function __construct() - { - $this->keys = []; - } - - /** - * Adds key metadata to the key database while avoiding duplicates. - * - * @param string $keyId - * The key ID given as the object key in root.json or another keys list. - * @param \Tuf\Key - * The key. - * - * @return void - * - * @see https://theupdateframework.github.io/specification/v1.0.18#document-formats - */ - public function addKey(string $keyId, Key $key): void - { - if (! in_array($key->getType(), self::getSupportedKeyTypes(), true)) { - // @todo Convert this to a log line as per Python. - // https://github.com/php-tuf/php-tuf/issues/160 - throw new InvalidKeyException("Root metadata file contains an unsupported key type: \"${keyMeta['keytype']}\""); - } - // Per TUF specification 4.3, Clients MUST calculate each KEYID to - // verify this is correct for the associated key. - if ($keyId !== $key->getComputedKeyId()) { - throw new InvalidKeyException('The calculated KEYID does not match the value provided.'); - } - $this->keys[$keyId] = $key; - } - - /** - * Returns the key metadata for a given key ID. - * - * @param string $keyId - * The key ID. - * - * @return \Tuf\Key - * The key. - * - * @throws \Tuf\Exception\NotFoundException - * Thrown if the key ID is not found in the keydb database. - * - * @see https://theupdateframework.github.io/specification/v1.0.18#document-formats - */ - public function getKey(string $keyId): Key - { - if (empty($this->keys[$keyId])) { - throw new NotFoundException($keyId, 'key'); - } - return $this->keys[$keyId]; - } -} diff --git a/libraries/src/TUF/src/Metadata/ConstraintsTrait.php b/libraries/src/TUF/src/Metadata/ConstraintsTrait.php deleted file mode 100644 index a79fa6260df..00000000000 --- a/libraries/src/TUF/src/Metadata/ConstraintsTrait.php +++ /dev/null @@ -1,173 +0,0 @@ -validate($data, $constraints); - if (count($violations)) { - $exceptionMessages = []; - foreach ($violations as $violation) { - $exceptionMessages[] = (string) $violation; - } - throw new MetadataException(implode(", \n", $exceptionMessages)); - } - } - - /** - * Gets the common hash constraints. - * - * @return \Symfony\Component\Validator\Constraint[][] - * The hash constraints. - */ - protected static function getHashesConstraints(): array - { - return [ - 'hashes' => [ - new Count(['min' => 1]), - new Type('\ArrayObject'), - // The keys for 'hashes is not know but they all must be strings. - new All([ - new Type(['type' => 'string']), - new NotBlank(), - ]), - ], - ]; - } - - /** - * Gets the common version constraints. - * - * @return \Symfony\Component\Validator\Constraint[][] - * The version constraints. - */ - protected static function getVersionConstraints(): array - { - return [ - 'version' => [ - new Type(['type' => 'integer']), - new GreaterThanOrEqual(1), - ], - ]; - } - - /** - * Gets the common threshold constraints. - * - * @return \Symfony\Component\Validator\Constraint[][] - * The threshold constraints. - */ - protected static function getThresholdConstraints(): array - { - return [ - 'threshold' => [ - new Type(['type' => 'integer']), - new GreaterThanOrEqual(1), - ], - ]; - } - /** - * Gets the common keyids constraints. - * - * @return \Symfony\Component\Validator\Constraint[][] - * The keysids constraints. - */ - protected static function getKeyidsConstraints(): array - { - return [ - 'keyids' => [ - new Count(['min' => 1]), - new Type(['type' => 'array']), - // The keys for 'hashes is not know but they all must be strings. - new All([ - new Type(['type' => 'string']), - new NotBlank(), - ]), - ], - ]; - } - - /** - * Gets the common key Collection constraints. - * - * @return Collection - * The 'key' Collection constraint. - */ - protected static function getKeyConstraints(): Collection - { - return new Collection([ - // This field is not part of the TUF specification and is being - // removed from the Python TUF reference implementation in - // https://github.com/theupdateframework/tuf/issues/848. - // If it is provided though we only support the default value which - // is passed on from a setting in the Python `securesystemslib` - // library. - 'keyid_hash_algorithms' => new Optional([ - new EqualTo(['value' => ["sha256", "sha512"]]), - ]), - 'keytype' => [ - new Type(['type' => 'string']), - new NotBlank(), - ], - 'keyval' => [ - new Type('\ArrayObject'), - new Collection([ - 'public' => [ - new Type(['type' => 'string']), - new NotBlank(), - ], - ]), - ], - 'scheme' => [ - new Type(['type' => 'string']), - new NotBlank(), - ], - ]); - } - - /** - * Gets the role constraints. - * - * @return \Symfony\Component\Validator\Constraints\Collection - * The role constraints collection. - */ - protected static function getRoleConstraints(): Collection - { - return new Collection( - static::getKeyidsConstraints() + - static::getThresholdConstraints() - ); - } -} diff --git a/libraries/src/TUF/src/Metadata/Factory.php b/libraries/src/TUF/src/Metadata/Factory.php deleted file mode 100644 index 601716a3352..00000000000 --- a/libraries/src/TUF/src/Metadata/Factory.php +++ /dev/null @@ -1,71 +0,0 @@ -storage = $storage; - } - - /** - * Loads a value object for trusted metadata. - * - * @param string $role - * The role to be loaded. - * - * @return \Tuf\Metadata\MetadataBase|null - * The trusted metadata for the role, or NULL if none was found. - * @throws \Tuf\Exception\MetadataException - */ - public function load(string $role): ?MetadataBase - { - // TODO: this is changed from $role . ".json" to $role . "_json" - $fileName = $role . "_json"; - - if (isset($this->storage[$fileName])) - { - $json = $this->storage[$fileName]; - - switch ($role) - { - case RootMetadata::TYPE: - $currentMetadata = RootMetadata::createFromJson($json); - break; - case SnapshotMetadata::TYPE: - $currentMetadata = SnapshotMetadata::createFromJson($json); - break; - case TimestampMetadata::TYPE: - $currentMetadata = TimestampMetadata::createFromJson($json); - break; - default: - $currentMetadata = TargetsMetadata::createFromJson($json, $role); - } - - $currentMetadata->trust(); - - return $currentMetadata; - } - else - { - return null; - } - } -} diff --git a/libraries/src/TUF/src/Metadata/FileInfoMetadataBase.php b/libraries/src/TUF/src/Metadata/FileInfoMetadataBase.php deleted file mode 100644 index cd7e6410407..00000000000 --- a/libraries/src/TUF/src/Metadata/FileInfoMetadataBase.php +++ /dev/null @@ -1,27 +0,0 @@ -ensureIsTrusted($allowUntrustedAccess); - $signed = $this->getSigned(); - return $signed['meta'][$key] ?? null; - } -} diff --git a/libraries/src/TUF/src/Metadata/MetadataBase.php b/libraries/src/TUF/src/Metadata/MetadataBase.php deleted file mode 100644 index 76ce37ff6cc..00000000000 --- a/libraries/src/TUF/src/Metadata/MetadataBase.php +++ /dev/null @@ -1,255 +0,0 @@ -metadata = $metadata; - $this->sourceJson = $sourceJson; - } - - /** - * Gets the original JSON source. - * - * @return string - * The JSON source. - */ - public function getSource():string - { - return $this->sourceJson; - } - - /** - * Create an instance and also validate the decoded JSON. - * - * @param string $json - * A JSON string representing TUF metadata. - * - * @return static - * The new instance. - * - * @throws \Tuf\Exception\MetadataException - * Thrown if validation fails. - */ - public static function createFromJson(string $json): self - { - $data = JsonNormalizer::decode($json); - static::validate($data, new Collection(static::getConstraints())); - - return new static($data, $json); - } - - /** - * Gets the constraints for top-level metadata. - * - * @return \Symfony\Component\Validator\Constraint[] - * Array of constraints. - */ - protected static function getConstraints(): array - { - return [ - 'signatures' => new Required( - [ - new Type('array'), - new Count(['min' => 1]), - new All( - [ - new Collection( - [ - 'keyid' => [ - new NotBlank, - new Type(['type' => 'string']), - ], - 'sig' => [ - new NotBlank, - new Type(['type' => 'string']), - ], - ] - ), - ] - ), - ] - ), - 'signed' => new Required( - [ - new Collection(static::getSignedCollectionOptions()), - ] - ), - ]; - } - - /** - * Gets options for the 'signed' metadata property. - * - * @return array - * An options array as expected by - * \Symfony\Component\Validator\Constraints\Collection::__construct(). - */ - protected static function getSignedCollectionOptions(): array - { - return [ - 'fields' => [ - '_type' => [ - new EqualTo(['value' => static::TYPE]), - new Type(['type' => 'string']), - ], - 'expires' => new DateTime(['value' => \DateTimeInterface::ISO8601]), - // We only expect to work with major version 1. - 'spec_version' => [ - new NotBlank, - new Type(['type' => 'string']), - //new Regex(['pattern' => '/^1\.[0-9]+\.[0-9]+$/']), - ], - ] + static::getVersionConstraints(), - 'allowExtraFields' => true, - ]; - } - - /** - * Get signed. - * - * @return \ArrayObject - * The "signed" section of the data. - */ - public function getSigned(): \ArrayObject - { - return (new DeepCopy)->copy($this->metadata['signed']); - } - - /** - * Get version. - * - * @return integer - * The version. - */ - public function getVersion(): int - { - return $this->getSigned()['version']; - } - - /** - * Get the expires date string. - * - * @return string - * The date string. - */ - public function getExpires(): string - { - return $this->getSigned()['expires']; - } - - /** - * Get signatures. - * - * @return array - * The "signatures" section of the data. - */ - public function getSignatures(): array - { - return (new DeepCopy)->copy($this->metadata['signatures']); - } - - /** - * Get the metadata type. - * - * @return string - * The type. - */ - public function getType(): string - { - return $this->getSigned()['_type']; - } - - /** - * Gets the role for the metadata. - * - * @return string - * The type. - */ - public function getRole(): string - { - // For most metadata types the 'type' and the 'role' are the same. - // Metadata types that need to specify a different role should override - // this method. - return $this->getType(); - } - - /** - * Sets the metadata as trusted. - * - * @return void - */ - public function trust(): void - { - $this->isTrusted = true; - } - - /** - * Ensures that the metadata is trusted or the caller explicitly expects untrusted metadata. - * - * @param boolean $allowUntrustedAccess - * Whether this method should access even if the metadata is not trusted. - * - * @return void - */ - public function ensureIsTrusted(bool $allowUntrustedAccess = false): void - { - if (!$allowUntrustedAccess && !$this->isTrusted) - { - throw new \RuntimeException("Cannot use untrusted '{$this->getRole()}'. metadata."); - } - } -} diff --git a/libraries/src/TUF/src/Metadata/RootMetadata.php b/libraries/src/TUF/src/Metadata/RootMetadata.php deleted file mode 100644 index 9558f23060f..00000000000 --- a/libraries/src/TUF/src/Metadata/RootMetadata.php +++ /dev/null @@ -1,100 +0,0 @@ - 1]), - new All([ - static::getKeyConstraints(), - ]), - ]); - $roleConstraints = static::getRoleConstraints(); - $options['fields']['roles'] = new Collection([ - 'targets' => new Required($roleConstraints), - 'timestamp' => new Required($roleConstraints), - 'snapshot' => new Required($roleConstraints), - 'root' => new Required($roleConstraints), - 'mirror' => new Optional($roleConstraints), - ]); - $options['fields']['consistent_snapshot'] = new Required([ - new Type('boolean'), - new EqualTo(true), - ]); - return $options; - } - - /** - * Gets the roles from the metadata. - * - * @param boolean $allowUntrustedAccess - * Whether this method should access even if the metadata is not trusted. - * - * @return \Tuf\Role[] - * The roles. - */ - public function getRoles(bool $allowUntrustedAccess = false): array - { - $this->ensureIsTrusted($allowUntrustedAccess); - $roles = []; - foreach ($this->getSigned()['roles'] as $roleName => $roleInfo) { - $roles[$roleName] = Role::createFromMetadata($roleInfo, $roleName); - } - return $roles; - } - - /** - * Gets the keys for the root metadata. - * - * @param boolean $allowUntrustedAccess - * Whether this method should access even if the metadata is not trusted. - * - * @return \Tuf\Key[] - * The keys for the metadata. - */ - public function getKeys(bool $allowUntrustedAccess = false): array - { - $this->ensureIsTrusted($allowUntrustedAccess); - $keys = []; - foreach ($this->getSigned()['keys'] as $keyId => $keyInfo) { - $keys[$keyId] = Key::createFromMetadata($keyInfo); - } - return $keys; - } - - /** - * Determines whether consistent snapshots are supported. - * - * @return boolean - * Whether consistent snapshots are supported. - */ - public function supportsConsistentSnapshots(): bool - { - $this->ensureIsTrusted(); - return $this->getSigned()['consistent_snapshot']; - } -} diff --git a/libraries/src/TUF/src/Metadata/SnapshotMetadata.php b/libraries/src/TUF/src/Metadata/SnapshotMetadata.php deleted file mode 100644 index 7978a3afb30..00000000000 --- a/libraries/src/TUF/src/Metadata/SnapshotMetadata.php +++ /dev/null @@ -1,72 +0,0 @@ - 1]), - new All( - [ - new Collection( - [ - 'fields' => static::getSnapshotMetaConstraints(), - 'allowExtraFields' => true, - ] - ), - ] - ), - ] - ); - - return $options; - } - - /** - * Returns the fields required or optional for a snapshot meta file - * - * @return array - */ - private static function getSnapshotMetaConstraints() - { - return [ - 'version' => [ - new Type(['type' => 'integer']), - new GreaterThanOrEqual(1), - ], - new Optional( - [ - new Collection( - [ - 'length' => [ - new Type(['type' => 'integer']), - new GreaterThanOrEqual(1), - ], - ] + static::getHashesConstraints() - ), - ] - ), - ]; - } -} diff --git a/libraries/src/TUF/src/Metadata/TargetsMetadata.php b/libraries/src/TUF/src/Metadata/TargetsMetadata.php deleted file mode 100644 index dec63edf377..00000000000 --- a/libraries/src/TUF/src/Metadata/TargetsMetadata.php +++ /dev/null @@ -1,209 +0,0 @@ -role = $roleName; - return $newMetadata; - } - - /** - * {@inheritdoc} - */ - protected static function getSignedCollectionOptions(): array - { - $options = parent::getSignedCollectionOptions(); - $options['fields']['delegations'] = new Optional([ - new Collection([ - 'keys' => new Required([ - new Type('\ArrayObject'), - new All([ - static::getKeyConstraints(), - ]), - ]), - 'roles' => new All([ - new Type('\ArrayObject'), - new TufCollection([ - 'fields' => [ - 'name' => [ - new NotBlank(), - new Type(['type' => 'string']), - ], - 'paths' => [ - new Type(['type' => 'array']), - new All([ - new Type(['type' => 'string']), - new NotBlank(), - ]), - ], - 'terminating' => [ - new Type(['type' => 'boolean']), - ], - ] + static::getKeyidsConstraints() + static::getThresholdConstraints(), - // @todo Support 'path_hash_prefixes' in - // https://github.com/php-tuf/php-tuf/issues/191 - 'unsupportedFields' => ['path_hash_prefixes'], - ]), - ]), - ]), - ]); - $options['fields']['targets'] = new Required([ - new All([ - new Collection([ - 'length' => [ - new Type(['type' => 'integer']), - new GreaterThanOrEqual(1), - ], - 'custom' => new Optional([ - new Type('\ArrayObject'), - ]), - ] + static::getHashesConstraints()), - ]), - - ]); - return $options; - } - - /** - * Returns the length, in bytes, of a specific target. - * - * @param string $target - * The target path. - * - * @return integer - * The length (size) of the target, in bytes. - */ - public function getLength(string $target): int - { - return $this->getInfo($target)['length']; - } - - /** - * {@inheritdoc} - */ - public function getRole(): string - { - return $this->role ?? $this->getType(); - } - - /** - * Returns the known hashes for a specific target. - * - * @param string $target - * The target path. - * - * @return \ArrayObject - * The known hashes for the object. The keys are the hash algorithm (e.g. - * 'sha256') and the values are the hash digest. - */ - public function getHashes(string $target): \ArrayObject - { - return $this->getInfo($target)['hashes']; - } - - /** - * Determines if a target is specified in the current metadata. - * - * @param string $target - * The target path. - * - * @return bool - * True if the target is specified, or false otherwise. - */ - public function hasTarget(string $target): bool - { - try { - $this->getInfo($target); - return true; - } catch (NotFoundException $exception) { - return false; - } - } - - /** - * Gets info about a specific target. - * - * @param string $target - * The target path. - * - * @return \ArrayObject - * The target's info. - * - * @throws \Tuf\Exception\NotFoundException - * Thrown if the target is not mentioned in this metadata. - */ - protected function getInfo(string $target): \ArrayObject - { - $signed = $this->getSigned(); - if (isset($signed['targets'][$target])) { - return $signed['targets'][$target]; - } - throw new NotFoundException($target, 'Target'); - } - - /** - * Gets the delegated keys if any. - * - * @return \Tuf\Key[] - * The delegated keys. - */ - public function getDelegatedKeys(): array - { - $keys = []; - foreach ($this->getSigned()['delegations']['keys'] as $keyId => $keyInfo) { - $keys[$keyId] = Key::createFromMetadata($keyInfo); - } - return $keys; - } - - /** - * Gets the delegated roles if any. - * - * @return \Tuf\DelegatedRole[] - * The delegated roles. - */ - public function getDelegatedRoles(): array - { - $roles = []; - foreach ($this->getSigned()['delegations']['roles'] as $roleInfo) { - $role = DelegatedRole::createFromMetadata($roleInfo); - $roles[$role->getName()] = $role; - } - return $roles; - } -} diff --git a/libraries/src/TUF/src/Metadata/TimestampMetadata.php b/libraries/src/TUF/src/Metadata/TimestampMetadata.php deleted file mode 100644 index 7325d78c9db..00000000000 --- a/libraries/src/TUF/src/Metadata/TimestampMetadata.php +++ /dev/null @@ -1,39 +0,0 @@ - 1]), - new All([ - new Collection([ - 'length' => [ - new Type(['type' => 'integer']), - new GreaterThanOrEqual(1), - ], - ] + static::getHashesConstraints() + static::getVersionConstraints()), - ]), - ]); - return $options; - } -} diff --git a/libraries/src/TUF/src/Metadata/Verifier/FileInfoVerifier.php b/libraries/src/TUF/src/Metadata/Verifier/FileInfoVerifier.php deleted file mode 100644 index db0f3e36ab3..00000000000 --- a/libraries/src/TUF/src/Metadata/Verifier/FileInfoVerifier.php +++ /dev/null @@ -1,48 +0,0 @@ -trustedMetadata->getSigned()['meta']; - $type = $this->trustedMetadata->getType(); - foreach ($localMetaFileInfos as $fileName => $localFileInfo) { - /** @var \Tuf\Metadata\SnapshotMetadata|\Tuf\Metadata\TimestampMetadata $untrustedMetadata */ - if ($remoteFileInfo = $untrustedMetadata->getFileMetaInfo($fileName, true)) { - if ($remoteFileInfo['version'] < $localFileInfo['version']) { - $message = "Remote $type metadata file '$fileName' version \"${$remoteFileInfo['version']}\" " . - "is less than previously seen version \"${$localFileInfo['version']}\""; - throw new RollbackAttackException($message); - } - } - } - } -} diff --git a/libraries/src/TUF/src/Metadata/Verifier/RootVerifier.php b/libraries/src/TUF/src/Metadata/Verifier/RootVerifier.php deleted file mode 100644 index b4201bb1f25..00000000000 --- a/libraries/src/TUF/src/Metadata/Verifier/RootVerifier.php +++ /dev/null @@ -1,63 +0,0 @@ -signatureVerifier->checkSignatures($untrustedMetadata); - $this->signatureVerifier = SignatureVerifier::createFromRootMetadata($untrustedMetadata, true); - $this->signatureVerifier->checkSignatures($untrustedMetadata); - // § 5.3.5 - $this->checkRollbackAttack($untrustedMetadata); - } - - /** - * {@inheritDoc} - */ - protected function checkRollbackAttack(MetadataBase $untrustedMetadata): void - { - $expectedUntrustedVersion = $this->trustedMetadata->getVersion() + 1; - $untrustedVersion = $untrustedMetadata->getVersion(); - if ($expectedUntrustedVersion && ($untrustedMetadata->getVersion() !== $expectedUntrustedVersion)) { - throw new RollbackAttackException("Remote 'root' metadata version \"$$untrustedVersion\" " . - "does not the expected version \"$$expectedUntrustedVersion\""); - } - parent::checkRollbackAttack($untrustedMetadata); - } - - /** - * {@inheritdoc} - * - * Overridden to make public. - * - * After attempting to update the root metadata, the new or non-updated metadata must be checked - * for a freeze attack. We cannot check for a freeze attack in ::verify() because when the client - * is many root files behind, only the last version to be downloaded needs to be checked for a - * freeze attack. - */ - public static function checkFreezeAttack(MetadataBase $metadata, \DateTimeImmutable $expiration): void - { - parent::checkFreezeAttack($metadata, $expiration); - } -} diff --git a/libraries/src/TUF/src/Metadata/Verifier/SnapshotVerifier.php b/libraries/src/TUF/src/Metadata/Verifier/SnapshotVerifier.php deleted file mode 100644 index 7f0f7a023e5..00000000000 --- a/libraries/src/TUF/src/Metadata/Verifier/SnapshotVerifier.php +++ /dev/null @@ -1,79 +0,0 @@ -setTrustedAuthority($timestampMetadata); - } - - /** - * {@inheritdoc} - */ - public function verify(MetadataBase $untrustedMetadata): void - { - // § 5.5.2 - $this->checkAgainstHashesFromTrustedAuthority($untrustedMetadata); - - // § 5.5.3 - $this->signatureVerifier->checkSignatures($untrustedMetadata); - - // § 5.5.4 - $this->checkAgainstVersionFromTrustedAuthority($untrustedMetadata); - - // If the timestamp or snapshot keys were rotating then the snapshot file - // will not exist. - if ($this->trustedMetadata) { - // § 5.5.5 - $this->checkRollbackAttack($untrustedMetadata); - } - - // § 5.5.6 - static::checkFreezeAttack($untrustedMetadata, $this->metadataExpiration); - } - - /** - * {@inheritdoc} - */ - protected function checkRollbackAttack(MetadataBase $untrustedMetadata): void - { - // TUF-SPEC-v1.0.16 Section 5.4.4 - /** @var TimestampMetadata $untrustedMetadata */ - $this->checkFileInfoVersions($untrustedMetadata); - $localMetaFileInfos = $this->trustedMetadata->getSigned()['meta']; - foreach ($localMetaFileInfos as $fileName => $localFileInfo) { - /** @var \Tuf\Metadata\SnapshotMetadata|\Tuf\Metadata\TimestampMetadata $untrustedMetadata */ - if (!$untrustedMetadata->getFileMetaInfo($fileName, true)) { - // § 5.5.5 - // Any targets metadata filename that was listed in the trusted snapshot metadata file, if any, MUST - // continue to be listed in the new snapshot metadata file. - throw new RollbackAttackException("Remote snapshot metadata file references '$fileName' but this is not present in the remote file"); - } - } - } -} diff --git a/libraries/src/TUF/src/Metadata/Verifier/TargetsVerifier.php b/libraries/src/TUF/src/Metadata/Verifier/TargetsVerifier.php deleted file mode 100644 index bcdfa021dc0..00000000000 --- a/libraries/src/TUF/src/Metadata/Verifier/TargetsVerifier.php +++ /dev/null @@ -1,51 +0,0 @@ -setTrustedAuthority($snapshotMetadata); - } - - /** - * {@inheritdoc} - */ - public function verify(MetadataBase $untrustedMetadata): void - { - // § 5.6.2 - $this->checkAgainstHashesFromTrustedAuthority($untrustedMetadata); - - // § 5.6.3 - $this->signatureVerifier->checkSignatures($untrustedMetadata); - - // § 5.6.4 - $this->checkAgainstVersionFromTrustedAuthority($untrustedMetadata); - - // § 5.6.5 - static::checkFreezeAttack($untrustedMetadata, $this->metadataExpiration); - } -} diff --git a/libraries/src/TUF/src/Metadata/Verifier/TimestampVerifier.php b/libraries/src/TUF/src/Metadata/Verifier/TimestampVerifier.php deleted file mode 100644 index 8d28459bbd8..00000000000 --- a/libraries/src/TUF/src/Metadata/Verifier/TimestampVerifier.php +++ /dev/null @@ -1,40 +0,0 @@ -signatureVerifier->checkSignatures($untrustedMetadata); - // If the timestamp or snapshot keys were rotating then the timestamp file - // will not exist. - if ($this->trustedMetadata) { - // § 5.4.3 - $this->checkRollbackAttack($untrustedMetadata); - } - // § 5.4.4 - static::checkFreezeAttack($untrustedMetadata, $this->metadataExpiration); - } - - /** - * {@inheritdoc} - */ - protected function checkRollbackAttack(MetadataBase $untrustedMetadata): void - { - // § 5.3.2.1 - parent::checkRollbackAttack($untrustedMetadata); - // § 5.3.2.2 - /** @var \Tuf\Metadata\SnapshotMetadata $untrustedMetadata */ - $this->checkFileInfoVersions($untrustedMetadata); - } -} diff --git a/libraries/src/TUF/src/Metadata/Verifier/TrustedAuthorityTrait.php b/libraries/src/TUF/src/Metadata/Verifier/TrustedAuthorityTrait.php deleted file mode 100644 index 6456244f063..00000000000 --- a/libraries/src/TUF/src/Metadata/Verifier/TrustedAuthorityTrait.php +++ /dev/null @@ -1,78 +0,0 @@ -ensureIsTrusted(); - $this->authority = $authority; - } - - /** - * Verifies the hashes of untrusted metadata against hashes in the trusted metadata. - * - * @param \Tuf\Metadata\MetadataBase $untrustedMetadata - * The untrusted metadata. - * - * @throws \Tuf\Exception\MetadataException - * Thrown if the new metadata object cannot be verified. - * - * @return void - */ - protected function checkAgainstHashesFromTrustedAuthority(MetadataBase $untrustedMetadata): void - { - $role = $untrustedMetadata->getRole(); - $fileInfo = $this->authority->getFileMetaInfo($role . '.json'); - if (isset($fileInfo['hashes'])) { - foreach ($fileInfo['hashes'] as $algo => $hash) { - if ($hash !== hash($algo, $untrustedMetadata->getSource())) { - /** @var \Tuf\Metadata\MetadataBase $authorityMetadata */ - throw new MetadataException("The '{$role}' contents does not match hash '$algo' specified in the '{$this->authority->getType()}' metadata."); - } - } - } - } - - /** - * Verifies the version of untrusted metadata against the version in trusted metadata. - * - * @param \Tuf\Metadata\MetadataBase $untrustedMetadata - * The untrusted metadata. - * - * @throws \Tuf\Exception\MetadataException - * Thrown if the new metadata object cannot be verified. - * - * @return void - */ - protected function checkAgainstVersionFromTrustedAuthority(MetadataBase $untrustedMetadata): void - { - $role = $untrustedMetadata->getRole(); - $fileInfo = $this->authority->getFileMetaInfo($role . '.json'); - $expectedVersion = $fileInfo['version']; - if ($expectedVersion !== $untrustedMetadata->getVersion()) { - throw new MetadataException("Expected {$role} version {$expectedVersion} does not match actual version {$untrustedMetadata->getVersion()}."); - } - } -} diff --git a/libraries/src/TUF/src/Metadata/Verifier/UniversalVerifier.php b/libraries/src/TUF/src/Metadata/Verifier/UniversalVerifier.php deleted file mode 100644 index 085530c937a..00000000000 --- a/libraries/src/TUF/src/Metadata/Verifier/UniversalVerifier.php +++ /dev/null @@ -1,92 +0,0 @@ -metadataFactory = $metadataFactory; - $this->signatureVerifier = $signatureVerifier; - $this->metadataExpiration = $metadataExpiration; - } - - /** - * Verifies an untrusted metadata object for a role. - * - * @param string $role - * The metadata role (e.g. 'root', 'targets', etc.) - * @param \Tuf\Metadata\MetadataBase $untrustedMetadata - * The untrusted metadata object. - * - * @throws \Tuf\Exception\Attack\FreezeAttackException - * @throws \Tuf\Exception\Attack\RollbackAttackException - * @throws \Tuf\Exception\Attack\InvalidHashException - * @throws \Tuf\Exception\Attack\SignatureThresholdException - */ - public function verify(string $role, MetadataBase $untrustedMetadata): void - { - $trustedMetadata = $this->metadataFactory->load($role); - switch ($role) { - case RootMetadata::TYPE: - $verifier = new RootVerifier($this->signatureVerifier, $this->metadataExpiration, $trustedMetadata); - break; - case SnapshotMetadata::TYPE: - /** @var \Tuf\Metadata\TimestampMetadata $timestampMetadata */ - $timestampMetadata = $this->metadataFactory->load(TimestampMetadata::TYPE); - $verifier = new SnapshotVerifier($this->signatureVerifier, $this->metadataExpiration, $trustedMetadata, $timestampMetadata); - break; - case TimestampMetadata::TYPE: - $verifier = new TimestampVerifier($this->signatureVerifier, $this->metadataExpiration, $trustedMetadata); - break; - default: - /** @var \Tuf\Metadata\SnapshotMetadata $snapshotMetadata */ - $snapshotMetadata = $this->metadataFactory->load(SnapshotMetadata::TYPE); - $verifier = new TargetsVerifier($this->signatureVerifier, $this->metadataExpiration, $trustedMetadata, $snapshotMetadata); - } - $verifier->verify($untrustedMetadata); - // If the verifier didn't throw an exception, we can trust this metadata. - $untrustedMetadata->trust(); - } -} diff --git a/libraries/src/TUF/src/Metadata/Verifier/VerifierBase.php b/libraries/src/TUF/src/Metadata/Verifier/VerifierBase.php deleted file mode 100644 index 6c571e2eb21..00000000000 --- a/libraries/src/TUF/src/Metadata/Verifier/VerifierBase.php +++ /dev/null @@ -1,140 +0,0 @@ -signatureVerifier = $signatureVerifier; - $this->metadataExpiration = $metadataExpiration; - if ($trustedMetadata) { - $trustedMetadata->ensureIsTrusted(); - } - $this->trustedMetadata = $trustedMetadata; - } - - /** - * Verify metadata according to the specification. - * - * @param \Tuf\Metadata\MetadataBase $untrustedMetadata - * The untrusted metadata to verify. - * - * @throws \Tuf\Exception\Attack\FreezeAttackException - * @throws \Tuf\Exception\Attack\RollbackAttackException - * @throws \Tuf\Exception\Attack\InvalidHashException - * @throws \Tuf\Exception\Attack\SignatureThresholdException - */ - abstract public function verify(MetadataBase $untrustedMetadata): void; - - /** - * Checks for a rollback attack. - * - * Verifies that an incoming remote version of a metadata file is greater - * than or equal to the last known version. - * - * @param \Tuf\Metadata\MetadataBase $untrustedMetadata - * The untrusted metadata. - * - * @return void - * - * @throws \Tuf\Exception\Attack\RollbackAttackException - * Thrown if a potential rollback attack is detected. - */ - protected function checkRollbackAttack(MetadataBase $untrustedMetadata): void - { - $type = $this->trustedMetadata->getType(); - $remoteVersion = $untrustedMetadata->getVersion(); - $localVersion = $this->trustedMetadata->getVersion(); - if ($remoteVersion < $localVersion) { - $message = "Remote $type metadata version \"$$remoteVersion\" " . - "is less than previously seen $type version \"$$localVersion\""; - throw new RollbackAttackException($message); - } - } - - /** - * Checks for a freeze attack. - * - * Verifies that metadata has not expired, and assumes a potential freeze - * attack if it has. - * - * @param \Tuf\Metadata\MetadataBase $metadata - * The metadata to check. - * @param \DateTimeImmutable $expiration - * The metadata expiration. - * - * @return void - * - * @throws \Tuf\Exception\Attack\FreezeAttackException Thrown if a potential freeze attack is detected. - */ - protected static function checkFreezeAttack(MetadataBase $metadata, \DateTimeImmutable $expiration): void - { - $metadataExpiration = static::metadataTimestampToDatetime($metadata->getExpires()); - if ($metadataExpiration < $expiration) { - $format = "Remote %s metadata expired on %s"; - throw new FreezeAttackException(sprintf($format, $metadata->getRole(), $metadataExpiration->format('c'))); - } - } - - /** - * Converts a metadata timestamp string into an immutable DateTime object. - * - * @param string $timestamp - * The timestamp string in the metadata. - * - * @return \DateTimeImmutable - * An immutable DateTime object for the given timestamp. - * - * @throws FormatException - * Thrown if the timestamp string format is not valid. - */ - protected static function metadataTimestampToDateTime(string $timestamp): \DateTimeImmutable - { - $dateTime = \DateTimeImmutable::createFromFormat("Y-m-d\TH:i:sT", $timestamp); - if ($dateTime === false) { - throw new FormatException($timestamp, "Could not be interpreted as a DateTime"); - } - return $dateTime; - } -} diff --git a/libraries/src/TUF/src/Role.php b/libraries/src/TUF/src/Role.php deleted file mode 100644 index 91d2e4f5297..00000000000 --- a/libraries/src/TUF/src/Role.php +++ /dev/null @@ -1,122 +0,0 @@ -name = $name; - $this->threshold = $threshold; - $this->keyIds = $keyIds; - } - - /** - * Creates a role object from TUF metadata. - * - * @param \ArrayObject $roleInfo - * The role information from TUF metadata. - * @param string $name - * The name of the role. - * - * @return static - * - * @see https://theupdateframework.github.io/specification/v1.0.18#document-formats - */ - public static function createFromMetadata(\ArrayObject $roleInfo, string $name): Role - { - self::validate($roleInfo, static::getRoleConstraints()); - return new static( - $name, - $roleInfo['threshold'], - $roleInfo['keyids'] - ); - } - - /** - * Checks if this role's key IDs match another role's. - * - * @param \Tuf\Role $other - * - * @return bool - */ - public function keysMatch(Role $other): bool - { - return $this->keyIds === $other->keyIds; - } - - /** - * Gets the role name. - * - * @return string - */ - public function getName(): string - { - return $this->name; - } - - /** - * Gets the threshold required. - * - * @return int - * The threshold number of signatures required for the role. - */ - public function getThreshold(): int - { - return $this->threshold; - } - - - /** - * Checks whether the given key is authorized for the role. - * - * @param string $keyId - * The key ID to check. - * - * @return boolean - * TRUE if the key is authorized for the given role, or FALSE - * otherwise. - */ - public function isKeyIdAcceptable(string $keyId): bool - { - return in_array($keyId, $this->keyIds, true); - } -} diff --git a/libraries/src/TUF/src/RoleDB.php b/libraries/src/TUF/src/RoleDB.php deleted file mode 100644 index 9f06b059773..00000000000 --- a/libraries/src/TUF/src/RoleDB.php +++ /dev/null @@ -1,116 +0,0 @@ -getRoles($allowUntrustedAccess) as $roleName => $roleInfo) { - $db->addRole($roleInfo); - } - - return $db; - } - - /** - * Constructs a new RoleDB object. - */ - public function __construct() - { - $this->roles = []; - } - - /** - * Adds role metadata to the database. - * - * @param string $roleName - * The role name. - * @param \Tuf\Role $role - * The role to add. - * - * @return void - * - * @throws \Exception Thrown if the role already exists. - */ - public function addRole(Role $role): void - { - if ($this->roleExists($role->getName())) { - throw new RoleExistsException('Role already exists: ' . $role->getName()); - } - - $this->roles[$role->getName()] = $role; - } - - /** - * Verifies whether a given role name is stored in the role database. - * - * @param string $roleName - * The role name. - * - * @return boolean - * True if the role is found in the role database; false otherwise. - */ - public function roleExists(string $roleName): bool - { - return !empty($this->roles[$roleName]); - } - - /** - * Gets the role information. - * - * @param string $roleName - * The role name. - * - * @return \Tuf\Role - * The role. - * - * @throws \Tuf\Exception\NotFoundException - * Thrown if the role does not exist. - * - * @see https://theupdateframework.github.io/specification/v1.0.18#document-formats - */ - public function getRole(string $roleName): Role - { - if (! $this->roleExists($roleName)) { - throw new NotFoundException($roleName, 'role'); - } - - /** @var \Tuf\Role $role */ - $role = $this->roles[$roleName]; - return $role; - } -} From b06ed4963ba664acccda1d23d43d617051c3a916 Mon Sep 17 00:00:00 2001 From: Franciska Perisa <9084265+fancyFranci@users.noreply.github.com> Date: Fri, 10 Jun 2022 16:31:55 +0200 Subject: [PATCH 13/56] What zero-24 says Co-authored-by: Tobias Zulauf --- .../components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql b/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql index 007d7a69130..ff16bbaef2d 100644 --- a/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql +++ b/administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-03-20.sql @@ -15,4 +15,4 @@ CREATE TABLE IF NOT EXISTS `#__tuf_metadata` ( -- -------------------------------------------------------- INSERT INTO `#__tuf_metadata` (`extension_id`, `root_json`) -SELECT `extension_id`, '{"keytype": "ed25519", "scheme": "ed25519", "keyid": "02c3130c26fb3fe13fda279d578f3bc251f2ca3a42e5878de063e0ee345533c9", "keyid_hash_algorithms": ["sha256", "sha512"], "keyval": {"public": "f813a2882b305389cac36a9b8ebee7576ba7a7de671d2617074b03c12fb003aa", "private": "b7cb4fab28bae035a6fc5d46736e6f2d10ea4ef943e6aace8c637c1fd141ac72"}}' FROM `tupsb_extensions` WHERE `type`='file' AND `element`='joomla'; +SELECT `extension_id`, '{"keytype": "ed25519", "scheme": "ed25519", "keyid": "02c3130c26fb3fe13fda279d578f3bc251f2ca3a42e5878de063e0ee345533c9", "keyid_hash_algorithms": ["sha256", "sha512"], "keyval": {"public": "f813a2882b305389cac36a9b8ebee7576ba7a7de671d2617074b03c12fb003aa", "private": "b7cb4fab28bae035a6fc5d46736e6f2d10ea4ef943e6aace8c637c1fd141ac72"}}' FROM `#__extensions` WHERE `type`='file' AND `element`='joomla'; From f81e0158b03bc9162d289c16fce7f9dc974821d8 Mon Sep 17 00:00:00 2001 From: Benjamin Trenkle Date: Fri, 10 Jun 2022 17:49:26 +0200 Subject: [PATCH 14/56] Update drone hash --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 4a705b79001..cbda382bbb9 100644 --- a/.drone.yml +++ b/.drone.yml @@ -478,6 +478,6 @@ trigger: --- kind: signature -hmac: 234ae9e7e2fbfa114ba754c68056dec518c76a93de2f5b098f569e355b50cc1b +hmac: d3733928f0d060a756fa26acf7ae591853a7a50cad53cffa243df7ae1bab66a8 ... From 7934f524d5271203daed31d7069ecfea4252b567 Mon Sep 17 00:00:00 2001 From: Benjamin Trenkle Date: Fri, 10 Jun 2022 17:54:53 +0200 Subject: [PATCH 15/56] Add symfony/validator into composer.lock --- composer.lock | 351 ++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 271 insertions(+), 80 deletions(-) diff --git a/composer.lock b/composer.lock index 71d70731a75..9dfb239cb98 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "e02971ec0a050805d6d4f8e175c3876e", + "content-hash": "1868030bc5c5a79c3bd59fc9e6aa8cf4", "packages": [ { "name": "algo26-matthias/idna-convert", @@ -4368,6 +4368,85 @@ ], "time": "2022-03-04T08:16:47+00:00" }, + { + "name": "symfony/polyfill-php81", + "version": "v1.25.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-php81.git", + "reference": "5de4ba2d41b15f9bd0e19b2ab9674135813ec98f" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/5de4ba2d41b15f9bd0e19b2ab9674135813ec98f", + "reference": "5de4ba2d41b15f9bd0e19b2ab9674135813ec98f", + "shasum": "" + }, + "require": { + "php": ">=7.1" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-main": "1.23-dev" + }, + "thanks": { + "name": "symfony/polyfill", + "url": "https://github.com/symfony/polyfill" + } + }, + "autoload": { + "files": [ + "bootstrap.php" + ], + "psr-4": { + "Symfony\\Polyfill\\Php81\\": "" + }, + "classmap": [ + "Resources/stubs" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill backporting some PHP 8.1+ features to lower PHP versions", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "polyfill", + "portable", + "shim" + ], + "support": { + "source": "https://github.com/symfony/polyfill-php81/tree/v1.25.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2021-09-13T13:58:11+00:00" + }, { "name": "symfony/service-contracts", "version": "v2.5.1", @@ -4537,6 +4616,197 @@ ], "time": "2022-01-02T09:53:40+00:00" }, + { + "name": "symfony/translation-contracts", + "version": "v2.5.1", + "source": { + "type": "git", + "url": "https://github.com/symfony/translation-contracts.git", + "reference": "1211df0afa701e45a04253110e959d4af4ef0f07" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/translation-contracts/zipball/1211df0afa701e45a04253110e959d4af4ef0f07", + "reference": "1211df0afa701e45a04253110e959d4af4ef0f07", + "shasum": "" + }, + "require": { + "php": ">=7.2.5" + }, + "suggest": { + "symfony/translation-implementation": "" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-main": "2.5-dev" + }, + "thanks": { + "name": "symfony/contracts", + "url": "https://github.com/symfony/contracts" + } + }, + "autoload": { + "psr-4": { + "Symfony\\Contracts\\Translation\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Generic abstractions related to translation", + "homepage": "https://symfony.com", + "keywords": [ + "abstractions", + "contracts", + "decoupling", + "interfaces", + "interoperability", + "standards" + ], + "support": { + "source": "https://github.com/symfony/translation-contracts/tree/v2.5.1" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2022-01-02T09:53:40+00:00" + }, + { + "name": "symfony/validator", + "version": "v5.4.8", + "source": { + "type": "git", + "url": "https://github.com/symfony/validator.git", + "reference": "bdc6d04ba95c73ccbf906b4ad9b8775c738d83ad" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/validator/zipball/bdc6d04ba95c73ccbf906b4ad9b8775c738d83ad", + "reference": "bdc6d04ba95c73ccbf906b4ad9b8775c738d83ad", + "shasum": "" + }, + "require": { + "php": ">=7.2.5", + "symfony/deprecation-contracts": "^2.1|^3", + "symfony/polyfill-ctype": "~1.8", + "symfony/polyfill-mbstring": "~1.0", + "symfony/polyfill-php73": "~1.0", + "symfony/polyfill-php80": "^1.16", + "symfony/polyfill-php81": "^1.22", + "symfony/translation-contracts": "^1.1|^2|^3" + }, + "conflict": { + "doctrine/annotations": "<1.13", + "doctrine/cache": "<1.11", + "doctrine/lexer": "<1.1", + "phpunit/phpunit": "<5.4.3", + "symfony/dependency-injection": "<4.4", + "symfony/expression-language": "<5.1", + "symfony/http-kernel": "<4.4", + "symfony/intl": "<4.4", + "symfony/property-info": "<5.3", + "symfony/translation": "<4.4", + "symfony/yaml": "<4.4" + }, + "require-dev": { + "doctrine/annotations": "^1.13", + "doctrine/cache": "^1.11|^2.0", + "egulias/email-validator": "^2.1.10|^3", + "symfony/cache": "^4.4|^5.0|^6.0", + "symfony/config": "^4.4|^5.0|^6.0", + "symfony/console": "^4.4|^5.0|^6.0", + "symfony/dependency-injection": "^4.4|^5.0|^6.0", + "symfony/expression-language": "^5.1|^6.0", + "symfony/finder": "^4.4|^5.0|^6.0", + "symfony/http-client": "^4.4|^5.0|^6.0", + "symfony/http-foundation": "^4.4|^5.0|^6.0", + "symfony/http-kernel": "^4.4|^5.0|^6.0", + "symfony/intl": "^4.4|^5.0|^6.0", + "symfony/mime": "^4.4|^5.0|^6.0", + "symfony/property-access": "^4.4|^5.0|^6.0", + "symfony/property-info": "^5.3|^6.0", + "symfony/translation": "^4.4|^5.0|^6.0", + "symfony/yaml": "^4.4|^5.0|^6.0" + }, + "suggest": { + "egulias/email-validator": "Strict (RFC compliant) email validation", + "psr/cache-implementation": "For using the mapping cache.", + "symfony/config": "", + "symfony/expression-language": "For using the Expression validator and the ExpressionLanguageSyntax constraints", + "symfony/http-foundation": "", + "symfony/intl": "", + "symfony/property-access": "For accessing properties within comparison constraints", + "symfony/property-info": "To automatically add NotNull and Type constraints", + "symfony/translation": "For translating validation errors.", + "symfony/yaml": "" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\Validator\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Provides tools to validate values", + "homepage": "https://symfony.com", + "support": { + "source": "https://github.com/symfony/validator/tree/v5.4.8" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2022-04-15T08:07:45+00:00" + }, { "name": "symfony/var-dumper", "version": "v5.4.6", @@ -10394,85 +10664,6 @@ ], "time": "2022-01-26T16:34:36+00:00" }, - { - "name": "symfony/polyfill-php81", - "version": "v1.25.0", - "source": { - "type": "git", - "url": "https://github.com/symfony/polyfill-php81.git", - "reference": "5de4ba2d41b15f9bd0e19b2ab9674135813ec98f" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/5de4ba2d41b15f9bd0e19b2ab9674135813ec98f", - "reference": "5de4ba2d41b15f9bd0e19b2ab9674135813ec98f", - "shasum": "" - }, - "require": { - "php": ">=7.1" - }, - "type": "library", - "extra": { - "branch-alias": { - "dev-main": "1.23-dev" - }, - "thanks": { - "name": "symfony/polyfill", - "url": "https://github.com/symfony/polyfill" - } - }, - "autoload": { - "files": [ - "bootstrap.php" - ], - "psr-4": { - "Symfony\\Polyfill\\Php81\\": "" - }, - "classmap": [ - "Resources/stubs" - ] - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Nicolas Grekas", - "email": "p@tchwork.com" - }, - { - "name": "Symfony Community", - "homepage": "https://symfony.com/contributors" - } - ], - "description": "Symfony polyfill backporting some PHP 8.1+ features to lower PHP versions", - "homepage": "https://symfony.com", - "keywords": [ - "compatibility", - "polyfill", - "portable", - "shim" - ], - "support": { - "source": "https://github.com/symfony/polyfill-php81/tree/v1.25.0" - }, - "funding": [ - { - "url": "https://symfony.com/sponsor", - "type": "custom" - }, - { - "url": "https://github.com/fabpot", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", - "type": "tidelift" - } - ], - "time": "2021-09-13T13:58:11+00:00" - }, { "name": "symfony/process", "version": "v5.4.7", From 7fd25c83c47a7a29fd72eda2a735488f4a0c4c82 Mon Sep 17 00:00:00 2001 From: Benjamin Trenkle Date: Fri, 10 Jun 2022 17:57:55 +0200 Subject: [PATCH 16/56] Codestyle fixes --- libraries/src/TUF/DatabaseStorage.php | 62 +++++++++++++-------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/libraries/src/TUF/DatabaseStorage.php b/libraries/src/TUF/DatabaseStorage.php index 253cec551ae..2b8acb5d6ff 100644 --- a/libraries/src/TUF/DatabaseStorage.php +++ b/libraries/src/TUF/DatabaseStorage.php @@ -37,7 +37,7 @@ public function __construct(DatabaseDriver $db, int $extensionId) { $this->table = new Tuf($db); - $this->table->load($extensionId); + $this->table->load($extensionId); } /** @@ -45,9 +45,9 @@ public function __construct(DatabaseDriver $db, int $extensionId) */ public function offsetExists(mixed $offset): bool { - $column = $this->getCleanColumn($offset); + $column = $this->getCleanColumn($offset); - return substr($offset, -5) === '_json' && $this->table->hasField($column) && strlen($this->table->$column); + return substr($offset, -5) === '_json' && $this->table->hasField($column) && strlen($this->table->$column); } /** @@ -55,14 +55,14 @@ public function offsetExists(mixed $offset): bool */ public function offsetGet($offset): mixed { - if (!$this->offsetExists($offset)) - { - throw new RoleNotFoundException; - } + if (!$this->offsetExists($offset)) + { + throw new RoleNotFoundException; + } - $column = $this->getCleanColumn($offset); + $column = $this->getCleanColumn($offset); - return $this->table->$column; + return $this->table->$column; } /** @@ -70,14 +70,14 @@ public function offsetGet($offset): mixed */ public function offsetSet($offset, $value): void { - if (!$this->offsetExists($offset)) - { - throw new RoleNotFoundException; - } + if (!$this->offsetExists($offset)) + { + throw new RoleNotFoundException; + } $this->table->$offset = $value; - $this->table->store(); + $this->table->store(); } /** @@ -85,25 +85,25 @@ public function offsetSet($offset, $value): void */ public function offsetUnset($offset): void { - if (!$this->offsetExists($offset)) - { - throw new RoleNotFoundException; - } + if (!$this->offsetExists($offset)) + { + throw new RoleNotFoundException; + } - $this->table->$offset = ''; + $this->table->$offset = ''; - $this->table->store(); + $this->table->store(); } - /** - * Convert file names to table columns - * - * @param string $name - * - * @return string - */ - protected function getCleanColumn($name): string - { - return str_replace('.', '_', $name); - } + /** + * Convert file names to table columns + * + * @param string $name + * + * @return string + */ + protected function getCleanColumn($name): string + { + return str_replace('.', '_', $name); + } } From dd22ede62a2630ed2f786f85c294f6f5c4055f1a Mon Sep 17 00:00:00 2001 From: Benjamin Trenkle Date: Fri, 10 Jun 2022 18:22:26 +0200 Subject: [PATCH 17/56] Fix code style --- libraries/src/TUF/DatabaseStorage.php | 31 +++++++++++++++++++++------ libraries/src/TUF/TufValidation.php | 7 +++--- 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/libraries/src/TUF/DatabaseStorage.php b/libraries/src/TUF/DatabaseStorage.php index 2b8acb5d6ff..54bbfc075fd 100644 --- a/libraries/src/TUF/DatabaseStorage.php +++ b/libraries/src/TUF/DatabaseStorage.php @@ -30,8 +30,8 @@ class DatabaseStorage implements \ArrayAccess /** * Initialize the DatabaseStorage class * - * @param DatabaseDriver $db - * @param integer $extensionId + * @param DatabaseDriver $db A database connector object + * @param integer $extensionId The extension ID where the storage should be implemented for */ public function __construct(DatabaseDriver $db, int $extensionId) { @@ -41,7 +41,11 @@ public function __construct(DatabaseDriver $db, int $extensionId) } /** - * {@inheritdoc} + * Check if an offset/table column exists + * + * @param mixed $offset The offset/database column to check for + * + * @return boolean */ public function offsetExists(mixed $offset): bool { @@ -51,7 +55,11 @@ public function offsetExists(mixed $offset): bool } /** - * {@inheritdoc} + * Get the value of a table column + * + * @param mixed $offset The column name to get the value for + * + * @return mixed */ public function offsetGet($offset): mixed { @@ -66,7 +74,12 @@ public function offsetGet($offset): mixed } /** - * {@inheritdoc} + * Set a value in a column + * + * @param [type] $offset The table column to set the value + * @param [type] $value The value to set + * + * @return void */ public function offsetSet($offset, $value): void { @@ -81,7 +94,11 @@ public function offsetSet($offset, $value): void } /** - * {@inheritdoc} + * Reset the value to a + * + * @param mixed $offset The table column to reset the value to null + * + * @return void */ public function offsetUnset($offset): void { @@ -98,7 +115,7 @@ public function offsetUnset($offset): void /** * Convert file names to table columns * - * @param string $name + * @param string $name The original file name * * @return string */ diff --git a/libraries/src/TUF/TufValidation.php b/libraries/src/TUF/TufValidation.php index 521d11561f8..b8c644d0629 100644 --- a/libraries/src/TUF/TufValidation.php +++ b/libraries/src/TUF/TufValidation.php @@ -46,9 +46,8 @@ class TufValidation /** * Validating updates with TUF * - * @param integer $extensionId The ID of the extension to be checked - * @param mixed $params The parameters containing the Base-URI, the Metadata- and Targets-Path and mirrors for - * the update + * @param integer $extensionId The ID of the extension to be checked + * @param mixed $params The parameters containing the Base-URI, the Metadata- and Targets-Path and mirrors for the update */ public function __construct(int $extensionId, mixed $params) { @@ -60,7 +59,7 @@ public function __construct(int $extensionId, mixed $params) { $this->configureTufOptions($resolver); } - catch (\Exception) + catch (\Exception $e) { } From 93fcbfb2cc620043a6babef4084a7695a6c3d02d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20Nu=CC=88bel?= Date: Sat, 11 Jun 2022 14:39:55 +0200 Subject: [PATCH 18/56] wip tuf --- composer.json | 9 +- libraries/src/TUF/DatabaseStorage.php | 111 ++++--- libraries/src/TUF/TufValidation.php | 15 +- libraries/src/Updater/Adapter/TufAdapter.php | 309 +++++++++++++++++++ 4 files changed, 394 insertions(+), 50 deletions(-) create mode 100644 libraries/src/Updater/Adapter/TufAdapter.php diff --git a/composer.json b/composer.json index 423c707d04e..7f84da2fbd6 100644 --- a/composer.json +++ b/composer.json @@ -30,6 +30,11 @@ "type": "vcs", "url": "https://github.com/joomla-backports/json-api-php.git", "no-api": true + }, + { + "type": "vcs", + "url": "https://github.com/joomla-projects/php-tuf.git", + "no-api": true } ], "autoload": { @@ -94,8 +99,8 @@ "web-auth/webauthn-lib": "2.1.*", "composer/ca-bundle": "^1.2", "dragonmantank/cron-expression": "^3.1", - "symfony/validator": "^5.4", - "enshrined/svg-sanitize": "^0.15.4" + "enshrined/svg-sanitize": "^0.15.4", + "php-tuf/php-tuf": "dev-joomla-cfhack2022" }, "require-dev": { "phpunit/phpunit": "^8.5", diff --git a/libraries/src/TUF/DatabaseStorage.php b/libraries/src/TUF/DatabaseStorage.php index 253cec551ae..d203b5fb5fa 100644 --- a/libraries/src/TUF/DatabaseStorage.php +++ b/libraries/src/TUF/DatabaseStorage.php @@ -30,80 +30,115 @@ class DatabaseStorage implements \ArrayAccess /** * Initialize the DatabaseStorage class * - * @param DatabaseDriver $db - * @param integer $extensionId + * @param DatabaseDriver $db A database connector object + * @param integer $extensionId The extension ID where the storage should be implemented for */ public function __construct(DatabaseDriver $db, int $extensionId) { $this->table = new Tuf($db); - $this->table->load($extensionId); + $this->table->load(['extension_id' => $extensionId]); } /** - * {@inheritdoc} + * Check if an offset/table column exists and is not null + * + * @param mixed $offset The offset/database column to check for + * + * @return boolean */ public function offsetExists(mixed $offset): bool { - $column = $this->getCleanColumn($offset); + $column = $this->getCleanColumn($offset); + + return substr($column, -5) === '_json' && $this->table->hasField($column) && !is_null($this->table->$column); + } + + /** + * Check if an offset/table column exists + * + * @param mixed $offset The offset/database column to check for + * + * @return boolean + */ + public function tableColumnExists(mixed $offset): bool + { + $column = $this->getCleanColumn($offset); - return substr($offset, -5) === '_json' && $this->table->hasField($column) && strlen($this->table->$column); + return substr($column, -5) === '_json' && $this->table->hasField($column); } /** - * {@inheritdoc} + * Get the value of a table column + * + * @param mixed $offset The column name to get the value for + * + * @return mixed */ public function offsetGet($offset): mixed { - if (!$this->offsetExists($offset)) - { - throw new RoleNotFoundException; - } + if (!$this->offsetExists($offset)) + { + throw new RoleNotFoundException; + } - $column = $this->getCleanColumn($offset); + $column = $this->getCleanColumn($offset); - return $this->table->$column; + return $this->table->$column; } /** - * {@inheritdoc} + * Set a value in a column + * + * @param [type] $offset The table column to set the value + * @param [type] $value The value to set + * + * @return void */ public function offsetSet($offset, $value): void { - if (!$this->offsetExists($offset)) - { - throw new RoleNotFoundException; - } + if (!$this->tableColumnExists($offset)) + { + throw new RoleNotFoundException; + } + + $column = $this->getCleanColumn($offset); - $this->table->$offset = $value; + $this->table->$column = $value; - $this->table->store(); + $this->table->store(); } /** - * {@inheritdoc} + * Reset the value to a + * + * @param mixed $offset The table column to reset the value to null + * + * @return void */ public function offsetUnset($offset): void { - if (!$this->offsetExists($offset)) - { - throw new RoleNotFoundException; - } + if (!$this->offsetExists($offset)) + { + throw new RoleNotFoundException; + } + + $column = $this->getCleanColumn($offset); - $this->table->$offset = ''; + $this->table->$column = null; - $this->table->store(); + $this->table->store(true); } - /** - * Convert file names to table columns - * - * @param string $name - * - * @return string - */ - protected function getCleanColumn($name): string - { - return str_replace('.', '_', $name); - } + /** + * Convert file names to table columns + * + * @param string $name The original file name + * + * @return string + */ + protected function getCleanColumn($name): string + { + return str_replace('.', '_', $name); + } } diff --git a/libraries/src/TUF/TufValidation.php b/libraries/src/TUF/TufValidation.php index 521d11561f8..70239082975 100644 --- a/libraries/src/TUF/TufValidation.php +++ b/libraries/src/TUF/TufValidation.php @@ -114,10 +114,13 @@ public function getValidUpdate(): mixed // $db = Factory::getDbo(); $fileFetcher = GuzzleFileFetcher::createFromUri($this->params['url_prefix'], $this->params['metadata_path'], $this->params['targets_path']); + + $storage = new DatabaseStorage($db, $this->extensionId); + $updater = new Updater( $fileFetcher, $this->params['mirrors'], - new DatabaseStorage($db, $this->extensionId) + $storage ); try @@ -125,16 +128,8 @@ public function getValidUpdate(): mixed // Refresh the data if needed, it will be written inside the DB, then we fetch it afterwards and return it to // the caller $updater->refresh(); - $query = $db->getQuery(true) - ->select('targets_json') - ->from($db->quoteName('#__tuf_metadata', 'map')) - ->where($db->quoteName('map.id') . ' = :id') - ->bind(':id', $this->extensionId, ParameterType::INTEGER); - $db->setQuery($query); - - $resultArray = (array) $db->loadObject(); - return JsonNormalizer::decode($resultArray['targets_json']); + return $storage['targets.json']; } catch (FreezeAttackException | MetadataException | SignatureThresholdException | RollbackAttackException $e) { diff --git a/libraries/src/Updater/Adapter/TufAdapter.php b/libraries/src/Updater/Adapter/TufAdapter.php new file mode 100644 index 00000000000..1b5ac30f32e --- /dev/null +++ b/libraries/src/Updater/Adapter/TufAdapter.php @@ -0,0 +1,309 @@ + + * @license GNU General Public License version 2 or later; see LICENSE.txt + */ + +namespace Joomla\CMS\Updater\Adapter; + +\defined('JPATH_PLATFORM') or die; + +use Joomla\CMS\Application\ApplicationHelper; +use Joomla\CMS\Factory; +use Joomla\CMS\Filter\InputFilter; +use Joomla\CMS\Language\Text; +use Joomla\CMS\Table\Table; +use Joomla\CMS\Updater\UpdateAdapter; +use Joomla\CMS\Updater\Updater; +use Joomla\CMS\Version; +use Joomla\CMS\TUF\TufValidation; +use Joomla\Database\ParameterType; + +/** + * Extension class for updater + * + * @since 1.7.0 + */ +class TufAdapter extends UpdateAdapter +{ + + /** + * Finds an update. + * + * @param array $options Update options. + * + * @return array|boolean Array containing the array of update sites and array of updates. False on failure + * + * @since 1.7.0 + */ + public function findUpdate($options) + { + // Get extension_id for TufValidation + $db = $this->parent->getDbo(); + + $query = $db->getQuery(true) + ->select($db->quoteName('extension_id')) + ->from($db->quoteName('#__update_sites_extensions')) + ->where($db->quoteName('update_site_id') . ' = :id') + ->bind(':id', $options['update_site_id'], ParameterType::INTEGER); + $db->setQuery($query); + + try + { + $extension_id = $db->loadResult(); + } + catch (\RuntimeException $e) + { + // Do nothing + } + + $params = [ + 'url_prefix' => 'https://raw.githubusercontent.com', + 'metadata_path' => '/joomla/updates/test/repository/', + 'targets_path' => '/targets/', + 'mirrors' => [] + ]; + + $TufValidation = new TufValidation($extension_id, $params); + $metaData = $TufValidation->getValidUpdate(); + + if ($metaData === false) + { + return false; + } + + $metaData = json_decode($metaData); + + $b = $metaData['signed']['targets']; + + if (isset($metaData->signed->targets)) + { + $targets = $metaData->signed->targets; + foreach ($targets as $filename => $target) + { + + } + $c = $metaData->signed->targets + } + + + + //print_r($metaData->version); + var_dump($metaData);die(); + + $table = Table::getInstance('Update'); + + // Evaluate Data + + + $this->currentUpdate->update_site_id = $this->updateSiteId; + $this->currentUpdate->detailsurl = $this->_url; + $this->currentUpdate->folder = ''; + $this->currentUpdate->client_id = 1; + $this->currentUpdate->infourl = ''; + /** + if (\in_array($name, $this->updatecols)) + { + $name = strtolower($name); + $this->currentUpdate->$name = ''; + } + + if ($name === 'TARGETPLATFORM') + { + $this->currentUpdate->targetplatform = $attrs; + } + + if ($name === 'PHP_MINIMUM') + { + $this->currentUpdate->php_minimum = ''; + } + + if ($name === 'SUPPORTED_DATABASES') + { + $this->currentUpdate->supported_databases = $attrs; + } + **/ + // Lower case and remove the exclamation mark + $product = strtolower(InputFilter::getInstance()->clean(Version::PRODUCT, 'cmd')); + print_r($product); + + // Check that the product matches and that the version matches (optionally a regexp) + if ($product == $this->currentUpdate->targetplatform['NAME'] + && preg_match('/^' . $this->currentUpdate->targetplatform['VERSION'] . '/', JVERSION)) + { + // Check if PHP version supported via tag, assume true if tag isn't present + if (!isset($this->currentUpdate->php_minimum) || version_compare(PHP_VERSION, $this->currentUpdate->php_minimum, '>=')) + { + $phpMatch = true; + } + else + { + // Notify the user of the potential update + $msg = Text::sprintf( + 'JLIB_INSTALLER_AVAILABLE_UPDATE_PHP_VERSION', + $this->currentUpdate->name, + $this->currentUpdate->version, + $this->currentUpdate->php_minimum, + PHP_VERSION + ); + + Factory::getApplication()->enqueueMessage($msg, 'warning'); + + $phpMatch = false; + } + + $dbMatch = false; + + // Check if DB & version is supported via tag, assume supported if tag isn't present + if (isset($this->currentUpdate->supported_databases)) + { + $db = Factory::getDbo(); + $dbType = strtoupper($db->getServerType()); + $dbVersion = $db->getVersion(); + $supportedDbs = $this->currentUpdate->supported_databases; + + // MySQL and MariaDB use the same database driver but not the same version numbers + if ($dbType === 'mysql') + { + // Check whether we have a MariaDB version string and extract the proper version from it + if (stripos($dbVersion, 'mariadb') !== false) + { + // MariaDB: Strip off any leading '5.5.5-', if present + $dbVersion = preg_replace('/^5\.5\.5-/', '', $dbVersion); + $dbType = 'mariadb'; + } + } + + // Do we have an entry for the database? + if (\array_key_exists($dbType, $supportedDbs)) + { + $minimumVersion = $supportedDbs[$dbType]; + $dbMatch = version_compare($dbVersion, $minimumVersion, '>='); + + if (!$dbMatch) + { + // Notify the user of the potential update + $dbMsg = Text::sprintf( + 'JLIB_INSTALLER_AVAILABLE_UPDATE_DB_MINIMUM', + $this->currentUpdate->name, + $this->currentUpdate->version, + Text::_($db->name), + $dbVersion, + $minimumVersion + ); + + Factory::getApplication()->enqueueMessage($dbMsg, 'warning'); + } + } + else + { + // Notify the user of the potential update + $dbMsg = Text::sprintf( + 'JLIB_INSTALLER_AVAILABLE_UPDATE_DB_TYPE', + $this->currentUpdate->name, + $this->currentUpdate->version, + Text::_($db->name) + ); + + Factory::getApplication()->enqueueMessage($dbMsg, 'warning'); + } + } + else + { + // Set to true if the tag is not set + $dbMatch = true; + } + + // Check minimum stability + $stabilityMatch = true; + + if (isset($this->currentUpdate->stability) && ($this->currentUpdate->stability < $this->minimum_stability)) + { + $stabilityMatch = false; + } + + // Some properties aren't valid fields in the update table so unset them to prevent J! from trying to store them + unset($this->currentUpdate->targetplatform); + + if (isset($this->currentUpdate->php_minimum)) + { + unset($this->currentUpdate->php_minimum); + } + + if (isset($this->currentUpdate->supported_databases)) + { + unset($this->currentUpdate->supported_databases); + } + + if (isset($this->currentUpdate->stability)) + { + unset($this->currentUpdate->stability); + } + + // If the PHP version and minimum stability checks pass, consider this version as a possible update + if ($phpMatch && $stabilityMatch && $dbMatch) + { + if (isset($this->latest)) + { + // We already have a possible update. Check the version. + if (version_compare($this->currentUpdate->version, $this->latest->version, '>') == 1) + { + $this->latest = $this->currentUpdate; + } + } + else + { + // We don't have any possible updates yet, assume this is an available update. + $this->latest = $this->currentUpdate; + } + } + } + + if (\array_key_exists('minimum_stability', $options)) + { + $this->minimum_stability = $options['minimum_stability']; + } +//$this->update_sites[] = array('type' => 'collection', 'location' => $attrs['REF'], 'update_site_id' => $this->updateSiteId); + if (isset($this->latest)) + { + if (isset($this->latest->client) && \strlen($this->latest->client)) + { + $this->latest->client_id = ApplicationHelper::getClientInfo($this->latest->client, true)->id; + + unset($this->latest->client); + } + + $updates = array($this->latest); + } + else + { + $updates = array(); + } + + return array('update_sites' => array(), 'updates' => $updates); + } + + /** + * Converts a tag to numeric stability representation. If the tag doesn't represent a known stability level (one of + * dev, alpha, beta, rc, stable) it is ignored. + * + * @param string $tag The tag string, e.g. dev, alpha, beta, rc, stable + * + * @return integer + * + * @since 3.4 + */ + protected function stabilityTagToInteger($tag) + { + $constant = '\\Joomla\\CMS\\Updater\\Updater::STABILITY_' . strtoupper($tag); + + if (\defined($constant)) + { + return \constant($constant); + } + + return Updater::STABILITY_STABLE; + } +} From effde12d8b0f2fd4339f0f1a9f9e4dcda99eac17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20Nu=CC=88bel?= Date: Sat, 11 Jun 2022 15:01:18 +0200 Subject: [PATCH 19/56] Change GuzzleFilteFetcher to HttpFileFetcher --- libraries/src/TUF/TufValidation.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libraries/src/TUF/TufValidation.php b/libraries/src/TUF/TufValidation.php index 70239082975..0fdee05862a 100644 --- a/libraries/src/TUF/TufValidation.php +++ b/libraries/src/TUF/TufValidation.php @@ -15,6 +15,7 @@ use Symfony\Component\OptionsResolver\Exception\UndefinedOptionsException; use Symfony\Component\OptionsResolver\OptionsResolver; use Tuf\Client\GuzzleFileFetcher; +use Tuf\Client\HttpFileFetcher; use Tuf\Client\Updater; use Tuf\Exception\Attack\FreezeAttackException; use Tuf\Exception\Attack\RollbackAttackException; @@ -113,7 +114,7 @@ public function getValidUpdate(): mixed // $db = Factory::getDbo(); - $fileFetcher = GuzzleFileFetcher::createFromUri($this->params['url_prefix'], $this->params['metadata_path'], $this->params['targets_path']); + $fileFetcher = HttpFileFetcher::createFromUri($this->params['url_prefix'], $this->params['metadata_path'], $this->params['targets_path']); $storage = new DatabaseStorage($db, $this->extensionId); From 3b057a895622fa0b35899be269baf56c963684da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20Nu=CC=88bel?= Date: Sat, 11 Jun 2022 15:03:26 +0200 Subject: [PATCH 20/56] add missing semicolon --- libraries/src/Updater/Adapter/TufAdapter.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/src/Updater/Adapter/TufAdapter.php b/libraries/src/Updater/Adapter/TufAdapter.php index 1b5ac30f32e..bb6d111d8bd 100644 --- a/libraries/src/Updater/Adapter/TufAdapter.php +++ b/libraries/src/Updater/Adapter/TufAdapter.php @@ -85,7 +85,7 @@ public function findUpdate($options) { } - $c = $metaData->signed->targets + $c = $metaData->signed->targets; } From 1da619b26b3eb2d039ce4af54b99e86068ae1355 Mon Sep 17 00:00:00 2001 From: zero-24 Date: Sat, 11 Jun 2022 17:36:33 +0200 Subject: [PATCH 21/56] initial wip --- libraries/src/Updater/ConstrainChecker.php | 195 +++++++++++++++++++++ 1 file changed, 195 insertions(+) create mode 100644 libraries/src/Updater/ConstrainChecker.php diff --git a/libraries/src/Updater/ConstrainChecker.php b/libraries/src/Updater/ConstrainChecker.php new file mode 100644 index 00000000000..9fd0af7f130 --- /dev/null +++ b/libraries/src/Updater/ConstrainChecker.php @@ -0,0 +1,195 @@ + + * @license GNU General Public License version 2 or later; see LICENSE.txt + */ + +namespace Joomla\CMS\Updater; + +\defined('JPATH_PLATFORM') or die; + +use Joomla\CMS\Component\ComponentHelper; +use Joomla\CMS\Factory; +use Joomla\CMS\Filter\InputFilter; +use Joomla\CMS\Updater\Updater; +use Joomla\CMS\Version; + +/** + * ConstrainChecker Class + * + * @since __DEPLOY_VERSION__ + */ +class ConstrainChecker +{ + /** + * Checks whether the passed constraints are matched + * + * @param array $constraints + * + * @return bool + * + * @since __DEPLOY_VERSION__ + */ + public function check($constraints) + { + if (!isset($constraints['targetplatform'])) + { + // targetplatform is required + return false; + } + + // check targetplatform -> true/false + if (!$this->checkTargetplatform($constraints['targetplatform'])) + { + return false; + } + + // check php_minimum + if (isset($constraints['phpMinimum']) && !$this->checkPhpMinimum($constraints['phpMinimum'])) + { + return false; + } + + // check supported databases + if (isset($constraints['supportedDatabases']) && !$this->checkSupportedDatabases($constraints['supportedDatabases'])) + { + return false; + } + + // check stability + if (isset($constraints['stability']) && !$this->checkStability($constraints['stability'])) + { + return false; + } + + return true; + + } + + /** + * Check the targetPlatform + * + * @param object $targetPlatform + * + * @return void + * + * @since __DEPLOY_VERSION__ + */ + protected function checkTargetplatform($targetPlatform) + { + // Lower case and remove the exclamation mark + $product = strtolower(InputFilter::getInstance()->clean(Version::PRODUCT, 'cmd')); + + // Check that the product matches and that the version matches (optionally a regexp) + if ($product === $targetPlatform->name + && preg_match('/^' . $targetPlatform->version . '/', JVERSION)) + { + return true; + } + + return false; + } + + /** + * Character Parser Function + * + * @param string $phpMinimum The minimum php version + * + * @return bool + * + * @since __DEPLOY_VERSION__ + */ + protected function checkPhpMinimum($phpMinimum) + { + // Check if PHP version supported via tag, assume true if tag isn't present + if (version_compare(PHP_VERSION, $phpMinimum, '>=')) + { + return true; + } + } + + /** + * Character Parser Function + * + * @param object $supportedDatabases stdClass of supporte databases and versions + * + * @return bool + * + * @since __DEPLOY_VERSION__ + */ + protected function checkSupportedDatabases($supportedDatabases) + { + $db = Factory::getDbo(); + $dbType = strtoupper($db->getServerType()); + $dbVersion = $db->getVersion(); + + // MySQL and MariaDB use the same database driver but not the same version numbers + if ($dbType === 'mysql') + { + // Check whether we have a MariaDB version string and extract the proper version from it + if (stripos($dbVersion, 'mariadb') !== false) + { + // MariaDB: Strip off any leading '5.5.5-', if present + $dbVersion = preg_replace('/^5\.5\.5-/', '', $dbVersion); + $dbType = 'mariadb'; + } + } + + // Do we have an entry for the database? + if (\property_exists($dbType, $supportedDatabases)) + { + $minimumVersion = $supportedDatabases[$dbType]; + + return version_compare($dbVersion, $minimumVersion, '>='); + } + + return false; + } + + /** + * Character Parser Function + * + * @param string $stability Stability to check + * + * @return bool + * + * @since __DEPLOY_VERSION__ + */ + protected function checkStability($stability) + { + $minimumStability = ComponentHelper::getParams('com_installer')->get('minimum_stability', Updater::STABILITY_STABLE); + + $stability = $this->stabilityTagToInteger($stability); + + if (($stability < $minimumStability)) + { + return false; + } + + return true; + } + + /** + * Converts a tag to numeric stability representation. If the tag doesn't represent a known stability level (one of + * dev, alpha, beta, rc, stable) it is ignored. + * + * @param string $tag The tag string, e.g. dev, alpha, beta, rc, stable + * + * @return integer + * + * @since __DEPLOY_VERSION__ + */ + protected function stabilityTagToInteger($tag) + { + $constant = '\\Joomla\\CMS\\Updater\\Updater::STABILITY_' . strtoupper($tag); + + if (\defined($constant)) + { + return \constant($constant); + } + + return Updater::STABILITY_STABLE; + } +} From f6ac9c520f47e1edbe9744c2e7216966dd42d9af Mon Sep 17 00:00:00 2001 From: zero-24 Date: Sat, 11 Jun 2022 17:44:27 +0200 Subject: [PATCH 22/56] doc block updates --- libraries/src/Updater/ConstrainChecker.php | 25 +++++++++++----------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/libraries/src/Updater/ConstrainChecker.php b/libraries/src/Updater/ConstrainChecker.php index 9fd0af7f130..9b895eab6d5 100644 --- a/libraries/src/Updater/ConstrainChecker.php +++ b/libraries/src/Updater/ConstrainChecker.php @@ -26,7 +26,7 @@ class ConstrainChecker /** * Checks whether the passed constraints are matched * - * @param array $constraints + * @param array $constraints The provided constraints to be checked * * @return bool * @@ -40,32 +40,31 @@ public function check($constraints) return false; } - // check targetplatform -> true/false + // Check targetplatform if (!$this->checkTargetplatform($constraints['targetplatform'])) { return false; } - // check php_minimum + // Check php_minimum if (isset($constraints['phpMinimum']) && !$this->checkPhpMinimum($constraints['phpMinimum'])) { return false; } - // check supported databases + // Check supported databases if (isset($constraints['supportedDatabases']) && !$this->checkSupportedDatabases($constraints['supportedDatabases'])) { return false; } - // check stability + // Check stability if (isset($constraints['stability']) && !$this->checkStability($constraints['stability'])) { return false; } return true; - } /** @@ -73,7 +72,7 @@ public function check($constraints) * * @param object $targetPlatform * - * @return void + * @return bool * * @since __DEPLOY_VERSION__ */ @@ -93,9 +92,9 @@ protected function checkTargetplatform($targetPlatform) } /** - * Character Parser Function + * Check the minimum PHP version * - * @param string $phpMinimum The minimum php version + * @param string $phpMinimum The minimum php version to check * * @return bool * @@ -111,9 +110,9 @@ protected function checkPhpMinimum($phpMinimum) } /** - * Character Parser Function + * Check the supported databases and versions * - * @param object $supportedDatabases stdClass of supporte databases and versions + * @param object $supportedDatabases stdClass of supported databases and versions * * @return bool * @@ -149,9 +148,9 @@ protected function checkSupportedDatabases($supportedDatabases) } /** - * Character Parser Function + * Check the stability * - * @param string $stability Stability to check + * @param string $stability Stability tag to check * * @return bool * From 5585d3276e8809d32cd10c0545d02c1259b1e9f8 Mon Sep 17 00:00:00 2001 From: zero-24 Date: Sat, 11 Jun 2022 18:08:51 +0200 Subject: [PATCH 23/56] wip php minimum & stability --- libraries/src/Updater/ConstrainChecker.php | 26 +++++++++++----------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/libraries/src/Updater/ConstrainChecker.php b/libraries/src/Updater/ConstrainChecker.php index 9b895eab6d5..37f122e961a 100644 --- a/libraries/src/Updater/ConstrainChecker.php +++ b/libraries/src/Updater/ConstrainChecker.php @@ -59,7 +59,7 @@ public function check($constraints) } // Check stability - if (isset($constraints['stability']) && !$this->checkStability($constraints['stability'])) + if (isset($constraints['stability']) && !$this->checkStability($constraints['stability']['tags'])) { return false; } @@ -103,10 +103,7 @@ protected function checkTargetplatform($targetPlatform) protected function checkPhpMinimum($phpMinimum) { // Check if PHP version supported via tag, assume true if tag isn't present - if (version_compare(PHP_VERSION, $phpMinimum, '>=')) - { - return true; - } + return version_compare(PHP_VERSION, $phpMinimum, '>='); } /** @@ -150,24 +147,27 @@ protected function checkSupportedDatabases($supportedDatabases) /** * Check the stability * - * @param string $stability Stability tag to check + * @param array $stabilityTags Stability tags to check * * @return bool * * @since __DEPLOY_VERSION__ */ - protected function checkStability($stability) + protected function checkStability($stabilityTags) { $minimumStability = ComponentHelper::getParams('com_installer')->get('minimum_stability', Updater::STABILITY_STABLE); - $stability = $this->stabilityTagToInteger($stability); - - if (($stability < $minimumStability)) + foreach ($stabilityTags as $tag) { - return false; - } + $stability = $this->stabilityTagToInteger($stability); - return true; + if (($stability < $minimumStability)) + { + return false; + } + + return true; + } } /** From f35a4a9161f52f739722c5dbe2f6f1e58cf38224 Mon Sep 17 00:00:00 2001 From: zero-24 Date: Sat, 11 Jun 2022 18:21:29 +0200 Subject: [PATCH 24/56] wip stability validation --- libraries/src/Updater/ConstrainChecker.php | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/libraries/src/Updater/ConstrainChecker.php b/libraries/src/Updater/ConstrainChecker.php index 37f122e961a..b319f7d0b87 100644 --- a/libraries/src/Updater/ConstrainChecker.php +++ b/libraries/src/Updater/ConstrainChecker.php @@ -32,7 +32,7 @@ class ConstrainChecker * * @since __DEPLOY_VERSION__ */ - public function check($constraints) + public function check(array $constraints) { if (!isset($constraints['targetplatform'])) { @@ -76,7 +76,7 @@ public function check($constraints) * * @since __DEPLOY_VERSION__ */ - protected function checkTargetplatform($targetPlatform) + protected function checkTargetplatform(stdClass $targetPlatform) { // Lower case and remove the exclamation mark $product = strtolower(InputFilter::getInstance()->clean(Version::PRODUCT, 'cmd')); @@ -100,7 +100,7 @@ protected function checkTargetplatform($targetPlatform) * * @since __DEPLOY_VERSION__ */ - protected function checkPhpMinimum($phpMinimum) + protected function checkPhpMinimum(string $phpMinimum) { // Check if PHP version supported via tag, assume true if tag isn't present return version_compare(PHP_VERSION, $phpMinimum, '>='); @@ -115,7 +115,7 @@ protected function checkPhpMinimum($phpMinimum) * * @since __DEPLOY_VERSION__ */ - protected function checkSupportedDatabases($supportedDatabases) + protected function checkSupportedDatabases(stdClass $supportedDatabases) { $db = Factory::getDbo(); $dbType = strtoupper($db->getServerType()); @@ -153,21 +153,23 @@ protected function checkSupportedDatabases($supportedDatabases) * * @since __DEPLOY_VERSION__ */ - protected function checkStability($stabilityTags) + protected function checkStability(array $stabilityTags) { $minimumStability = ComponentHelper::getParams('com_installer')->get('minimum_stability', Updater::STABILITY_STABLE); + $stabilityMatch = false; + foreach ($stabilityTags as $tag) { - $stability = $this->stabilityTagToInteger($stability); + $stability = $this->stabilityTagToInteger($tag); - if (($stability < $minimumStability)) + if (($stability >= $minimumStability)) { - return false; + $stabilityMatch = true; } - - return true; } + + return $stabilityMatch; } /** From 59eb40ce799e5c677066310afc95a73a0ab63d44 Mon Sep 17 00:00:00 2001 From: zero-24 Date: Sat, 11 Jun 2022 18:25:03 +0200 Subject: [PATCH 25/56] property_exists and variable names --- libraries/src/Updater/ConstrainChecker.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libraries/src/Updater/ConstrainChecker.php b/libraries/src/Updater/ConstrainChecker.php index b319f7d0b87..f94574a5e83 100644 --- a/libraries/src/Updater/ConstrainChecker.php +++ b/libraries/src/Updater/ConstrainChecker.php @@ -47,19 +47,19 @@ public function check(array $constraints) } // Check php_minimum - if (isset($constraints['phpMinimum']) && !$this->checkPhpMinimum($constraints['phpMinimum'])) + if (isset($constraints['php_minimum']) && !$this->checkPhpMinimum($constraints['php_minimum'])) { return false; } // Check supported databases - if (isset($constraints['supportedDatabases']) && !$this->checkSupportedDatabases($constraints['supportedDatabases'])) + if (isset($constraints['supported_databases']) && !$this->checkSupportedDatabases($constraints['supported_databases'])) { return false; } // Check stability - if (isset($constraints['stability']) && !$this->checkStability($constraints['stability']['tags'])) + if (isset($constraints['tags']) && !$this->checkStability($constraints['tags'])) { return false; } @@ -134,7 +134,7 @@ protected function checkSupportedDatabases(stdClass $supportedDatabases) } // Do we have an entry for the database? - if (\property_exists($dbType, $supportedDatabases)) + if (\property_exists($supportedDatabases, $dbType)) { $minimumVersion = $supportedDatabases[$dbType]; From ee8d1e9cc26ac59b9d8a0f6af425a2ea730d8b95 Mon Sep 17 00:00:00 2001 From: David Jardin Date: Sat, 11 Jun 2022 18:52:37 +0200 Subject: [PATCH 26/56] added tests and tweaks --- ...trainChecker.php => ConstraintChecker.php} | 10 +- .../Cms/Updater/ConstraintCheckerTest.php | 213 ++++++++++++++++++ 2 files changed, 218 insertions(+), 5 deletions(-) rename libraries/src/Updater/{ConstrainChecker.php => ConstraintChecker.php} (94%) create mode 100644 tests/Unit/Libraries/Cms/Updater/ConstraintCheckerTest.php diff --git a/libraries/src/Updater/ConstrainChecker.php b/libraries/src/Updater/ConstraintChecker.php similarity index 94% rename from libraries/src/Updater/ConstrainChecker.php rename to libraries/src/Updater/ConstraintChecker.php index f94574a5e83..70db5ffaf25 100644 --- a/libraries/src/Updater/ConstrainChecker.php +++ b/libraries/src/Updater/ConstraintChecker.php @@ -21,7 +21,7 @@ * * @since __DEPLOY_VERSION__ */ -class ConstrainChecker +class ConstraintChecker { /** * Checks whether the passed constraints are matched @@ -76,7 +76,7 @@ public function check(array $constraints) * * @since __DEPLOY_VERSION__ */ - protected function checkTargetplatform(stdClass $targetPlatform) + protected function checkTargetplatform(\stdClass $targetPlatform) { // Lower case and remove the exclamation mark $product = strtolower(InputFilter::getInstance()->clean(Version::PRODUCT, 'cmd')); @@ -115,10 +115,10 @@ protected function checkPhpMinimum(string $phpMinimum) * * @since __DEPLOY_VERSION__ */ - protected function checkSupportedDatabases(stdClass $supportedDatabases) + protected function checkSupportedDatabases(\stdClass $supportedDatabases) { $db = Factory::getDbo(); - $dbType = strtoupper($db->getServerType()); + $dbType = strtolower($db->getServerType()); $dbVersion = $db->getVersion(); // MySQL and MariaDB use the same database driver but not the same version numbers @@ -136,7 +136,7 @@ protected function checkSupportedDatabases(stdClass $supportedDatabases) // Do we have an entry for the database? if (\property_exists($supportedDatabases, $dbType)) { - $minimumVersion = $supportedDatabases[$dbType]; + $minimumVersion = $supportedDatabases->$dbType; return version_compare($dbVersion, $minimumVersion, '>='); } diff --git a/tests/Unit/Libraries/Cms/Updater/ConstraintCheckerTest.php b/tests/Unit/Libraries/Cms/Updater/ConstraintCheckerTest.php new file mode 100644 index 00000000000..0a2439f3d61 --- /dev/null +++ b/tests/Unit/Libraries/Cms/Updater/ConstraintCheckerTest.php @@ -0,0 +1,213 @@ + + * @license GNU General Public License version 2 or later; see LICENSE.txt + */ + +namespace Joomla\Tests\Unit\Libraries\Cms; + +use Joomla\CMS\Factory; +use Joomla\CMS\Updater\ConstraintChecker; +use Joomla\Database\DatabaseDriver; +use Joomla\Tests\Unit\UnitTestCase; + +/** + * Test class for Version. + * + * @package Joomla.UnitTest + * @subpackage Version + * @since __DEPLOY_VERSION__ + */ +class ConstraintCheckerTest extends UnitTestCase +{ + /** + * @var ConstraintChecker + * @since 3.0 + */ + protected $checker; + + /** + * Sets up the fixture, for example, opens a network connection. + * This method is called before a test is executed. + * + * @return void + * + * @since __DEPLOY_VERSION__ + */ + protected function setUp():void + { + $this->checker = new ConstraintChecker(); + } + + /** + * Overrides the parent tearDown method. + * + * @return void + * + * @see \PHPUnit\Framework\TestCase::tearDown() + * @since __DEPLOY_VERSION__ + */ + protected function tearDown():void + { + unset($this->checker); + parent::tearDown(); + } + + public function testCheckMethodReturnsFalseIfPlatformIsMissing() + { + $constraint = []; + $this->assertFalse($this->checker->check($constraint)); + } + + public function testCheckMethodReturnsTrueIfPlatformIsOnlyConstraint() + { + $constraint = ['targetplatform' => (object) ["name" => "joomla", "version" => "4.*"]]; + $this->assertTrue($this->checker->check($constraint)); + } + + /** + * Tests the checkSupportedDatabases method + * + * @return void + * + * @since __DEPLOY_VERSION__ + * + * @dataProvider supportedDatabasesDataProvider + */ + public function testCheckSupportedDatabases($currentDatabase, $supportedDatabases, $expectedResult) + { + $dbMock = $this->createMock(DatabaseDriver::class); + $dbMock->method('getServerType')->willReturn($currentDatabase['type']); + $dbMock->method('getVersion')->willReturn($currentDatabase['version']); + Factory::$database = $dbMock; + + $method = $this->getPublicMethod('checkSupportedDatabases'); + $result = $method->invoke($this->checker, $supportedDatabases); + + $this->assertSame($expectedResult, $result); + } + + /** + * Tests the checkPhpMinimum method + * + * @return void + * + * @since __DEPLOY_VERSION__ + * + * @dataProvider targetplatformDataProvider + */ + public function testCheckPhpMinimumReturnFalseForFuturePhp() + { + $method = $this->getPublicMethod('checkPhpMinimum'); + + $this->assertFalse($method->invoke($this->checker, '99.9.9')); + } + + /** + * Tests the checkTargetplatform method + * + * @return void + * + * @since __DEPLOY_VERSION__ + * + * @dataProvider targetplatformDataProvider + */ + public function testCheckTargetplatform($targetPlatform, $expectedResult) + { + $method = $this->getPublicMethod('checkTargetplatform'); + $result = $method->invoke($this->checker, $targetPlatform); + + $this->assertSame($expectedResult, $result); + } + + /** + * Data provider for testCheckSupportedDatabases method + * + * @since __DEPLOY_VERSION__ + * + * @return array[] + */ + protected function supportedDatabasesDataProvider() + { + return [ + [ + ['type' => 'mysql', 'version' => '5.7.37-log-cll-lve'], + (object) ['mysql' => '5.6', 'mariadb' => '10.3'], + true + ], + [ + ['type' => 'mysql', 'version' => '5.6.0-log-cll-lve'], + (object) ['mysql' => '5.6', 'mariadb' => '10.3'], + true + ], + [ + ['type' => 'mysql', 'version' => '10.3.34-MariaDB-0+deb10u1'], + (object) ['mysql' => '5.6', 'mariadb' => '10.3'], + true + ], + [ + ['type' => 'mysql', 'version' => '5.7.37-log-cll-lve'], + (object) ['mysql' => '5.8', 'mariadb' => '10.3'], + false + ], + [ + ['type' => 'pgsql', 'version' => '14.3'], + (object) ['mysql' => '5.8', 'mariadb' => '10.3'], + false + ], + [ + ['type' => 'mysql', 'version' => '10.3.34-MariaDB-0+deb10u1'], + (object) ['mysql' => '5.6', 'mariadb' => '10.4'], + false + ], + [ + ['type' => 'mysql', 'version' => '5.5.5-10.3.34-MariaDB-0+deb10u1'], + (object) ['mysql' => '5.6', 'mariadb' => '10.3'], + true + ], + ]; + } + + /** + * Data provider for testCheckTargetplatform method + * + * @since __DEPLOY_VERSION__ + * + * @return array[] + */ + protected function targetplatformDataProvider() + { + return [ + [(object) ["name" => "foobar", "version" => "1.*"], false], + [(object) ["name" => "foobar", "version" => "4.*"], false], + [(object) ["name" => "joomla", "version" => "1.*"], false], + [(object) ["name" => "joomla", "version" => "3.1.2"], false], + [(object) ["name" => "joomla", "version" => ""], true], + [(object) ["name" => "joomla", "version" => ".*"], true], + [(object) ["name" => "joomla", "version" => JVERSION], true], + [(object) ["name" => "joomla", "version" => "4.*"], true], + ]; + } + + /** + * Internal helper method to get access to protected methods + * + * @since __DEPLOY_VERSION__ + * + * @param $method + * + * @return \ReflectionMethod + * @throws \ReflectionException + */ + protected function getPublicMethod($method) + { + $reflectionClass = new \ReflectionClass($this->checker); + $method = $reflectionClass->getMethod($method); + $method->setAccessible(true); + + return $method; + } +} From 99654511d8434fa5ee50791c6b8f8ed6e592d3f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20Nu=CC=88bel?= Date: Sat, 11 Jun 2022 19:00:13 +0200 Subject: [PATCH 27/56] wip --- .../com_installer/src/Model/UpdateModel.php | 2 + libraries/src/TUF/TufValidation.php | 4 +- libraries/src/Updater/Adapter/TufAdapter.php | 313 ++++++------------ 3 files changed, 108 insertions(+), 211 deletions(-) diff --git a/administrator/components/com_installer/src/Model/UpdateModel.php b/administrator/components/com_installer/src/Model/UpdateModel.php index 78d0560fefb..df36a454743 100644 --- a/administrator/components/com_installer/src/Model/UpdateModel.php +++ b/administrator/components/com_installer/src/Model/UpdateModel.php @@ -361,6 +361,8 @@ public function update($uids, $minimumStability = Updater::STABILITY_STABLE) continue; } + // TODO Load Type based on #__updates_site.type + // if type tuf loadFromTuf $update->loadFromXml($instance->detailsurl, $minimumStability); // Find and use extra_query from update_site if available diff --git a/libraries/src/TUF/TufValidation.php b/libraries/src/TUF/TufValidation.php index 0fdee05862a..978ce99c949 100644 --- a/libraries/src/TUF/TufValidation.php +++ b/libraries/src/TUF/TufValidation.php @@ -42,7 +42,7 @@ class TufValidation * * @var mixed */ - private mixed $params; + private $params; /** * Validating updates with TUF @@ -61,7 +61,7 @@ public function __construct(int $extensionId, mixed $params) { $this->configureTufOptions($resolver); } - catch (\Exception) + catch (\Exception $e) { } diff --git a/libraries/src/Updater/Adapter/TufAdapter.php b/libraries/src/Updater/Adapter/TufAdapter.php index bb6d111d8bd..b57629f721c 100644 --- a/libraries/src/Updater/Adapter/TufAdapter.php +++ b/libraries/src/Updater/Adapter/TufAdapter.php @@ -3,7 +3,7 @@ * Joomla! Content Management System * * @copyright (C) 2008 Open Source Matters, Inc. - * @license GNU General Public License version 2 or later; see LICENSE.txt + * @license GNU General Public License version 2 or later; see LICENSE.txt */ namespace Joomla\CMS\Updater\Adapter; @@ -20,6 +20,7 @@ use Joomla\CMS\Version; use Joomla\CMS\TUF\TufValidation; use Joomla\Database\ParameterType; +use Symfony\Component\OptionsResolver\OptionsResolver; /** * Extension class for updater @@ -28,6 +29,13 @@ */ class TufAdapter extends UpdateAdapter { + private $clientId = [ + 'site' => 0, + 'administrator' => 1, + 'installation' => 2, + 'api' => 3, + 'cli' => 4 + ]; /** * Finds an update. @@ -40,6 +48,36 @@ class TufAdapter extends UpdateAdapter */ public function findUpdate($options) { + $updates = []; + $targets = $this->getUpdateTargets($options); + + foreach ($targets as $target) + { + $updateTable = Table::getInstance('update'); + $updateTable->set('update_site_id', $options['update_site_id']); + + $updateTable->bind($target); + + $updates[] = $updateTable; + } + + return array('update_sites' => array(), 'updates' => $updates); + } + + public function getUpdateTargets($options) + { + $versions = array(); + $resolver = new OptionsResolver; + + try + { + $this->configureUpdateOptions($resolver); + $keys = $resolver->getDefinedOptions(); + } + catch (\Exception $e) + { + } + // Get extension_id for TufValidation $db = $this->parent->getDbo(); @@ -60,250 +98,107 @@ public function findUpdate($options) } $params = [ - 'url_prefix' => 'https://raw.githubusercontent.com', + 'url_prefix' => 'https://raw.githubusercontent.com', 'metadata_path' => '/joomla/updates/test/repository/', - 'targets_path' => '/targets/', - 'mirrors' => [] + 'targets_path' => '/targets/', + 'mirrors' => [] ]; $TufValidation = new TufValidation($extension_id, $params); - $metaData = $TufValidation->getValidUpdate(); - - if ($metaData === false) - { - return false; - } + $metaData = $TufValidation->getValidUpdate(); $metaData = json_decode($metaData); - $b = $metaData['signed']['targets']; - if (isset($metaData->signed->targets)) { - $targets = $metaData->signed->targets; - foreach ($targets as $filename => $target) - { - - } - $c = $metaData->signed->targets; - } - - - - //print_r($metaData->version); - var_dump($metaData);die(); - - $table = Table::getInstance('Update'); - - // Evaluate Data - - - $this->currentUpdate->update_site_id = $this->updateSiteId; - $this->currentUpdate->detailsurl = $this->_url; - $this->currentUpdate->folder = ''; - $this->currentUpdate->client_id = 1; - $this->currentUpdate->infourl = ''; - /** - if (\in_array($name, $this->updatecols)) - { - $name = strtolower($name); - $this->currentUpdate->$name = ''; - } - - if ($name === 'TARGETPLATFORM') - { - $this->currentUpdate->targetplatform = $attrs; - } - - if ($name === 'PHP_MINIMUM') - { - $this->currentUpdate->php_minimum = ''; - } - - if ($name === 'SUPPORTED_DATABASES') - { - $this->currentUpdate->supported_databases = $attrs; - } - **/ - // Lower case and remove the exclamation mark - $product = strtolower(InputFilter::getInstance()->clean(Version::PRODUCT, 'cmd')); - print_r($product); - - // Check that the product matches and that the version matches (optionally a regexp) - if ($product == $this->currentUpdate->targetplatform['NAME'] - && preg_match('/^' . $this->currentUpdate->targetplatform['VERSION'] . '/', JVERSION)) - { - // Check if PHP version supported via tag, assume true if tag isn't present - if (!isset($this->currentUpdate->php_minimum) || version_compare(PHP_VERSION, $this->currentUpdate->php_minimum, '>=')) - { - $phpMatch = true; - } - else - { - // Notify the user of the potential update - $msg = Text::sprintf( - 'JLIB_INSTALLER_AVAILABLE_UPDATE_PHP_VERSION', - $this->currentUpdate->name, - $this->currentUpdate->version, - $this->currentUpdate->php_minimum, - PHP_VERSION - ); - - Factory::getApplication()->enqueueMessage($msg, 'warning'); - - $phpMatch = false; - } - - $dbMatch = false; - - // Check if DB & version is supported via tag, assume supported if tag isn't present - if (isset($this->currentUpdate->supported_databases)) + foreach ($metaData->signed->targets as $filename => $target) { - $db = Factory::getDbo(); - $dbType = strtoupper($db->getServerType()); - $dbVersion = $db->getVersion(); - $supportedDbs = $this->currentUpdate->supported_databases; + $values = []; - // MySQL and MariaDB use the same database driver but not the same version numbers - if ($dbType === 'mysql') + foreach ($keys as $key) { - // Check whether we have a MariaDB version string and extract the proper version from it - if (stripos($dbVersion, 'mariadb') !== false) + if (isset($target->custom->$key)) { - // MariaDB: Strip off any leading '5.5.5-', if present - $dbVersion = preg_replace('/^5\.5\.5-/', '', $dbVersion); - $dbType = 'mariadb'; + $values[$key] = $target->custom->$key; } } - // Do we have an entry for the database? - if (\array_key_exists($dbType, $supportedDbs)) - { - $minimumVersion = $supportedDbs[$dbType]; - $dbMatch = version_compare($dbVersion, $minimumVersion, '>='); - - if (!$dbMatch) - { - // Notify the user of the potential update - $dbMsg = Text::sprintf( - 'JLIB_INSTALLER_AVAILABLE_UPDATE_DB_MINIMUM', - $this->currentUpdate->name, - $this->currentUpdate->version, - Text::_($db->name), - $dbVersion, - $minimumVersion - ); - Factory::getApplication()->enqueueMessage($dbMsg, 'warning'); - } - } - else + if (isset($values['client']) && is_string($values['client']) + && key_exists(strtolower($values['client']), $this->clientId)) { - // Notify the user of the potential update - $dbMsg = Text::sprintf( - 'JLIB_INSTALLER_AVAILABLE_UPDATE_DB_TYPE', - $this->currentUpdate->name, - $this->currentUpdate->version, - Text::_($db->name) - ); - - Factory::getApplication()->enqueueMessage($dbMsg, 'warning'); + $values['client'] = $this->clientId[strtolower($values['client'])]; } - } - else - { - // Set to true if the tag is not set - $dbMatch = true; - } - - // Check minimum stability - $stabilityMatch = true; - - if (isset($this->currentUpdate->stability) && ($this->currentUpdate->stability < $this->minimum_stability)) - { - $stabilityMatch = false; - } - - // Some properties aren't valid fields in the update table so unset them to prevent J! from trying to store them - unset($this->currentUpdate->targetplatform); - - if (isset($this->currentUpdate->php_minimum)) - { - unset($this->currentUpdate->php_minimum); - } - - if (isset($this->currentUpdate->supported_databases)) - { - unset($this->currentUpdate->supported_databases); - } - if (isset($this->currentUpdate->stability)) - { - unset($this->currentUpdate->stability); - } + if (isset($values['infourl']) && isset($values['infourl']->url)) + { + $values['infourl'] = $values['infourl']->url; + } - // If the PHP version and minimum stability checks pass, consider this version as a possible update - if ($phpMatch && $stabilityMatch && $dbMatch) - { - if (isset($this->latest)) + try { - // We already have a possible update. Check the version. - if (version_compare($this->currentUpdate->version, $this->latest->version, '>') == 1) - { - $this->latest = $this->currentUpdate; - } + $values = $resolver->resolve($values); } - else + catch (\Exception $e) { - // We don't have any possible updates yet, assume this is an available update. - $this->latest = $this->currentUpdate; + continue; } - } - } - - if (\array_key_exists('minimum_stability', $options)) - { - $this->minimum_stability = $options['minimum_stability']; - } -//$this->update_sites[] = array('type' => 'collection', 'location' => $attrs['REF'], 'update_site_id' => $this->updateSiteId); - if (isset($this->latest)) - { - if (isset($this->latest->client) && \strlen($this->latest->client)) - { - $this->latest->client_id = ApplicationHelper::getClientInfo($this->latest->client, true)->id; - unset($this->latest->client); + $versions[$values['version']] = $values; } - $updates = array($this->latest); - } - else - { - $updates = array(); + usort($versions, function ($a, $b) { + return version_compare($a['version'], $b['version']); + }); + + // TODO ConstraintsCheck } - return array('update_sites' => array(), 'updates' => $updates); + return $versions; } /** - * Converts a tag to numeric stability representation. If the tag doesn't represent a known stability level (one of - * dev, alpha, beta, rc, stable) it is ignored. - * - * @param string $tag The tag string, e.g. dev, alpha, beta, rc, stable + * Configures default values or pass arguments to params * - * @return integer + * @param OptionsResolver $resolver The OptionsResolver for the params * - * @since 3.4 + * @return void */ - protected function stabilityTagToInteger($tag) + protected function configureUpdateOptions(OptionsResolver $resolver) { - $constant = '\\Joomla\\CMS\\Updater\\Updater::STABILITY_' . strtoupper($tag); - - if (\defined($constant)) - { - return \constant($constant); - } - - return Updater::STABILITY_STABLE; + $resolver->setDefaults( + [ + 'version' => "1", + 'name' => null, + 'client' => 1, + 'description' => '', + 'element' => '', + 'detailsurl' => '', + 'data' => '', + 'infourl' => '', + 'type' => null, + 'tags' => new \StdClass, + 'targetplatform' => new \StdClass, + 'supported_databases' => new \StdClass, + 'downloads' => [], + 'php_minimum' => null + ] + ) + ->setAllowedTypes('version', 'string') + ->setAllowedTypes('name', 'string') + ->setAllowedTypes('element', 'string') + ->setAllowedTypes('data', 'string') + ->setAllowedTypes('description', 'string') + ->setAllowedTypes('type', 'string') + ->setAllowedTypes('detailsurl', 'string') + ->setAllowedTypes('infourl', 'string') + ->setAllowedTypes('client', 'int') + ->setAllowedTypes('php_minimum', 'string') + ->setAllowedTypes('downloads', 'array') + ->setAllowedTypes('tags', 'object') + ->setAllowedTypes('targetplatform', 'object') + ->setAllowedTypes('supported_databases', 'object') + ->setAllowedTypes('targetplatform', 'object') + ->setRequired(['version']); } } From 6086b2d9bd80ab4536c85e16fa1ba799e84e93a7 Mon Sep 17 00:00:00 2001 From: Magnus Singer Date: Sun, 12 Jun 2022 11:22:59 +0200 Subject: [PATCH 28/56] throw exception in installer update model when update site is tuf --- .../com_installer/src/Model/UpdateModel.php | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/administrator/components/com_installer/src/Model/UpdateModel.php b/administrator/components/com_installer/src/Model/UpdateModel.php index 78d0560fefb..ffb0e9db9f4 100644 --- a/administrator/components/com_installer/src/Model/UpdateModel.php +++ b/administrator/components/com_installer/src/Model/UpdateModel.php @@ -23,10 +23,12 @@ use Joomla\CMS\Plugin\PluginHelper; use Joomla\CMS\Updater\Update; use Joomla\CMS\Updater\Updater; +use Joomla\Database\DatabaseDriver; use Joomla\Database\DatabaseQuery; use Joomla\Database\Exception\ExecutionFailureException; use Joomla\Database\ParameterType; use Joomla\Utilities\ArrayHelper; +use Symfony\Component\OptionsResolver\Exception\NoSuchOptionException; /** * Installer Update Model @@ -361,7 +363,23 @@ public function update($uids, $minimumStability = Updater::STABILITY_STABLE) continue; } - $update->loadFromXml($instance->detailsurl, $minimumStability); + $db = Factory::getContainer()->get(DatabaseDriver::class); + $query = $db->getQuery(true) + ->select('type') + ->from('#__update_sites') + ->where($db->quoteName('id') . ' = :id') + ->bind(':id', $instance->update_site_id, ParameterType::INTEGER); + $db->setQuery($query); + $updateSiteType = (string) $db->loadObject(); + + if ($updateSiteType == 'tuf') + { + throw new NoSuchOptionException("TUF updates are not yet supported"); + } + else + { + $update->loadFromXml($instance->detailsurl, $minimumStability); + } // Find and use extra_query from update_site if available $updateSiteInstance = new \Joomla\CMS\Table\UpdateSite($this->getDatabase()); From d1f622b562f6e02073b2c380260c15fe0c97a7c4 Mon Sep 17 00:00:00 2001 From: Magnus Singer Date: Sun, 12 Jun 2022 11:59:31 +0200 Subject: [PATCH 29/56] Enqueue message instead of throwing an exception --- .../components/com_installer/src/Model/UpdateModel.php | 5 ++++- administrator/language/en-GB/lib_joomla.ini | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/administrator/components/com_installer/src/Model/UpdateModel.php b/administrator/components/com_installer/src/Model/UpdateModel.php index ffb0e9db9f4..deebdf75a1b 100644 --- a/administrator/components/com_installer/src/Model/UpdateModel.php +++ b/administrator/components/com_installer/src/Model/UpdateModel.php @@ -363,6 +363,7 @@ public function update($uids, $minimumStability = Updater::STABILITY_STABLE) continue; } + $app = Factory::getApplication(); $db = Factory::getContainer()->get(DatabaseDriver::class); $query = $db->getQuery(true) ->select('type') @@ -374,7 +375,9 @@ public function update($uids, $minimumStability = Updater::STABILITY_STABLE) if ($updateSiteType == 'tuf') { - throw new NoSuchOptionException("TUF updates are not yet supported"); + $app->enqueueMessage(Text::_('JLIB_INSTALLER_TUF_NOT_AVAILABLE'), 'error'); + + return; } else { diff --git a/administrator/language/en-GB/lib_joomla.ini b/administrator/language/en-GB/lib_joomla.ini index 178145886bc..450de241eae 100644 --- a/administrator/language/en-GB/lib_joomla.ini +++ b/administrator/language/en-GB/lib_joomla.ini @@ -659,6 +659,7 @@ JLIB_INSTALLER_UNINSTALL="Uninstall" JLIB_INSTALLER_UPDATE="Update" JLIB_INSTALLER_UPDATE_LOG_QUERY="Ran query from file %1$s. Query text: %2$s." JLIB_INSTALLER_WARNING_UNABLE_TO_INSTALL_CONTENT_LANGUAGE="Unable to create a content language for %s language: %s" +JLIB_INSTALLER_TUF_NOT_AVAILABLE="TUF is not available for extensions yet." JLIB_JS_AJAX_ERROR_CONNECTION_ABORT="A connection abort has occurred while fetching the JSON data." JLIB_JS_AJAX_ERROR_NO_CONTENT="No content was returned." From 88a99f77822b969e563ae5e4c2d0dcba4925ad6c Mon Sep 17 00:00:00 2001 From: David Jardin Date: Sun, 12 Jun 2022 12:16:34 +0200 Subject: [PATCH 30/56] move jhttp file fetcher into CMS library, update TUF client fork branch --- composer.json | 8 +- composer.lock | 953 ++++++++++-------- libraries/src/TUF/HttpFileFetcher.php | 162 +++ .../Libraries/Cms/TUF/HttpFileFetcherTest.php | 227 +++++ 4 files changed, 902 insertions(+), 448 deletions(-) create mode 100644 libraries/src/TUF/HttpFileFetcher.php create mode 100644 tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php diff --git a/composer.json b/composer.json index 423c707d04e..a7bab3394d6 100644 --- a/composer.json +++ b/composer.json @@ -30,6 +30,11 @@ "type": "vcs", "url": "https://github.com/joomla-backports/json-api-php.git", "no-api": true + }, + { + "type": "vcs", + "url": "https://github.com/joomla-projects/php-tuf.git", + "no-api": true } ], "autoload": { @@ -94,8 +99,9 @@ "web-auth/webauthn-lib": "2.1.*", "composer/ca-bundle": "^1.2", "dragonmantank/cron-expression": "^3.1", + "enshrined/svg-sanitize": "^0.15.4", "symfony/validator": "^5.4", - "enshrined/svg-sanitize": "^0.15.4" + "php-tuf/php-tuf": "dev-joomla-tuf-combined" }, "require-dev": { "phpunit/phpunit": "^8.5", diff --git a/composer.lock b/composer.lock index 9dfb239cb98..74f29f8f49a 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "1868030bc5c5a79c3bd59fc9e6aa8cf4", + "content-hash": "c149d12f58bfe592455c492336ba5c73", "packages": [ { "name": "algo26-matthias/idna-convert", @@ -717,6 +717,200 @@ }, "time": "2020-03-31T17:50:54+00:00" }, + { + "name": "guzzlehttp/promises", + "version": "1.5.1", + "source": { + "type": "git", + "url": "https://github.com/guzzle/promises.git", + "reference": "fe752aedc9fd8fcca3fe7ad05d419d32998a06da" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/guzzle/promises/zipball/fe752aedc9fd8fcca3fe7ad05d419d32998a06da", + "reference": "fe752aedc9fd8fcca3fe7ad05d419d32998a06da", + "shasum": "" + }, + "require": { + "php": ">=5.5" + }, + "require-dev": { + "symfony/phpunit-bridge": "^4.4 || ^5.1" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.5-dev" + } + }, + "autoload": { + "files": [ + "src/functions_include.php" + ], + "psr-4": { + "GuzzleHttp\\Promise\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Graham Campbell", + "email": "hello@gjcampbell.co.uk", + "homepage": "https://github.com/GrahamCampbell" + }, + { + "name": "Michael Dowling", + "email": "mtdowling@gmail.com", + "homepage": "https://github.com/mtdowling" + }, + { + "name": "Tobias Nyholm", + "email": "tobias.nyholm@gmail.com", + "homepage": "https://github.com/Nyholm" + }, + { + "name": "Tobias Schultze", + "email": "webmaster@tubo-world.de", + "homepage": "https://github.com/Tobion" + } + ], + "description": "Guzzle promises library", + "keywords": [ + "promise" + ], + "support": { + "issues": "https://github.com/guzzle/promises/issues", + "source": "https://github.com/guzzle/promises/tree/1.5.1" + }, + "funding": [ + { + "url": "https://github.com/GrahamCampbell", + "type": "github" + }, + { + "url": "https://github.com/Nyholm", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/promises", + "type": "tidelift" + } + ], + "time": "2021-10-22T20:56:57+00:00" + }, + { + "name": "guzzlehttp/psr7", + "version": "1.8.5", + "source": { + "type": "git", + "url": "https://github.com/guzzle/psr7.git", + "reference": "337e3ad8e5716c15f9657bd214d16cc5e69df268" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/guzzle/psr7/zipball/337e3ad8e5716c15f9657bd214d16cc5e69df268", + "reference": "337e3ad8e5716c15f9657bd214d16cc5e69df268", + "shasum": "" + }, + "require": { + "php": ">=5.4.0", + "psr/http-message": "~1.0", + "ralouphie/getallheaders": "^2.0.5 || ^3.0.0" + }, + "provide": { + "psr/http-message-implementation": "1.0" + }, + "require-dev": { + "ext-zlib": "*", + "phpunit/phpunit": "~4.8.36 || ^5.7.27 || ^6.5.14 || ^7.5.20 || ^8.5.8 || ^9.3.10" + }, + "suggest": { + "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.7-dev" + } + }, + "autoload": { + "files": [ + "src/functions_include.php" + ], + "psr-4": { + "GuzzleHttp\\Psr7\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Graham Campbell", + "email": "hello@gjcampbell.co.uk", + "homepage": "https://github.com/GrahamCampbell" + }, + { + "name": "Michael Dowling", + "email": "mtdowling@gmail.com", + "homepage": "https://github.com/mtdowling" + }, + { + "name": "George Mponos", + "email": "gmponos@gmail.com", + "homepage": "https://github.com/gmponos" + }, + { + "name": "Tobias Nyholm", + "email": "tobias.nyholm@gmail.com", + "homepage": "https://github.com/Nyholm" + }, + { + "name": "Márk Sági-Kazár", + "email": "mark.sagikazar@gmail.com", + "homepage": "https://github.com/sagikazarmark" + }, + { + "name": "Tobias Schultze", + "email": "webmaster@tubo-world.de", + "homepage": "https://github.com/Tobion" + } + ], + "description": "PSR-7 message implementation that also provides common utility methods", + "keywords": [ + "http", + "message", + "psr-7", + "request", + "response", + "stream", + "uri", + "url" + ], + "support": { + "issues": "https://github.com/guzzle/psr7/issues", + "source": "https://github.com/guzzle/psr7/tree/1.8.5" + }, + "funding": [ + { + "url": "https://github.com/GrahamCampbell", + "type": "github" + }, + { + "url": "https://github.com/Nyholm", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/psr7", + "type": "tidelift" + } + ], + "time": "2022-03-20T21:51:18+00:00" + }, { "name": "jakeasmith/http_build_url", "version": "1.0.1", @@ -2490,6 +2684,65 @@ }, "time": "2022-03-31T14:55:54+00:00" }, + { + "name": "myclabs/deep-copy", + "version": "1.11.0", + "source": { + "type": "git", + "url": "https://github.com/myclabs/DeepCopy.git", + "reference": "14daed4296fae74d9e3201d2c4925d1acb7aa614" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/14daed4296fae74d9e3201d2c4925d1acb7aa614", + "reference": "14daed4296fae74d9e3201d2c4925d1acb7aa614", + "shasum": "" + }, + "require": { + "php": "^7.1 || ^8.0" + }, + "conflict": { + "doctrine/collections": "<1.6.8", + "doctrine/common": "<2.13.3 || >=3,<3.2.2" + }, + "require-dev": { + "doctrine/collections": "^1.6.8", + "doctrine/common": "^2.13.3 || ^3.2.2", + "phpunit/phpunit": "^7.5.20 || ^8.5.23 || ^9.5.13" + }, + "type": "library", + "autoload": { + "files": [ + "src/DeepCopy/deep_copy.php" + ], + "psr-4": { + "DeepCopy\\": "src/DeepCopy/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "Create deep copies (clones) of your objects", + "keywords": [ + "clone", + "copy", + "duplicate", + "object", + "object graph" + ], + "support": { + "issues": "https://github.com/myclabs/DeepCopy/issues", + "source": "https://github.com/myclabs/DeepCopy/tree/1.11.0" + }, + "funding": [ + { + "url": "https://tidelift.com/funding/github/packagist/myclabs/deep-copy", + "type": "tidelift" + } + ], + "time": "2022-03-03T13:19:32+00:00" + }, { "name": "nyholm/psr7", "version": "1.5.0", @@ -2707,6 +2960,69 @@ }, "time": "2015-12-19T14:08:53+00:00" }, + { + "name": "php-tuf/php-tuf", + "version": "dev-joomla-tuf-combined", + "source": { + "type": "git", + "url": "https://github.com/joomla-projects/php-tuf.git", + "reference": "2d71b4039686196adab273c59d1fd4ea4468e511" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/joomla-projects/php-tuf/zipball/2d71b4039686196adab273c59d1fd4ea4468e511", + "reference": "2d71b4039686196adab273c59d1fd4ea4468e511", + "shasum": "" + }, + "require": { + "ext-json": "*", + "guzzlehttp/promises": "^1.5", + "guzzlehttp/psr7": "^1.7", + "myclabs/deep-copy": "^1.10.2", + "paragonie/sodium_compat": "^1.13", + "php": ">=7.2.5", + "symfony/validator": "^4.4 || ^5" + }, + "require-dev": { + "php-tuf/phpcodesniffer-standard": "dev-main", + "phpunit/phpunit": "^8.5.8|^9", + "symfony/phpunit-bridge": "^5" + }, + "suggest": { + "ext-libsodium": "Provides faster verification of updates", + "guzzlehttp/guzzle": "Required package if GuzzleFileFetcher shall be used" + }, + "type": "library", + "autoload": { + "psr-4": { + "Tuf\\": "src/" + } + }, + "autoload-dev": { + "psr-4": { + "Tuf\\Tests\\": "tests/" + } + }, + "scripts": { + "phpcs": [ + "phpcs -s --standard=PhpTuf ./src ./tests" + ], + "phpcbf": [ + "phpcbf --standard=PhpTuf ./src ./tests" + ], + "test": [ + "phpunit ./tests" + ], + "lint": [ + "find src -name '*.php' -exec php -l {} \\;" + ] + }, + "license": [ + "MIT" + ], + "description": "PHP implementation of The Update Framework (TUF)", + "time": "2022-06-12T09:53:53+00:00" + }, { "name": "phpmailer/phpmailer", "version": "v6.6.0", @@ -3062,16 +3378,65 @@ "require": { "php": ">=5.3.0" }, - "type": "library", - "extra": { - "branch-alias": { - "dev-master": "1.1.x-dev" - } + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.1.x-dev" + } + }, + "autoload": { + "psr-4": { + "Psr\\Log\\": "Psr/Log/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "PHP-FIG", + "homepage": "https://www.php-fig.org/" + } + ], + "description": "Common interface for logging libraries", + "homepage": "https://github.com/php-fig/log", + "keywords": [ + "log", + "psr", + "psr-3" + ], + "support": { + "source": "https://github.com/php-fig/log/tree/1.1.4" + }, + "time": "2021-05-03T11:20:27+00:00" + }, + { + "name": "ralouphie/getallheaders", + "version": "3.0.3", + "source": { + "type": "git", + "url": "https://github.com/ralouphie/getallheaders.git", + "reference": "120b605dfeb996808c31b6477290a714d356e822" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ralouphie/getallheaders/zipball/120b605dfeb996808c31b6477290a714d356e822", + "reference": "120b605dfeb996808c31b6477290a714d356e822", + "shasum": "" + }, + "require": { + "php": ">=5.6" + }, + "require-dev": { + "php-coveralls/php-coveralls": "^2.1", + "phpunit/phpunit": "^5 || ^6.5" }, + "type": "library", "autoload": { - "psr-4": { - "Psr\\Log\\": "Psr/Log/" - } + "files": [ + "src/getallheaders.php" + ] }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -3079,21 +3444,16 @@ ], "authors": [ { - "name": "PHP-FIG", - "homepage": "https://www.php-fig.org/" + "name": "Ralph Khattar", + "email": "ralph.khattar@gmail.com" } ], - "description": "Common interface for logging libraries", - "homepage": "https://github.com/php-fig/log", - "keywords": [ - "log", - "psr", - "psr-3" - ], + "description": "A polyfill for getallheaders.", "support": { - "source": "https://github.com/php-fig/log/tree/1.1.4" + "issues": "https://github.com/ralouphie/getallheaders/issues", + "source": "https://github.com/ralouphie/getallheaders/tree/develop" }, - "time": "2021-05-03T11:20:27+00:00" + "time": "2019-03-08T08:55:37+00:00" }, { "name": "ramsey/uuid", @@ -3719,16 +4079,16 @@ }, { "name": "symfony/polyfill-ctype", - "version": "v1.25.0", + "version": "v1.26.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-ctype.git", - "reference": "30885182c981ab175d4d034db0f6f469898070ab" + "reference": "6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/30885182c981ab175d4d034db0f6f469898070ab", - "reference": "30885182c981ab175d4d034db0f6f469898070ab", + "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4", + "reference": "6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4", "shasum": "" }, "require": { @@ -3743,7 +4103,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.23-dev" + "dev-main": "1.26-dev" }, "thanks": { "name": "symfony/polyfill", @@ -3781,7 +4141,7 @@ "portable" ], "support": { - "source": "https://github.com/symfony/polyfill-ctype/tree/v1.25.0" + "source": "https://github.com/symfony/polyfill-ctype/tree/v1.26.0" }, "funding": [ { @@ -3797,7 +4157,7 @@ "type": "tidelift" } ], - "time": "2021-10-20T20:35:02+00:00" + "time": "2022-05-24T11:49:31+00:00" }, { "name": "symfony/polyfill-iconv", @@ -4049,16 +4409,16 @@ }, { "name": "symfony/polyfill-mbstring", - "version": "v1.25.0", + "version": "v1.26.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-mbstring.git", - "reference": "0abb51d2f102e00a4eefcf46ba7fec406d245825" + "reference": "9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/0abb51d2f102e00a4eefcf46ba7fec406d245825", - "reference": "0abb51d2f102e00a4eefcf46ba7fec406d245825", + "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e", + "reference": "9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e", "shasum": "" }, "require": { @@ -4073,7 +4433,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.23-dev" + "dev-main": "1.26-dev" }, "thanks": { "name": "symfony/polyfill", @@ -4112,7 +4472,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.25.0" + "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.26.0" }, "funding": [ { @@ -4128,7 +4488,7 @@ "type": "tidelift" } ], - "time": "2021-11-30T18:21:41+00:00" + "time": "2022-05-24T11:49:31+00:00" }, { "name": "symfony/polyfill-php72", @@ -4208,16 +4568,16 @@ }, { "name": "symfony/polyfill-php73", - "version": "v1.25.0", + "version": "v1.26.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php73.git", - "reference": "cc5db0e22b3cb4111010e48785a97f670b350ca5" + "reference": "e440d35fa0286f77fb45b79a03fedbeda9307e85" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php73/zipball/cc5db0e22b3cb4111010e48785a97f670b350ca5", - "reference": "cc5db0e22b3cb4111010e48785a97f670b350ca5", + "url": "https://api.github.com/repos/symfony/polyfill-php73/zipball/e440d35fa0286f77fb45b79a03fedbeda9307e85", + "reference": "e440d35fa0286f77fb45b79a03fedbeda9307e85", "shasum": "" }, "require": { @@ -4226,7 +4586,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.23-dev" + "dev-main": "1.26-dev" }, "thanks": { "name": "symfony/polyfill", @@ -4267,7 +4627,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php73/tree/v1.25.0" + "source": "https://github.com/symfony/polyfill-php73/tree/v1.26.0" }, "funding": [ { @@ -4283,20 +4643,20 @@ "type": "tidelift" } ], - "time": "2021-06-05T21:20:04+00:00" + "time": "2022-05-24T11:49:31+00:00" }, { "name": "symfony/polyfill-php80", - "version": "v1.25.0", + "version": "v1.26.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php80.git", - "reference": "4407588e0d3f1f52efb65fbe92babe41f37fe50c" + "reference": "cfa0ae98841b9e461207c13ab093d76b0fa7bace" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/4407588e0d3f1f52efb65fbe92babe41f37fe50c", - "reference": "4407588e0d3f1f52efb65fbe92babe41f37fe50c", + "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/cfa0ae98841b9e461207c13ab093d76b0fa7bace", + "reference": "cfa0ae98841b9e461207c13ab093d76b0fa7bace", "shasum": "" }, "require": { @@ -4305,7 +4665,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.23-dev" + "dev-main": "1.26-dev" }, "thanks": { "name": "symfony/polyfill", @@ -4350,7 +4710,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php80/tree/v1.25.0" + "source": "https://github.com/symfony/polyfill-php80/tree/v1.26.0" }, "funding": [ { @@ -4366,20 +4726,20 @@ "type": "tidelift" } ], - "time": "2022-03-04T08:16:47+00:00" + "time": "2022-05-10T07:21:04+00:00" }, { "name": "symfony/polyfill-php81", - "version": "v1.25.0", + "version": "v1.26.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php81.git", - "reference": "5de4ba2d41b15f9bd0e19b2ab9674135813ec98f" + "reference": "13f6d1271c663dc5ae9fb843a8f16521db7687a1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/5de4ba2d41b15f9bd0e19b2ab9674135813ec98f", - "reference": "5de4ba2d41b15f9bd0e19b2ab9674135813ec98f", + "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/13f6d1271c663dc5ae9fb843a8f16521db7687a1", + "reference": "13f6d1271c663dc5ae9fb843a8f16521db7687a1", "shasum": "" }, "require": { @@ -4388,7 +4748,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.23-dev" + "dev-main": "1.26-dev" }, "thanks": { "name": "symfony/polyfill", @@ -4429,7 +4789,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php81/tree/v1.25.0" + "source": "https://github.com/symfony/polyfill-php81/tree/v1.26.0" }, "funding": [ { @@ -4445,7 +4805,7 @@ "type": "tidelift" } ], - "time": "2021-09-13T13:58:11+00:00" + "time": "2022-05-24T11:49:31+00:00" }, { "name": "symfony/service-contracts", @@ -6863,236 +7223,51 @@ "shasum": "" }, "require": { - "composer/semver": "^3.2", - "composer/xdebug-handler": "^2.0", - "doctrine/annotations": "^1.12", - "ext-json": "*", - "ext-tokenizer": "*", - "php": "^7.2.5 || ^8.0", - "php-cs-fixer/diff": "^2.0", - "symfony/console": "^4.4.20 || ^5.1.3 || ^6.0", - "symfony/event-dispatcher": "^4.4.20 || ^5.0 || ^6.0", - "symfony/filesystem": "^4.4.20 || ^5.0 || ^6.0", - "symfony/finder": "^4.4.20 || ^5.0 || ^6.0", - "symfony/options-resolver": "^4.4.20 || ^5.0 || ^6.0", - "symfony/polyfill-mbstring": "^1.23", - "symfony/polyfill-php80": "^1.23", - "symfony/polyfill-php81": "^1.23", - "symfony/process": "^4.4.20 || ^5.0 || ^6.0", - "symfony/stopwatch": "^4.4.20 || ^5.0 || ^6.0" - }, - "require-dev": { - "justinrainbow/json-schema": "^5.2", - "keradus/cli-executor": "^1.5", - "mikey179/vfsstream": "^1.6.8", - "php-coveralls/php-coveralls": "^2.5.2", - "php-cs-fixer/accessible-object": "^1.1", - "php-cs-fixer/phpunit-constraint-isidenticalstring": "^1.2", - "php-cs-fixer/phpunit-constraint-xmlmatchesxsd": "^1.2.1", - "phpspec/prophecy": "^1.15", - "phpspec/prophecy-phpunit": "^1.1 || ^2.0", - "phpunit/phpunit": "^8.5.21 || ^9.5", - "phpunitgoodpractices/polyfill": "^1.5", - "phpunitgoodpractices/traits": "^1.9.1", - "symfony/phpunit-bridge": "^5.2.4 || ^6.0", - "symfony/yaml": "^4.4.20 || ^5.0 || ^6.0" - }, - "suggest": { - "ext-dom": "For handling output formats in XML", - "ext-mbstring": "For handling non-UTF8 characters." - }, - "bin": [ - "php-cs-fixer" - ], - "type": "application", - "autoload": { - "psr-4": { - "PhpCsFixer\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Fabien Potencier", - "email": "fabien@symfony.com" - }, - { - "name": "Dariusz Rumiński", - "email": "dariusz.ruminski@gmail.com" - } - ], - "description": "A tool to automatically fix PHP code style", - "support": { - "issues": "https://github.com/FriendsOfPHP/PHP-CS-Fixer/issues", - "source": "https://github.com/FriendsOfPHP/PHP-CS-Fixer/tree/v3.4.0" - }, - "funding": [ - { - "url": "https://github.com/keradus", - "type": "github" - } - ], - "time": "2021-12-11T16:25:08+00:00" - }, - { - "name": "guzzlehttp/guzzle", - "version": "7.4.2", - "source": { - "type": "git", - "url": "https://github.com/guzzle/guzzle.git", - "reference": "ac1ec1cd9b5624694c3a40be801d94137afb12b4" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/ac1ec1cd9b5624694c3a40be801d94137afb12b4", - "reference": "ac1ec1cd9b5624694c3a40be801d94137afb12b4", - "shasum": "" - }, - "require": { - "ext-json": "*", - "guzzlehttp/promises": "^1.5", - "guzzlehttp/psr7": "^1.8.3 || ^2.1", - "php": "^7.2.5 || ^8.0", - "psr/http-client": "^1.0", - "symfony/deprecation-contracts": "^2.2 || ^3.0" - }, - "provide": { - "psr/http-client-implementation": "1.0" - }, - "require-dev": { - "bamarni/composer-bin-plugin": "^1.4.1", - "ext-curl": "*", - "php-http/client-integration-tests": "^3.0", - "phpunit/phpunit": "^8.5.5 || ^9.3.5", - "psr/log": "^1.1 || ^2.0 || ^3.0" - }, - "suggest": { - "ext-curl": "Required for CURL handler support", - "ext-intl": "Required for Internationalized Domain Name (IDN) support", - "psr/log": "Required for using the Log middleware" - }, - "type": "library", - "extra": { - "branch-alias": { - "dev-master": "7.4-dev" - } - }, - "autoload": { - "files": [ - "src/functions_include.php" - ], - "psr-4": { - "GuzzleHttp\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Graham Campbell", - "email": "hello@gjcampbell.co.uk", - "homepage": "https://github.com/GrahamCampbell" - }, - { - "name": "Michael Dowling", - "email": "mtdowling@gmail.com", - "homepage": "https://github.com/mtdowling" - }, - { - "name": "Jeremy Lindblom", - "email": "jeremeamia@gmail.com", - "homepage": "https://github.com/jeremeamia" - }, - { - "name": "George Mponos", - "email": "gmponos@gmail.com", - "homepage": "https://github.com/gmponos" - }, - { - "name": "Tobias Nyholm", - "email": "tobias.nyholm@gmail.com", - "homepage": "https://github.com/Nyholm" - }, - { - "name": "Márk Sági-Kazár", - "email": "mark.sagikazar@gmail.com", - "homepage": "https://github.com/sagikazarmark" - }, - { - "name": "Tobias Schultze", - "email": "webmaster@tubo-world.de", - "homepage": "https://github.com/Tobion" - } - ], - "description": "Guzzle is a PHP HTTP client library", - "keywords": [ - "client", - "curl", - "framework", - "http", - "http client", - "psr-18", - "psr-7", - "rest", - "web service" - ], - "support": { - "issues": "https://github.com/guzzle/guzzle/issues", - "source": "https://github.com/guzzle/guzzle/tree/7.4.2" - }, - "funding": [ - { - "url": "https://github.com/GrahamCampbell", - "type": "github" - }, - { - "url": "https://github.com/Nyholm", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/guzzle", - "type": "tidelift" - } - ], - "time": "2022-03-20T14:16:28+00:00" - }, - { - "name": "guzzlehttp/promises", - "version": "1.5.1", - "source": { - "type": "git", - "url": "https://github.com/guzzle/promises.git", - "reference": "fe752aedc9fd8fcca3fe7ad05d419d32998a06da" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/guzzle/promises/zipball/fe752aedc9fd8fcca3fe7ad05d419d32998a06da", - "reference": "fe752aedc9fd8fcca3fe7ad05d419d32998a06da", - "shasum": "" - }, - "require": { - "php": ">=5.5" + "composer/semver": "^3.2", + "composer/xdebug-handler": "^2.0", + "doctrine/annotations": "^1.12", + "ext-json": "*", + "ext-tokenizer": "*", + "php": "^7.2.5 || ^8.0", + "php-cs-fixer/diff": "^2.0", + "symfony/console": "^4.4.20 || ^5.1.3 || ^6.0", + "symfony/event-dispatcher": "^4.4.20 || ^5.0 || ^6.0", + "symfony/filesystem": "^4.4.20 || ^5.0 || ^6.0", + "symfony/finder": "^4.4.20 || ^5.0 || ^6.0", + "symfony/options-resolver": "^4.4.20 || ^5.0 || ^6.0", + "symfony/polyfill-mbstring": "^1.23", + "symfony/polyfill-php80": "^1.23", + "symfony/polyfill-php81": "^1.23", + "symfony/process": "^4.4.20 || ^5.0 || ^6.0", + "symfony/stopwatch": "^4.4.20 || ^5.0 || ^6.0" }, "require-dev": { - "symfony/phpunit-bridge": "^4.4 || ^5.1" + "justinrainbow/json-schema": "^5.2", + "keradus/cli-executor": "^1.5", + "mikey179/vfsstream": "^1.6.8", + "php-coveralls/php-coveralls": "^2.5.2", + "php-cs-fixer/accessible-object": "^1.1", + "php-cs-fixer/phpunit-constraint-isidenticalstring": "^1.2", + "php-cs-fixer/phpunit-constraint-xmlmatchesxsd": "^1.2.1", + "phpspec/prophecy": "^1.15", + "phpspec/prophecy-phpunit": "^1.1 || ^2.0", + "phpunit/phpunit": "^8.5.21 || ^9.5", + "phpunitgoodpractices/polyfill": "^1.5", + "phpunitgoodpractices/traits": "^1.9.1", + "symfony/phpunit-bridge": "^5.2.4 || ^6.0", + "symfony/yaml": "^4.4.20 || ^5.0 || ^6.0" }, - "type": "library", - "extra": { - "branch-alias": { - "dev-master": "1.5-dev" - } + "suggest": { + "ext-dom": "For handling output formats in XML", + "ext-mbstring": "For handling non-UTF8 characters." }, + "bin": [ + "php-cs-fixer" + ], + "type": "application", "autoload": { - "files": [ - "src/functions_include.php" - ], "psr-4": { - "GuzzleHttp\\Promise\\": "src/" + "PhpCsFixer\\": "src/" } }, "notification-url": "https://packagist.org/downloads/", @@ -7101,91 +7276,76 @@ ], "authors": [ { - "name": "Graham Campbell", - "email": "hello@gjcampbell.co.uk", - "homepage": "https://github.com/GrahamCampbell" - }, - { - "name": "Michael Dowling", - "email": "mtdowling@gmail.com", - "homepage": "https://github.com/mtdowling" - }, - { - "name": "Tobias Nyholm", - "email": "tobias.nyholm@gmail.com", - "homepage": "https://github.com/Nyholm" + "name": "Fabien Potencier", + "email": "fabien@symfony.com" }, { - "name": "Tobias Schultze", - "email": "webmaster@tubo-world.de", - "homepage": "https://github.com/Tobion" + "name": "Dariusz Rumiński", + "email": "dariusz.ruminski@gmail.com" } ], - "description": "Guzzle promises library", - "keywords": [ - "promise" - ], + "description": "A tool to automatically fix PHP code style", "support": { - "issues": "https://github.com/guzzle/promises/issues", - "source": "https://github.com/guzzle/promises/tree/1.5.1" + "issues": "https://github.com/FriendsOfPHP/PHP-CS-Fixer/issues", + "source": "https://github.com/FriendsOfPHP/PHP-CS-Fixer/tree/v3.4.0" }, "funding": [ { - "url": "https://github.com/GrahamCampbell", - "type": "github" - }, - { - "url": "https://github.com/Nyholm", + "url": "https://github.com/keradus", "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/promises", - "type": "tidelift" } ], - "time": "2021-10-22T20:56:57+00:00" + "time": "2021-12-11T16:25:08+00:00" }, { - "name": "guzzlehttp/psr7", - "version": "2.2.1", + "name": "guzzlehttp/guzzle", + "version": "7.4.2", "source": { "type": "git", - "url": "https://github.com/guzzle/psr7.git", - "reference": "c94a94f120803a18554c1805ef2e539f8285f9a2" + "url": "https://github.com/guzzle/guzzle.git", + "reference": "ac1ec1cd9b5624694c3a40be801d94137afb12b4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/psr7/zipball/c94a94f120803a18554c1805ef2e539f8285f9a2", - "reference": "c94a94f120803a18554c1805ef2e539f8285f9a2", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/ac1ec1cd9b5624694c3a40be801d94137afb12b4", + "reference": "ac1ec1cd9b5624694c3a40be801d94137afb12b4", "shasum": "" }, "require": { + "ext-json": "*", + "guzzlehttp/promises": "^1.5", + "guzzlehttp/psr7": "^1.8.3 || ^2.1", "php": "^7.2.5 || ^8.0", - "psr/http-factory": "^1.0", - "psr/http-message": "^1.0", - "ralouphie/getallheaders": "^3.0" + "psr/http-client": "^1.0", + "symfony/deprecation-contracts": "^2.2 || ^3.0" }, "provide": { - "psr/http-factory-implementation": "1.0", - "psr/http-message-implementation": "1.0" + "psr/http-client-implementation": "1.0" }, "require-dev": { "bamarni/composer-bin-plugin": "^1.4.1", - "http-interop/http-factory-tests": "^0.9", - "phpunit/phpunit": "^8.5.8 || ^9.3.10" + "ext-curl": "*", + "php-http/client-integration-tests": "^3.0", + "phpunit/phpunit": "^8.5.5 || ^9.3.5", + "psr/log": "^1.1 || ^2.0 || ^3.0" }, "suggest": { - "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses" + "ext-curl": "Required for CURL handler support", + "ext-intl": "Required for Internationalized Domain Name (IDN) support", + "psr/log": "Required for using the Log middleware" }, "type": "library", "extra": { "branch-alias": { - "dev-master": "2.2-dev" + "dev-master": "7.4-dev" } }, "autoload": { + "files": [ + "src/functions_include.php" + ], "psr-4": { - "GuzzleHttp\\Psr7\\": "src/" + "GuzzleHttp\\": "src/" } }, "notification-url": "https://packagist.org/downloads/", @@ -7203,6 +7363,11 @@ "email": "mtdowling@gmail.com", "homepage": "https://github.com/mtdowling" }, + { + "name": "Jeremy Lindblom", + "email": "jeremeamia@gmail.com", + "homepage": "https://github.com/jeremeamia" + }, { "name": "George Mponos", "email": "gmponos@gmail.com", @@ -7222,27 +7387,23 @@ "name": "Tobias Schultze", "email": "webmaster@tubo-world.de", "homepage": "https://github.com/Tobion" - }, - { - "name": "Márk Sági-Kazár", - "email": "mark.sagikazar@gmail.com", - "homepage": "https://sagikazarmark.hu" } ], - "description": "PSR-7 message implementation that also provides common utility methods", + "description": "Guzzle is a PHP HTTP client library", "keywords": [ + "client", + "curl", + "framework", "http", - "message", + "http client", + "psr-18", "psr-7", - "request", - "response", - "stream", - "uri", - "url" + "rest", + "web service" ], "support": { - "issues": "https://github.com/guzzle/psr7/issues", - "source": "https://github.com/guzzle/psr7/tree/2.2.1" + "issues": "https://github.com/guzzle/guzzle/issues", + "source": "https://github.com/guzzle/guzzle/tree/7.4.2" }, "funding": [ { @@ -7254,11 +7415,11 @@ "type": "github" }, { - "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/psr7", + "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/guzzle", "type": "tidelift" } ], - "time": "2022-03-20T21:55:58+00:00" + "time": "2022-03-20T14:16:28+00:00" }, { "name": "hoa/consistency", @@ -8259,65 +8420,6 @@ }, "time": "2022-04-13T08:02:27+00:00" }, - { - "name": "myclabs/deep-copy", - "version": "1.11.0", - "source": { - "type": "git", - "url": "https://github.com/myclabs/DeepCopy.git", - "reference": "14daed4296fae74d9e3201d2c4925d1acb7aa614" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/14daed4296fae74d9e3201d2c4925d1acb7aa614", - "reference": "14daed4296fae74d9e3201d2c4925d1acb7aa614", - "shasum": "" - }, - "require": { - "php": "^7.1 || ^8.0" - }, - "conflict": { - "doctrine/collections": "<1.6.8", - "doctrine/common": "<2.13.3 || >=3,<3.2.2" - }, - "require-dev": { - "doctrine/collections": "^1.6.8", - "doctrine/common": "^2.13.3 || ^3.2.2", - "phpunit/phpunit": "^7.5.20 || ^8.5.23 || ^9.5.13" - }, - "type": "library", - "autoload": { - "files": [ - "src/DeepCopy/deep_copy.php" - ], - "psr-4": { - "DeepCopy\\": "src/DeepCopy/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "description": "Create deep copies (clones) of your objects", - "keywords": [ - "clone", - "copy", - "duplicate", - "object", - "object graph" - ], - "support": { - "issues": "https://github.com/myclabs/DeepCopy/issues", - "source": "https://github.com/myclabs/DeepCopy/tree/1.11.0" - }, - "funding": [ - { - "url": "https://tidelift.com/funding/github/packagist/myclabs/deep-copy", - "type": "tidelift" - } - ], - "time": "2022-03-03T13:19:32+00:00" - }, { "name": "phar-io/manifest", "version": "2.0.3", @@ -9266,50 +9368,6 @@ }, "time": "2019-01-08T18:20:26+00:00" }, - { - "name": "ralouphie/getallheaders", - "version": "3.0.3", - "source": { - "type": "git", - "url": "https://github.com/ralouphie/getallheaders.git", - "reference": "120b605dfeb996808c31b6477290a714d356e822" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/ralouphie/getallheaders/zipball/120b605dfeb996808c31b6477290a714d356e822", - "reference": "120b605dfeb996808c31b6477290a714d356e822", - "shasum": "" - }, - "require": { - "php": ">=5.6" - }, - "require-dev": { - "php-coveralls/php-coveralls": "^2.1", - "phpunit/phpunit": "^5 || ^6.5" - }, - "type": "library", - "autoload": { - "files": [ - "src/getallheaders.php" - ] - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Ralph Khattar", - "email": "ralph.khattar@gmail.com" - } - ], - "description": "A polyfill for getallheaders.", - "support": { - "issues": "https://github.com/ralouphie/getallheaders/issues", - "source": "https://github.com/ralouphie/getallheaders/tree/develop" - }, - "time": "2019-03-08T08:55:37+00:00" - }, { "name": "sebastian/code-unit-reverse-lookup", "version": "1.0.2", @@ -10844,6 +10902,7 @@ "stability-flags": { "maximebf/debugbar": 20, "tobscure/json-api": 20, + "php-tuf/php-tuf": 20, "joomla/cms-coding-standards": 20, "joomla/coding-standards": 20 }, @@ -10859,5 +10918,5 @@ "platform-overrides": { "php": "7.2.5" }, - "plugin-api-version": "2.3.0" + "plugin-api-version": "2.2.0" } diff --git a/libraries/src/TUF/HttpFileFetcher.php b/libraries/src/TUF/HttpFileFetcher.php new file mode 100644 index 00000000000..481a4f6ac38 --- /dev/null +++ b/libraries/src/TUF/HttpFileFetcher.php @@ -0,0 +1,162 @@ +client = $client; + $this->metadataPrefix = $metadataPrefix; + $this->targetsPrefix = $targetsPrefix; + } + + /** + * Creates an instance of this class with a specific base URI. + * + * @param string $baseUri + * The base URI from which to fetch files. + * @param string $metadataPrefix + * (optional) The path prefix for metadata. Defaults to '/metadata/'. + * @param string $targetsPrefix + * (optional) The path prefix for targets. Defaults to '/targets/'. + * + * @return static + * A new instance of this class. + */ + public static function createFromUri( + string $baseUri, + string $metadataPrefix = '/metadata/', + string $targetsPrefix = '/targets/' + ): self { + $httpFactory = new HttpFactory(); + $client = $httpFactory->getHttp([], 'curl'); + + return new static($client, $metadataPrefix, $targetsPrefix); + } + + /** + * {@inheritDoc} + */ + public function fetchMetadata(string $fileName, int $maxBytes): PromiseInterface + { + return $this->fetchFile($this->metadataPrefix . $fileName, $maxBytes); + } + + /** + * {@inheritDoc} + * + * @param array $options + * (optional) Additional request options to pass to the Guzzle client. + * See \GuzzleHttp\RequestOptions. + * @param string $url + * (optional) An arbitrary URL from which the target should be downloaded. + * If passed, takes precedence over $fileName. + */ + public function fetchTarget( + string $fileName, + int $maxBytes, + array $options = [], + string $url = null + ): PromiseInterface { + $location = $url ?: $this->targetsPrefix . $fileName; + return $this->fetchFile($location, $maxBytes, $options); + } + + /** + * Fetches a file from a URL. + * + * @param string $url + * The URL of the file to fetch. + * @param integer $maxBytes + * The maximum number of bytes to download. + * @param array $options + * (optional) Additional request options to pass to the Guzzle client. + * See \GuzzleHttp\RequestOptions. + * + * @return \Psr\Http\Message\StreamInterface + * A promise representing the eventual result of the operation. + */ + protected function fetchFile(string $url, int $maxBytes, array $headers = []): PromiseInterface + { + // Create a progress callback to abort the download if it exceeds + // $maxBytes. This will only work with cURL, so we also verify the + // download size when request is finished. + $progress = function (int $expectedBytes, int $downloadedBytes) use ($url, $maxBytes) { + if ($expectedBytes > $maxBytes || $downloadedBytes > $maxBytes) { + throw new DownloadSizeException("$url exceeded $maxBytes bytes"); + } + }; + + /** @var Response $response */ + $response = $this->client->get($url, $headers); + $response->getBody()->rewind(); + + if ($response->getStatusCode() === 404) { + throw new RepoFileNotFound(); + } + + if ($response->getStatusCode() !== 200) { + throw new \RuntimeException( + "Invalid TUF repo response: " . $response->getBody()->getContents(), + $response->getStatusCode() + ); + } + + return new FulfilledPromise($response->getBody()->getContents()); + } + + /** + * {@inheritDoc} + */ + public function fetchMetadataIfExists(string $fileName, int $maxBytes): ?string + { + try { + return $this->fetchMetadata($fileName, $maxBytes)->wait(); + } catch (RepoFileNotFound $exception) { + return null; + } + } +} diff --git a/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php b/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php new file mode 100644 index 00000000000..b653d78275e --- /dev/null +++ b/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php @@ -0,0 +1,227 @@ + + * @license GNU General Public License version 2 or later; see LICENSE.txt + */ + +namespace Joomla\Tests\Unit\Libraries\Cms\TUF; + +use Joomla\Http\Http; +use Psr\Http\Message\StreamInterface; +use Joomla\CMS\TUF\HttpFileFetcher; +use Tuf\Exception\RepoFileNotFound; +use Joomla\Tests\Unit\UnitTestCase; + +/** + * @coversDefaultClass \Joomla\CMS\TUF\HttpFileFetcher + */ +class HttpFileFetcherTest extends UnitTestCase +{ + /** + * The content of the mocked response(s). + * + * This is deliberately not readable by json_decode(), in order to prove + * that the fetcher does not try to parse or process the response content + * in any way. + * + * @var string + */ + private $testContent = 'Zombie ipsum reversus ab viral inferno, nam rick grimes malum cerebro.'; + + + /** + * Returns an instance of the file fetcher under test. + * + * @return HttpFileFetcher + * An instance of the file fetcher under test. + */ + private function getFetcher($clientMock): HttpFileFetcher + { + return new HttpFileFetcher($clientMock, '/metadata/', '/targets/'); + } + + /** + * Data provider for testfetchFileError(). + * + * @return array[] + * Sets of arguments to pass to the test method. + */ + public function providerFetchFileError(): array + { + return [ + [404, RepoFileNotFound::class, 0], + [403, 'RuntimeException'] + ]; + } + + /** + * Data provider for testFetchFileIfExistsError(). + * + * @return array[] + * Sets of arguments to pass to the test method. + */ + public function providerFileIfExistsError(): array + { + return [ + [403, 'RuntimeException'] + ]; + } + + /** + * Tests various error conditions when fetching a file with fetchFile(). + * + * @param integer $statusCode + * The response status code. + * @param string $exceptionClass + * The expected exception class that will be thrown. + * @param integer|null $exceptionCode + * (optional) The expected exception code. Defaults to the status code. + * @param integer|null $maxBytes + * (optional) The maximum number of bytes to read from the response. + * Defaults to the length of $this->testContent. + * + * @return void + * + * @dataProvider providerFetchFileError + * + * @covers ::fetchFile + */ + public function testFetchFileError( + int $statusCode, + string $exceptionClass, + ?int $exceptionCode = null, + ?int $maxBytes = null + ): void { + $clientResponseMock = $this->getMockBuilder(\Joomla\Http\Response::class)->getMock(); + $clientResponseMock->method('getStatusCode')->willReturn($statusCode); + + $clientMock = $this->getMockBuilder(Http::class)->getMock(); + $clientMock->method('get')->willReturn($clientResponseMock); + + $this->expectException($exceptionClass); + $this->expectExceptionCode($exceptionCode ?? $statusCode); + $this->getFetcher($clientMock) + ->fetchMetadata('test.json', $maxBytes ?? strlen($this->testContent)) + ->wait(); + } + + /** + * Tests various error conditions when fetching a file with fetchFileIfExists(). + * + * @param integer $statusCode + * The response status code. + * @param string $exceptionClass + * The expected exception class that will be thrown. + * @param integer|null $exceptionCode + * (optional) The expected exception code. Defaults to the status code. + * @param integer|null $maxBytes + * (optional) The maximum number of bytes to read from the response. + * Defaults to the length of $this->testContent. + * + * @return void + * + * @dataProvider providerFileIfExistsError + * + * @covers ::providerFileIfExists + */ + public function testFetchFileIfExistsError( + int $statusCode, + string $exceptionClass, + ?int $exceptionCode = null, + ?int $maxBytes = null + ): void { + $clientResponseMock = $this->getMockBuilder(\Joomla\Http\Response::class)->getMock(); + $clientResponseMock->method('getStatusCode')->willReturn($statusCode); + + $clientMock = $this->getMockBuilder(Http::class)->getMock(); + $clientMock->method('get')->willReturn($clientResponseMock); + + $this->expectException($exceptionClass); + $this->expectExceptionCode($exceptionCode ?? $statusCode); + $this->getFetcher($clientMock) + ->fetchMetadataIfExists('test.json', $maxBytes ?? strlen($this->testContent)); + } + + /** + * Tests fetching a file without any errors. + * + * @return void + */ + public function testFetchMetadataReturnsCorrectResponseOnSuccessfulFetch(): void + { + $clientBodyMock = $this->getMockBuilder(StreamInterface::class)->getMock(); + $clientBodyMock->method('getContents')->willReturn($this->testContent); + + $clientResponseMock = $this->getMockBuilder(\Joomla\Http\Response::class)->getMock(); + $clientResponseMock->method('getStatusCode')->willReturn(200); + $clientResponseMock->method('getBody')->willReturn($clientBodyMock); + + $clientMock = $this->getMockBuilder(Http::class)->getMock(); + $clientMock->method('get')->willReturn($clientResponseMock); + + $this->assertSame( + $this->testContent, + $this->getFetcher($clientMock)->fetchMetadata('test.json', 256)->wait() + ); + } + + /** + * Tests fetching a file without any errors. + * + * @return void + */ + public function testFetchMetadataIfExistsReturnsCorrectResponseOnSuccessfulFetch(): void + { + $clientBodyMock = $this->getMockBuilder(StreamInterface::class)->getMock(); + $clientBodyMock->method('getContents')->willReturn($this->testContent); + + $clientResponseMock = $this->getMockBuilder(\Joomla\Http\Response::class)->getMock(); + $clientResponseMock->method('getStatusCode')->willReturn(200); + $clientResponseMock->method('getBody')->willReturn($clientBodyMock); + + $clientMock = $this->getMockBuilder(Http::class)->getMock(); + $clientMock->method('get')->willReturn($clientResponseMock); + + $this->assertSame( + $this->testContent, + $this->getFetcher($clientMock)->fetchMetadataIfExists('test.json', 256) + ); + } + + /** + * Tests fetching a file without any errors. + * + * @return void + */ + public function testFetchMetadataIfExistsReturnsCorrectResponseOnNotFoundFetch(): void + { + $clientBodyMock = $this->getMockBuilder(StreamInterface::class)->getMock(); + $clientBodyMock->method('getContents')->willReturn($this->testContent); + + $clientResponseMock = $this->getMockBuilder(\Joomla\Http\Response::class)->getMock(); + $clientResponseMock->method('getStatusCode')->willReturn(404); + $clientResponseMock->method('getBody')->willReturn($clientBodyMock); + + $clientMock = $this->getMockBuilder(Http::class)->getMock(); + $clientMock->method('get')->willReturn($clientResponseMock); + + $this->assertNull( + $this->getFetcher($clientMock)->fetchMetadataIfExists('test.json', 256) + ); + } + + /** + * Tests creating a file fetcher with a repo base URI. + * + * @return void + * + * @covers ::createFromUri + */ + public function testCreateFromUri(): void + { + $this->assertInstanceOf(HttpFileFetcher::class, HttpFileFetcher::createFromUri('https://example.com')); + } +} From 2442045b11c5db4620237ccb02a66fdcb914a9e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20Nu=CC=88bel?= Date: Sun, 12 Jun 2022 12:30:02 +0200 Subject: [PATCH 31/56] change stabilityTags to stability --- libraries/src/Updater/ConstraintChecker.php | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/libraries/src/Updater/ConstraintChecker.php b/libraries/src/Updater/ConstraintChecker.php index 70db5ffaf25..92664fae510 100644 --- a/libraries/src/Updater/ConstraintChecker.php +++ b/libraries/src/Updater/ConstraintChecker.php @@ -59,7 +59,7 @@ public function check(array $constraints) } // Check stability - if (isset($constraints['tags']) && !$this->checkStability($constraints['tags'])) + if (isset($constraints['stability']) && !$this->checkStability($constraints['stability'])) { return false; } @@ -147,29 +147,24 @@ protected function checkSupportedDatabases(\stdClass $supportedDatabases) /** * Check the stability * - * @param array $stabilityTags Stability tags to check + * @param string $stability Stability to check * * @return bool * * @since __DEPLOY_VERSION__ */ - protected function checkStability(array $stabilityTags) + protected function checkStability(string $stability) { $minimumStability = ComponentHelper::getParams('com_installer')->get('minimum_stability', Updater::STABILITY_STABLE); - $stabilityMatch = false; + $stabilityInt = $this->stabilityToInteger($stability); - foreach ($stabilityTags as $tag) + if (($stabilityInt < $minimumStability)) { - $stability = $this->stabilityTagToInteger($tag); - - if (($stability >= $minimumStability)) - { - $stabilityMatch = true; - } + return false; } - return $stabilityMatch; + return true; } /** @@ -182,7 +177,7 @@ protected function checkStability(array $stabilityTags) * * @since __DEPLOY_VERSION__ */ - protected function stabilityTagToInteger($tag) + protected function stabilityToInteger($tag) { $constant = '\\Joomla\\CMS\\Updater\\Updater::STABILITY_' . strtoupper($tag); From 0bed04ff08fa3da4278f0e6be4a279767cb9661c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20Nu=CC=88bel?= Date: Sun, 12 Jun 2022 12:30:20 +0200 Subject: [PATCH 32/56] wip tuf --- libraries/src/TUF/TufValidation.php | 2 - libraries/src/Updater/Adapter/TufAdapter.php | 53 +++++++++++++------- 2 files changed, 35 insertions(+), 20 deletions(-) diff --git a/libraries/src/TUF/TufValidation.php b/libraries/src/TUF/TufValidation.php index 978ce99c949..89dfdc5d00f 100644 --- a/libraries/src/TUF/TufValidation.php +++ b/libraries/src/TUF/TufValidation.php @@ -112,8 +112,6 @@ public function getValidUpdate(): mixed { $db = Factory::getContainer()->get(DatabaseDriver::class); - // $db = Factory::getDbo(); - $fileFetcher = HttpFileFetcher::createFromUri($this->params['url_prefix'], $this->params['metadata_path'], $this->params['targets_path']); $storage = new DatabaseStorage($db, $this->extensionId); diff --git a/libraries/src/Updater/Adapter/TufAdapter.php b/libraries/src/Updater/Adapter/TufAdapter.php index b57629f721c..8ddd45d0459 100644 --- a/libraries/src/Updater/Adapter/TufAdapter.php +++ b/libraries/src/Updater/Adapter/TufAdapter.php @@ -2,7 +2,7 @@ /** * Joomla! Content Management System * - * @copyright (C) 2008 Open Source Matters, Inc. + * @copyright (C) 2022 Open Source Matters, Inc. * @license GNU General Public License version 2 or later; see LICENSE.txt */ @@ -16,6 +16,7 @@ use Joomla\CMS\Language\Text; use Joomla\CMS\Table\Table; use Joomla\CMS\Updater\UpdateAdapter; +use Joomla\CMS\Updater\ConstraintChecker; use Joomla\CMS\Updater\Updater; use Joomla\CMS\Version; use Joomla\CMS\TUF\TufValidation; @@ -23,9 +24,9 @@ use Symfony\Component\OptionsResolver\OptionsResolver; /** - * Extension class for updater + * TUF Update Adapter Class * - * @since 1.7.0 + * @since __DEPLOY_VERSION__ */ class TufAdapter extends UpdateAdapter { @@ -44,7 +45,7 @@ class TufAdapter extends UpdateAdapter * * @return array|boolean Array containing the array of update sites and array of updates. False on failure * - * @since 1.7.0 + * @since __DEPLOY_VERSION__ */ public function findUpdate($options) { @@ -64,6 +65,15 @@ public function findUpdate($options) return array('update_sites' => array(), 'updates' => $updates); } + /** + * Finds targets. + * + * @param array $options Update options. + * + * @return array|boolean Array containing the array of update sites and array of updates. False on failure + * + * @since __DEPLOY_VERSION__ + */ public function getUpdateTargets($options) { $versions = array(); @@ -148,13 +158,21 @@ public function getUpdateTargets($options) } usort($versions, function ($a, $b) { - return version_compare($a['version'], $b['version']); + return version_compare($b['version'], $a['version']); }); - // TODO ConstraintsCheck + $checker = new ConstraintChecker; + + foreach ($versions as $version) + { + if ($checker->check((array) $version)) + { + return array($version); + } + } } - return $versions; + return false; } /** @@ -168,20 +186,20 @@ protected function configureUpdateOptions(OptionsResolver $resolver) { $resolver->setDefaults( [ - 'version' => "1", 'name' => null, - 'client' => 1, - 'description' => '', + 'description' => '', 'element' => '', + 'type' => null, + 'client' => 1, + 'version' => "1", + 'data' => '', 'detailsurl' => '', - 'data' => '', 'infourl' => '', - 'type' => null, - 'tags' => new \StdClass, + 'downloads' => [], 'targetplatform' => new \StdClass, + 'php_minimum' => null, 'supported_databases' => new \StdClass, - 'downloads' => [], - 'php_minimum' => null + 'stability' => null ] ) ->setAllowedTypes('version', 'string') @@ -193,12 +211,11 @@ protected function configureUpdateOptions(OptionsResolver $resolver) ->setAllowedTypes('detailsurl', 'string') ->setAllowedTypes('infourl', 'string') ->setAllowedTypes('client', 'int') - ->setAllowedTypes('php_minimum', 'string') ->setAllowedTypes('downloads', 'array') - ->setAllowedTypes('tags', 'object') ->setAllowedTypes('targetplatform', 'object') + ->setAllowedTypes('php_minimum', 'string') ->setAllowedTypes('supported_databases', 'object') - ->setAllowedTypes('targetplatform', 'object') + ->setAllowedTypes('stability', 'string') ->setRequired(['version']); } } From 393f7ed278cee694a581765a925ed6e3c387db79 Mon Sep 17 00:00:00 2001 From: David Jardin Date: Sun, 12 Jun 2022 12:54:47 +0200 Subject: [PATCH 33/56] cs fixes, tweaks --- libraries/src/TUF/HttpFileFetcher.php | 89 +++++++++++-------- .../Libraries/Cms/TUF/HttpFileFetcherTest.php | 7 +- 2 files changed, 55 insertions(+), 41 deletions(-) diff --git a/libraries/src/TUF/HttpFileFetcher.php b/libraries/src/TUF/HttpFileFetcher.php index 481a4f6ac38..baf3f8401bc 100644 --- a/libraries/src/TUF/HttpFileFetcher.php +++ b/libraries/src/TUF/HttpFileFetcher.php @@ -1,4 +1,10 @@ + * @license GNU General Public License version 2 or later; see LICENSE.txt + */ namespace Joomla\CMS\TUF; @@ -12,7 +18,7 @@ use Tuf\Exception\RepoFileNotFound; /** - * Defines a file fetcher that uses joomla/http to read a file over HTTPS. + * @since __DEPLOY_VERSION__ */ class HttpFileFetcher implements RepoFileFetcherInterface { @@ -23,6 +29,13 @@ class HttpFileFetcher implements RepoFileFetcherInterface */ private $client; + /** + * The base URI for requests + * + * @var string|null + */ + private $baseUri; + /** * The path prefix for metadata. * @@ -39,32 +52,27 @@ class HttpFileFetcher implements RepoFileFetcherInterface /** * JHttpFileFetcher constructor. - * @param \Joomla\Http\Http $client - * The HTTP client. - * @param string $metadataPrefix - * The path prefix for metadata. - * @param string $targetsPrefix - * The path prefix for targets. + * + * @param \Joomla\Http\Http $client The HTTP client. + * @param string $metadataPrefix The path prefix for metadata. + * @param string $targetsPrefix The path prefix for targets. */ - public function __construct(Http $client, string $metadataPrefix, string $targetsPrefix) + public function __construct(Http $client, string $metadataPrefix, string $targetsPrefix, $baseUri) { $this->client = $client; $this->metadataPrefix = $metadataPrefix; $this->targetsPrefix = $targetsPrefix; + $this->baseUri = $baseUri; } /** * Creates an instance of this class with a specific base URI. * - * @param string $baseUri - * The base URI from which to fetch files. - * @param string $metadataPrefix - * (optional) The path prefix for metadata. Defaults to '/metadata/'. - * @param string $targetsPrefix - * (optional) The path prefix for targets. Defaults to '/targets/'. + * @param string $baseUri The base URI from which to fetch files. + * @param string $metadataPrefix (optional) The path prefix for metadata. Defaults to '/metadata/'. + * @param string $targetsPrefix (optional) The path prefix for targets. Defaults to '/targets/'. * - * @return static - * A new instance of this class. + * @return static A new instance of this class. */ public static function createFromUri( string $baseUri, @@ -74,11 +82,16 @@ public static function createFromUri( $httpFactory = new HttpFactory(); $client = $httpFactory->getHttp([], 'curl'); - return new static($client, $metadataPrefix, $targetsPrefix); + return new static($client, $metadataPrefix, $targetsPrefix, $baseUri); } /** - * {@inheritDoc} + * Fetches a metadata file from the remote repo. + * + * @param string $fileName The name of the metadata file to fetch. + * @param integer $maxBytes The maximum number of bytes to download. + * + * @return \GuzzleHttp\Promise\PromiseInterface A promise wrapping a StreamInterface instanfe */ public function fetchMetadata(string $fileName, int $maxBytes): PromiseInterface { @@ -86,14 +99,12 @@ public function fetchMetadata(string $fileName, int $maxBytes): PromiseInterface } /** - * {@inheritDoc} + * Fetches a target file from the remote repo. + * + * @param array $options (optional) Additional request options to pass to the http client + * @param string $url An arbitrary URL from which the target should be downloaded. * - * @param array $options - * (optional) Additional request options to pass to the Guzzle client. - * See \GuzzleHttp\RequestOptions. - * @param string $url - * (optional) An arbitrary URL from which the target should be downloaded. - * If passed, takes precedence over $fileName. + * @return PromiseInterface */ public function fetchTarget( string $fileName, @@ -108,18 +119,13 @@ public function fetchTarget( /** * Fetches a file from a URL. * - * @param string $url - * The URL of the file to fetch. - * @param integer $maxBytes - * The maximum number of bytes to download. - * @param array $options - * (optional) Additional request options to pass to the Guzzle client. - * See \GuzzleHttp\RequestOptions. + * @param string $url The URL of the file to fetch. + * @param integer $maxBytes The maximum number of bytes to download. + * @param array $options Additional request options to pass to the http client * - * @return \Psr\Http\Message\StreamInterface - * A promise representing the eventual result of the operation. + * @return PromiseInterface A promise representing the eventual result of the operation. */ - protected function fetchFile(string $url, int $maxBytes, array $headers = []): PromiseInterface + protected function fetchFile(string $url, int $maxBytes, array $options = []): PromiseInterface { // Create a progress callback to abort the download if it exceeds // $maxBytes. This will only work with cURL, so we also verify the @@ -130,8 +136,10 @@ protected function fetchFile(string $url, int $maxBytes, array $headers = []): P } }; + $headers = (!empty($options['headers'])) ? $options['headers'] : []; + /** @var Response $response */ - $response = $this->client->get($url, $headers); + $response = $this->client->get($this->baseUri . $url, $headers); $response->getBody()->rewind(); if ($response->getStatusCode() === 404) { @@ -145,11 +153,16 @@ protected function fetchFile(string $url, int $maxBytes, array $headers = []): P ); } - return new FulfilledPromise($response->getBody()->getContents()); + return new FulfilledPromise($response->getBody()); } /** - * {@inheritDoc} + * Gets a file if it exists in the remote repo. + * + * @param string $fileName The file name to fetch. + * @param integer $maxBytes The maximum number of bytes to download. + * + * @return string|null The contents of the file or null if it does not exist. */ public function fetchMetadataIfExists(string $fileName, int $maxBytes): ?string { diff --git a/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php b/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php index b653d78275e..79eb26b65ef 100644 --- a/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php +++ b/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php @@ -40,7 +40,7 @@ class HttpFileFetcherTest extends UnitTestCase */ private function getFetcher($clientMock): HttpFileFetcher { - return new HttpFileFetcher($clientMock, '/metadata/', '/targets/'); + return new HttpFileFetcher($clientMock, '/metadata/', '/targets/', ""); } /** @@ -164,7 +164,7 @@ public function testFetchMetadataReturnsCorrectResponseOnSuccessfulFetch(): void $this->assertSame( $this->testContent, - $this->getFetcher($clientMock)->fetchMetadata('test.json', 256)->wait() + $this->getFetcher($clientMock)->fetchMetadata('test.json', 256)->wait()->getContents() ); } @@ -176,7 +176,8 @@ public function testFetchMetadataReturnsCorrectResponseOnSuccessfulFetch(): void public function testFetchMetadataIfExistsReturnsCorrectResponseOnSuccessfulFetch(): void { $clientBodyMock = $this->getMockBuilder(StreamInterface::class)->getMock(); - $clientBodyMock->method('getContents')->willReturn($this->testContent); + $clientBodyMock->method('rewind')->willReturnSelf(); + $clientBodyMock->method('__toString')->willReturn($this->testContent); $clientResponseMock = $this->getMockBuilder(\Joomla\Http\Response::class)->getMock(); $clientResponseMock->method('getStatusCode')->willReturn(200); From 3c20851e7508f5344566d9fbe84c81ec9fdb3a8f Mon Sep 17 00:00:00 2001 From: David Jardin Date: Sun, 12 Jun 2022 12:59:57 +0200 Subject: [PATCH 34/56] Apply suggestions from code review Co-authored-by: Tobias Zulauf --- libraries/src/TUF/HttpFileFetcher.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/libraries/src/TUF/HttpFileFetcher.php b/libraries/src/TUF/HttpFileFetcher.php index baf3f8401bc..0ec4b99fcd4 100644 --- a/libraries/src/TUF/HttpFileFetcher.php +++ b/libraries/src/TUF/HttpFileFetcher.php @@ -26,6 +26,8 @@ class HttpFileFetcher implements RepoFileFetcherInterface * The HTTP client. * * @var \Joomla\Http\Http + * + * @since __DEPLOY_VERSION__ */ private $client; @@ -40,6 +42,8 @@ class HttpFileFetcher implements RepoFileFetcherInterface * The path prefix for metadata. * * @var string|null + * + * @since __DEPLOY_VERSION__ */ private $metadataPrefix; @@ -47,6 +51,8 @@ class HttpFileFetcher implements RepoFileFetcherInterface * The path prefix for targets. * * @var string|null + * + * @since __DEPLOY_VERSION__ */ private $targetsPrefix; @@ -56,6 +62,8 @@ class HttpFileFetcher implements RepoFileFetcherInterface * @param \Joomla\Http\Http $client The HTTP client. * @param string $metadataPrefix The path prefix for metadata. * @param string $targetsPrefix The path prefix for targets. + * + * @since __DEPLOY_VERSION__ */ public function __construct(Http $client, string $metadataPrefix, string $targetsPrefix, $baseUri) { @@ -73,6 +81,8 @@ public function __construct(Http $client, string $metadataPrefix, string $target * @param string $targetsPrefix (optional) The path prefix for targets. Defaults to '/targets/'. * * @return static A new instance of this class. + * + * @since __DEPLOY_VERSION__ */ public static function createFromUri( string $baseUri, @@ -105,6 +115,8 @@ public function fetchMetadata(string $fileName, int $maxBytes): PromiseInterface * @param string $url An arbitrary URL from which the target should be downloaded. * * @return PromiseInterface + * + * @since __DEPLOY_VERSION__ */ public function fetchTarget( string $fileName, @@ -124,6 +136,8 @@ public function fetchTarget( * @param array $options Additional request options to pass to the http client * * @return PromiseInterface A promise representing the eventual result of the operation. + * + * @since __DEPLOY_VERSION__ */ protected function fetchFile(string $url, int $maxBytes, array $options = []): PromiseInterface { From 9805efa8b85183a4db656a57d4f00ee53b06b509 Mon Sep 17 00:00:00 2001 From: David Jardin Date: Sun, 12 Jun 2022 13:00:22 +0200 Subject: [PATCH 35/56] cs fixes --- libraries/src/TUF/HttpFileFetcher.php | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/libraries/src/TUF/HttpFileFetcher.php b/libraries/src/TUF/HttpFileFetcher.php index 0ec4b99fcd4..1db794e03e1 100644 --- a/libraries/src/TUF/HttpFileFetcher.php +++ b/libraries/src/TUF/HttpFileFetcher.php @@ -35,6 +35,8 @@ class HttpFileFetcher implements RepoFileFetcherInterface * The base URI for requests * * @var string|null + * + * @since __DEPLOY_VERSION__ */ private $baseUri; @@ -145,7 +147,8 @@ protected function fetchFile(string $url, int $maxBytes, array $options = []): P // $maxBytes. This will only work with cURL, so we also verify the // download size when request is finished. $progress = function (int $expectedBytes, int $downloadedBytes) use ($url, $maxBytes) { - if ($expectedBytes > $maxBytes || $downloadedBytes > $maxBytes) { + if ($expectedBytes > $maxBytes || $downloadedBytes > $maxBytes) + { throw new DownloadSizeException("$url exceeded $maxBytes bytes"); } }; @@ -156,11 +159,13 @@ protected function fetchFile(string $url, int $maxBytes, array $options = []): P $response = $this->client->get($this->baseUri . $url, $headers); $response->getBody()->rewind(); - if ($response->getStatusCode() === 404) { + if ($response->getStatusCode() === 404) + { throw new RepoFileNotFound(); } - if ($response->getStatusCode() !== 200) { + if ($response->getStatusCode() !== 200) + { throw new \RuntimeException( "Invalid TUF repo response: " . $response->getBody()->getContents(), $response->getStatusCode() @@ -180,9 +185,12 @@ protected function fetchFile(string $url, int $maxBytes, array $options = []): P */ public function fetchMetadataIfExists(string $fileName, int $maxBytes): ?string { - try { + try + { return $this->fetchMetadata($fileName, $maxBytes)->wait(); - } catch (RepoFileNotFound $exception) { + } + catch (RepoFileNotFound $exception) + { return null; } } From a4e1e21b054b197b48a8aed57843d0b42a994445 Mon Sep 17 00:00:00 2001 From: David Jardin Date: Sun, 12 Jun 2022 13:04:09 +0200 Subject: [PATCH 36/56] Update composer.json Co-authored-by: Tobias Zulauf --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index a7bab3394d6..9c8e5fac3b3 100644 --- a/composer.json +++ b/composer.json @@ -34,7 +34,7 @@ { "type": "vcs", "url": "https://github.com/joomla-projects/php-tuf.git", - "no-api": true + "no-api": true } ], "autoload": { From 311051b8390bb4e0ebab9d21c1a61aa3f84b97f8 Mon Sep 17 00:00:00 2001 From: David Jardin Date: Sun, 12 Jun 2022 13:05:21 +0200 Subject: [PATCH 37/56] Update composer.json Co-authored-by: Tobias Zulauf --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 9c8e5fac3b3..5d7188fd957 100644 --- a/composer.json +++ b/composer.json @@ -29,7 +29,7 @@ { "type": "vcs", "url": "https://github.com/joomla-backports/json-api-php.git", - "no-api": true + "no-api": true }, { "type": "vcs", From c594935bdf4f3ec22fb51856fe5d8e23076c4d17 Mon Sep 17 00:00:00 2001 From: David Jardin Date: Sun, 12 Jun 2022 13:06:51 +0200 Subject: [PATCH 38/56] Update tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php Co-authored-by: Tobias Zulauf --- tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php b/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php index 79eb26b65ef..5ae27351da9 100644 --- a/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php +++ b/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php @@ -3,7 +3,7 @@ * @package Joomla.UnitTest * @subpackage Version * - * @copyright (C) 2019 Open Source Matters, Inc. + * @copyright (C) 2022 Open Source Matters, Inc. * @license GNU General Public License version 2 or later; see LICENSE.txt */ From b749a32979ea099d5ae818cb43ed7a5cbce836ec Mon Sep 17 00:00:00 2001 From: David Jardin Date: Sun, 12 Jun 2022 13:06:56 +0200 Subject: [PATCH 39/56] Update tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php Co-authored-by: Tobias Zulauf --- tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php b/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php index 5ae27351da9..4f80d9b3842 100644 --- a/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php +++ b/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php @@ -1,7 +1,7 @@ * @license GNU General Public License version 2 or later; see LICENSE.txt From 3e65cc21964e728ef1ee97e8d6b0eabcdecf0b5d Mon Sep 17 00:00:00 2001 From: David Jardin Date: Sun, 12 Jun 2022 13:08:35 +0200 Subject: [PATCH 40/56] Apply suggestions from code review Co-authored-by: Tobias Zulauf --- tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php b/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php index 4f80d9b3842..88e464b9e14 100644 --- a/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php +++ b/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php @@ -1,10 +1,10 @@ - * @license GNU General Public License version 2 or later; see LICENSE.txt + * @license GNU General Public License version 2 or later; see LICENSE.txt */ namespace Joomla\Tests\Unit\Libraries\Cms\TUF; @@ -31,7 +31,6 @@ class HttpFileFetcherTest extends UnitTestCase */ private $testContent = 'Zombie ipsum reversus ab viral inferno, nam rick grimes malum cerebro.'; - /** * Returns an instance of the file fetcher under test. * @@ -223,6 +222,9 @@ public function testFetchMetadataIfExistsReturnsCorrectResponseOnNotFoundFetch() */ public function testCreateFromUri(): void { - $this->assertInstanceOf(HttpFileFetcher::class, HttpFileFetcher::createFromUri('https://example.com')); + $this->assertInstanceOf( + HttpFileFetcher::class, + HttpFileFetcher::createFromUri('https://example.com') + ); } } From b0c009757332188e6182fe007677141fcae25e5a Mon Sep 17 00:00:00 2001 From: David Jardin Date: Sun, 12 Jun 2022 13:13:12 +0200 Subject: [PATCH 41/56] cs fixes --- libraries/src/TUF/HttpFileFetcher.php | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/libraries/src/TUF/HttpFileFetcher.php b/libraries/src/TUF/HttpFileFetcher.php index 1db794e03e1..f128aacfb7f 100644 --- a/libraries/src/TUF/HttpFileFetcher.php +++ b/libraries/src/TUF/HttpFileFetcher.php @@ -27,7 +27,7 @@ class HttpFileFetcher implements RepoFileFetcherInterface * * @var \Joomla\Http\Http * - * @since __DEPLOY_VERSION__ + * @since __DEPLOY_VERSION__ */ private $client; @@ -45,7 +45,7 @@ class HttpFileFetcher implements RepoFileFetcherInterface * * @var string|null * - * @since __DEPLOY_VERSION__ + * @since __DEPLOY_VERSION__ */ private $metadataPrefix; @@ -54,7 +54,7 @@ class HttpFileFetcher implements RepoFileFetcherInterface * * @var string|null * - * @since __DEPLOY_VERSION__ + * @since __DEPLOY_VERSION__ */ private $targetsPrefix; @@ -65,7 +65,7 @@ class HttpFileFetcher implements RepoFileFetcherInterface * @param string $metadataPrefix The path prefix for metadata. * @param string $targetsPrefix The path prefix for targets. * - * @since __DEPLOY_VERSION__ + * @since __DEPLOY_VERSION__ */ public function __construct(Http $client, string $metadataPrefix, string $targetsPrefix, $baseUri) { @@ -84,7 +84,7 @@ public function __construct(Http $client, string $metadataPrefix, string $target * * @return static A new instance of this class. * - * @since __DEPLOY_VERSION__ + * @since __DEPLOY_VERSION__ */ public static function createFromUri( string $baseUri, @@ -118,7 +118,7 @@ public function fetchMetadata(string $fileName, int $maxBytes): PromiseInterface * * @return PromiseInterface * - * @since __DEPLOY_VERSION__ + * @since __DEPLOY_VERSION__ */ public function fetchTarget( string $fileName, @@ -139,20 +139,10 @@ public function fetchTarget( * * @return PromiseInterface A promise representing the eventual result of the operation. * - * @since __DEPLOY_VERSION__ + * @since __DEPLOY_VERSION__ */ protected function fetchFile(string $url, int $maxBytes, array $options = []): PromiseInterface { - // Create a progress callback to abort the download if it exceeds - // $maxBytes. This will only work with cURL, so we also verify the - // download size when request is finished. - $progress = function (int $expectedBytes, int $downloadedBytes) use ($url, $maxBytes) { - if ($expectedBytes > $maxBytes || $downloadedBytes > $maxBytes) - { - throw new DownloadSizeException("$url exceeded $maxBytes bytes"); - } - }; - $headers = (!empty($options['headers'])) ? $options['headers'] : []; /** @var Response $response */ From 48f0b34d7de4c2d7248d4e10e53f8bfafd66e719 Mon Sep 17 00:00:00 2001 From: David Jardin Date: Sun, 12 Jun 2022 13:21:54 +0200 Subject: [PATCH 42/56] cs fixes --- libraries/src/TUF/HttpFileFetcher.php | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/libraries/src/TUF/HttpFileFetcher.php b/libraries/src/TUF/HttpFileFetcher.php index f128aacfb7f..1a428f9f1a5 100644 --- a/libraries/src/TUF/HttpFileFetcher.php +++ b/libraries/src/TUF/HttpFileFetcher.php @@ -64,10 +64,11 @@ class HttpFileFetcher implements RepoFileFetcherInterface * @param \Joomla\Http\Http $client The HTTP client. * @param string $metadataPrefix The path prefix for metadata. * @param string $targetsPrefix The path prefix for targets. + * @param string $baseUri Repo base uri for requests * * @since __DEPLOY_VERSION__ */ - public function __construct(Http $client, string $metadataPrefix, string $targetsPrefix, $baseUri) + public function __construct(Http $client, string $metadataPrefix, string $targetsPrefix, string $baseUri) { $this->client = $client; $this->metadataPrefix = $metadataPrefix; @@ -91,7 +92,7 @@ public static function createFromUri( string $metadataPrefix = '/metadata/', string $targetsPrefix = '/targets/' ): self { - $httpFactory = new HttpFactory(); + $httpFactory = new HttpFactory; $client = $httpFactory->getHttp([], 'curl'); return new static($client, $metadataPrefix, $targetsPrefix, $baseUri); @@ -100,8 +101,8 @@ public static function createFromUri( /** * Fetches a metadata file from the remote repo. * - * @param string $fileName The name of the metadata file to fetch. - * @param integer $maxBytes The maximum number of bytes to download. + * @param string $fileName The name of the metadata file to fetch. + * @param integer $maxBytes The maximum number of bytes to download. * * @return \GuzzleHttp\Promise\PromiseInterface A promise wrapping a StreamInterface instanfe */ @@ -113,8 +114,10 @@ public function fetchMetadata(string $fileName, int $maxBytes): PromiseInterface /** * Fetches a target file from the remote repo. * - * @param array $options (optional) Additional request options to pass to the http client - * @param string $url An arbitrary URL from which the target should be downloaded. + * @param string $fileName The name of the target to fetch. + * @param integer $maxBytes The maximum number of bytes to download. + * @param array $options (optional) Additional request options to pass to the http client + * @param string $url An arbitrary URL from which the target should be downloaded. * * @return PromiseInterface * @@ -127,6 +130,7 @@ public function fetchTarget( string $url = null ): PromiseInterface { $location = $url ?: $this->targetsPrefix . $fileName; + return $this->fetchFile($location, $maxBytes, $options); } @@ -151,7 +155,7 @@ protected function fetchFile(string $url, int $maxBytes, array $options = []): P if ($response->getStatusCode() === 404) { - throw new RepoFileNotFound(); + throw new RepoFileNotFound; } if ($response->getStatusCode() !== 200) From cd1eb5f3ce0036eff89c6a697044b01e10255373 Mon Sep 17 00:00:00 2001 From: David Jardin Date: Sun, 12 Jun 2022 13:38:06 +0200 Subject: [PATCH 43/56] fix baseuri usage --- libraries/src/TUF/HttpFileFetcher.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libraries/src/TUF/HttpFileFetcher.php b/libraries/src/TUF/HttpFileFetcher.php index 1a428f9f1a5..f325b787744 100644 --- a/libraries/src/TUF/HttpFileFetcher.php +++ b/libraries/src/TUF/HttpFileFetcher.php @@ -108,7 +108,7 @@ public static function createFromUri( */ public function fetchMetadata(string $fileName, int $maxBytes): PromiseInterface { - return $this->fetchFile($this->metadataPrefix . $fileName, $maxBytes); + return $this->fetchFile($this->baseUri . $this->metadataPrefix . $fileName, $maxBytes); } /** @@ -129,7 +129,7 @@ public function fetchTarget( array $options = [], string $url = null ): PromiseInterface { - $location = $url ?: $this->targetsPrefix . $fileName; + $location = $url ?: $this->baseUri . $this->targetsPrefix . $fileName; return $this->fetchFile($location, $maxBytes, $options); } @@ -150,7 +150,7 @@ protected function fetchFile(string $url, int $maxBytes, array $options = []): P $headers = (!empty($options['headers'])) ? $options['headers'] : []; /** @var Response $response */ - $response = $this->client->get($this->baseUri . $url, $headers); + $response = $this->client->get($url, $headers); $response->getBody()->rewind(); if ($response->getStatusCode() === 404) From 271c5446472f2f006f41f38eccb8bb783c87e132 Mon Sep 17 00:00:00 2001 From: Magnus Singer Date: Sun, 12 Jun 2022 13:50:03 +0200 Subject: [PATCH 44/56] remove unused import --- administrator/components/com_installer/src/Model/UpdateModel.php | 1 - 1 file changed, 1 deletion(-) diff --git a/administrator/components/com_installer/src/Model/UpdateModel.php b/administrator/components/com_installer/src/Model/UpdateModel.php index deebdf75a1b..405b1255bbc 100644 --- a/administrator/components/com_installer/src/Model/UpdateModel.php +++ b/administrator/components/com_installer/src/Model/UpdateModel.php @@ -28,7 +28,6 @@ use Joomla\Database\Exception\ExecutionFailureException; use Joomla\Database\ParameterType; use Joomla\Utilities\ArrayHelper; -use Symfony\Component\OptionsResolver\Exception\NoSuchOptionException; /** * Installer Update Model From b28fc9319667129db76d04e24a74cb62f76b8521 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20Nu=CC=88bel?= Date: Sun, 12 Jun 2022 14:15:45 +0200 Subject: [PATCH 45/56] implement HttpFileFetcher --- composer.lock | 8 ++++---- libraries/src/TUF/TufValidation.php | 2 +- libraries/src/Updater/Adapter/TufAdapter.php | 3 +-- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/composer.lock b/composer.lock index f5518f1f0ab..8f0517ac845 100644 --- a/composer.lock +++ b/composer.lock @@ -2966,12 +2966,12 @@ "source": { "type": "git", "url": "https://github.com/joomla-projects/php-tuf.git", - "reference": "2d71b4039686196adab273c59d1fd4ea4468e511" + "reference": "9f4725a4a95ee1c2833140144c3b681778aa0bde" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/joomla-projects/php-tuf/zipball/2d71b4039686196adab273c59d1fd4ea4468e511", - "reference": "2d71b4039686196adab273c59d1fd4ea4468e511", + "url": "https://api.github.com/repos/joomla-projects/php-tuf/zipball/9f4725a4a95ee1c2833140144c3b681778aa0bde", + "reference": "9f4725a4a95ee1c2833140144c3b681778aa0bde", "shasum": "" }, "require": { @@ -3021,7 +3021,7 @@ "MIT" ], "description": "PHP implementation of The Update Framework (TUF)", - "time": "2022-06-12T09:53:53+00:00" + "time": "2022-06-12T12:05:25+00:00" }, { "name": "phpmailer/phpmailer", diff --git a/libraries/src/TUF/TufValidation.php b/libraries/src/TUF/TufValidation.php index 42ff8494980..4c2203df78b 100644 --- a/libraries/src/TUF/TufValidation.php +++ b/libraries/src/TUF/TufValidation.php @@ -15,7 +15,7 @@ use Symfony\Component\OptionsResolver\Exception\UndefinedOptionsException; use Symfony\Component\OptionsResolver\OptionsResolver; use Tuf\Client\GuzzleFileFetcher; -use Tuf\Client\HttpFileFetcher; +use Joomla\CMS\TUF\HttpFileFetcher; use Tuf\Client\Updater; use Tuf\Exception\Attack\FreezeAttackException; use Tuf\Exception\Attack\RollbackAttackException; diff --git a/libraries/src/Updater/Adapter/TufAdapter.php b/libraries/src/Updater/Adapter/TufAdapter.php index 8ddd45d0459..9500d1d9060 100644 --- a/libraries/src/Updater/Adapter/TufAdapter.php +++ b/libraries/src/Updater/Adapter/TufAdapter.php @@ -133,7 +133,6 @@ public function getUpdateTargets($options) } } - if (isset($values['client']) && is_string($values['client']) && key_exists(strtolower($values['client']), $this->clientId)) { @@ -199,7 +198,7 @@ protected function configureUpdateOptions(OptionsResolver $resolver) 'targetplatform' => new \StdClass, 'php_minimum' => null, 'supported_databases' => new \StdClass, - 'stability' => null + 'stability' => '' ] ) ->setAllowedTypes('version', 'string') From ff330d3a68bc44dae4603b20806bda60a42e52e0 Mon Sep 17 00:00:00 2001 From: Tobias Zulauf Date: Sun, 12 Jun 2022 14:19:43 +0200 Subject: [PATCH 46/56] Update TufAdapter.php --- libraries/src/Updater/Adapter/TufAdapter.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/src/Updater/Adapter/TufAdapter.php b/libraries/src/Updater/Adapter/TufAdapter.php index 9500d1d9060..5e5ebb4942a 100644 --- a/libraries/src/Updater/Adapter/TufAdapter.php +++ b/libraries/src/Updater/Adapter/TufAdapter.php @@ -3,7 +3,7 @@ * Joomla! Content Management System * * @copyright (C) 2022 Open Source Matters, Inc. - * @license GNU General Public License version 2 or later; see LICENSE.txt + * @license GNU General Public License version 2 or later; see LICENSE.txt */ namespace Joomla\CMS\Updater\Adapter; From a4d8b4782468ca667ba77c641045f3e0023af27f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20Nu=CC=88bel?= Date: Sun, 12 Jun 2022 14:24:47 +0200 Subject: [PATCH 47/56] remove typehint for paramater to support php 7.2.5 --- libraries/src/TUF/DatabaseStorage.php | 10 +++++----- libraries/src/TUF/TufValidation.php | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/libraries/src/TUF/DatabaseStorage.php b/libraries/src/TUF/DatabaseStorage.php index d60cef604b5..926dc8be9f7 100644 --- a/libraries/src/TUF/DatabaseStorage.php +++ b/libraries/src/TUF/DatabaseStorage.php @@ -25,7 +25,7 @@ class DatabaseStorage implements \ArrayAccess * * @var Table */ - protected Table $table; + protected $table; /** * Initialize the DatabaseStorage class @@ -47,7 +47,7 @@ public function __construct(DatabaseDriver $db, int $extensionId) * * @return boolean */ - public function offsetExists(mixed $offset): bool + public function offsetExists($offset): bool { $column = $this->getCleanColumn($offset); @@ -61,7 +61,7 @@ public function offsetExists(mixed $offset): bool * * @return boolean */ - public function tableColumnExists(mixed $offset): bool + public function tableColumnExists($offset): bool { $column = $this->getCleanColumn($offset); @@ -75,7 +75,7 @@ public function tableColumnExists(mixed $offset): bool * * @return mixed */ - public function offsetGet($offset): mixed + public function offsetGet($offset) { if (!$this->offsetExists($offset)) { @@ -95,7 +95,7 @@ public function offsetGet($offset): mixed * * @return void */ - public function offsetSet($offset, $value): void + public function offsetSet($offset, $value) { if (!$this->tableColumnExists($offset)) { diff --git a/libraries/src/TUF/TufValidation.php b/libraries/src/TUF/TufValidation.php index 4c2203df78b..4214690f6d4 100644 --- a/libraries/src/TUF/TufValidation.php +++ b/libraries/src/TUF/TufValidation.php @@ -35,7 +35,7 @@ class TufValidation * * @var integer */ - private int $extensionId; + private $extensionId; /** * The params of the validator @@ -50,7 +50,7 @@ class TufValidation * @param integer $extensionId The ID of the extension to be checked * @param mixed $params The parameters containing the Base-URI, the Metadata- and Targets-Path and mirrors for the update */ - public function __construct(int $extensionId, mixed $params) + public function __construct(int $extensionId, $params) { $this->extensionId = $extensionId; @@ -107,7 +107,7 @@ protected function configureTufOptions(OptionsResolver $resolver) * * @return mixed Returns the targets.json if the validation is successful, otherwise null */ - public function getValidUpdate(): mixed + public function getValidUpdate() { $db = Factory::getContainer()->get(DatabaseDriver::class); From 258a2901f019dc375aafc617993900c3d4124d50 Mon Sep 17 00:00:00 2001 From: Tobias Zulauf Date: Sun, 12 Jun 2022 14:26:29 +0200 Subject: [PATCH 48/56] Update ConstraintCheckerTest.php --- .../Libraries/Cms/Updater/ConstraintCheckerTest.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/Unit/Libraries/Cms/Updater/ConstraintCheckerTest.php b/tests/Unit/Libraries/Cms/Updater/ConstraintCheckerTest.php index 0a2439f3d61..85b32172e86 100644 --- a/tests/Unit/Libraries/Cms/Updater/ConstraintCheckerTest.php +++ b/tests/Unit/Libraries/Cms/Updater/ConstraintCheckerTest.php @@ -1,10 +1,10 @@ - * @license GNU General Public License version 2 or later; see LICENSE.txt + * @license GNU General Public License version 2 or later; see LICENSE.txt */ namespace Joomla\Tests\Unit\Libraries\Cms; @@ -18,14 +18,14 @@ * Test class for Version. * * @package Joomla.UnitTest - * @subpackage Version + * @subpackage Updater * @since __DEPLOY_VERSION__ */ class ConstraintCheckerTest extends UnitTestCase { /** * @var ConstraintChecker - * @since 3.0 + * @since __DEPLOY_VERSION__ */ protected $checker; From cf6c1a38dd6e1160635e005ae04788e0a8022276 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20Nu=CC=88bel?= Date: Sun, 12 Jun 2022 14:27:26 +0200 Subject: [PATCH 49/56] remove whitespace --- libraries/src/TUF/DatabaseStorage.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/src/TUF/DatabaseStorage.php b/libraries/src/TUF/DatabaseStorage.php index 926dc8be9f7..27a11d6cdeb 100644 --- a/libraries/src/TUF/DatabaseStorage.php +++ b/libraries/src/TUF/DatabaseStorage.php @@ -25,7 +25,7 @@ class DatabaseStorage implements \ArrayAccess * * @var Table */ - protected $table; + protected $table; /** * Initialize the DatabaseStorage class From c5c8f422b8de178166ebd4dc51ada0ef0a2f56ce Mon Sep 17 00:00:00 2001 From: Tobias Zulauf Date: Sun, 12 Jun 2022 14:28:34 +0200 Subject: [PATCH 50/56] Update ConstraintChecker.php --- libraries/src/Updater/ConstraintChecker.php | 54 ++++++++++----------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/libraries/src/Updater/ConstraintChecker.php b/libraries/src/Updater/ConstraintChecker.php index 92664fae510..8a2a1f438c2 100644 --- a/libraries/src/Updater/ConstraintChecker.php +++ b/libraries/src/Updater/ConstraintChecker.php @@ -28,7 +28,7 @@ class ConstraintChecker * * @param array $constraints The provided constraints to be checked * - * @return bool + * @return boolean * * @since __DEPLOY_VERSION__ */ @@ -46,19 +46,19 @@ public function check(array $constraints) return false; } - // Check php_minimum + // Check php_minimumm, assume true when not set if (isset($constraints['php_minimum']) && !$this->checkPhpMinimum($constraints['php_minimum'])) { return false; } - // Check supported databases + // Check supported databases, assume true when not set if (isset($constraints['supported_databases']) && !$this->checkSupportedDatabases($constraints['supported_databases'])) { return false; } - // Check stability + // Check stability, assume true when not set if (isset($constraints['stability']) && !$this->checkStability($constraints['stability'])) { return false; @@ -72,7 +72,7 @@ public function check(array $constraints) * * @param object $targetPlatform * - * @return bool + * @return boolean * * @since __DEPLOY_VERSION__ */ @@ -96,7 +96,7 @@ protected function checkTargetplatform(\stdClass $targetPlatform) * * @param string $phpMinimum The minimum php version to check * - * @return bool + * @return boolean * * @since __DEPLOY_VERSION__ */ @@ -111,37 +111,37 @@ protected function checkPhpMinimum(string $phpMinimum) * * @param object $supportedDatabases stdClass of supported databases and versions * - * @return bool + * @return boolean * * @since __DEPLOY_VERSION__ */ protected function checkSupportedDatabases(\stdClass $supportedDatabases) { - $db = Factory::getDbo(); - $dbType = strtolower($db->getServerType()); - $dbVersion = $db->getVersion(); + $db = Factory::getDbo(); + $dbType = strtolower($db->getServerType()); + $dbVersion = $db->getVersion(); - // MySQL and MariaDB use the same database driver but not the same version numbers - if ($dbType === 'mysql') + // MySQL and MariaDB use the same database driver but not the same version numbers + if ($dbType === 'mysql') + { + // Check whether we have a MariaDB version string and extract the proper version from it + if (stripos($dbVersion, 'mariadb') !== false) { - // Check whether we have a MariaDB version string and extract the proper version from it - if (stripos($dbVersion, 'mariadb') !== false) - { - // MariaDB: Strip off any leading '5.5.5-', if present - $dbVersion = preg_replace('/^5\.5\.5-/', '', $dbVersion); - $dbType = 'mariadb'; - } + // MariaDB: Strip off any leading '5.5.5-', if present + $dbVersion = preg_replace('/^5\.5\.5-/', '', $dbVersion); + $dbType = 'mariadb'; } + } - // Do we have an entry for the database? - if (\property_exists($supportedDatabases, $dbType)) - { - $minimumVersion = $supportedDatabases->$dbType; + // Do we have an entry for the database? + if (\property_exists($supportedDatabases, $dbType)) + { + $minimumVersion = $supportedDatabases->$dbType; - return version_compare($dbVersion, $minimumVersion, '>='); - } + return version_compare($dbVersion, $minimumVersion, '>='); + } - return false; + return false; } /** @@ -149,7 +149,7 @@ protected function checkSupportedDatabases(\stdClass $supportedDatabases) * * @param string $stability Stability to check * - * @return bool + * @return boolean * * @since __DEPLOY_VERSION__ */ From 5f175afc04d3634842db6d28f2eb72e88bbcc390 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20N=C3=BCbel?= Date: Sun, 12 Jun 2022 14:31:56 +0200 Subject: [PATCH 51/56] Apply suggestions from code review Co-authored-by: Tobias Zulauf --- .../com_installer/src/Model/UpdateModel.php | 2 +- libraries/src/Updater/Adapter/TufAdapter.php | 7 +++++++ libraries/src/Updater/ConstraintChecker.php | 11 +++++++---- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/administrator/components/com_installer/src/Model/UpdateModel.php b/administrator/components/com_installer/src/Model/UpdateModel.php index df36a454743..da5b2d76149 100644 --- a/administrator/components/com_installer/src/Model/UpdateModel.php +++ b/administrator/components/com_installer/src/Model/UpdateModel.php @@ -362,7 +362,7 @@ public function update($uids, $minimumStability = Updater::STABILITY_STABLE) } // TODO Load Type based on #__updates_site.type - // if type tuf loadFromTuf + // If type tuf loadFromTuf $update->loadFromXml($instance->detailsurl, $minimumStability); // Find and use extra_query from update_site if available diff --git a/libraries/src/Updater/Adapter/TufAdapter.php b/libraries/src/Updater/Adapter/TufAdapter.php index 5e5ebb4942a..bcc72a653fe 100644 --- a/libraries/src/Updater/Adapter/TufAdapter.php +++ b/libraries/src/Updater/Adapter/TufAdapter.php @@ -30,6 +30,11 @@ */ class TufAdapter extends UpdateAdapter { + /** + * The client ID mapping array + * + * @var array + */ private $clientId = [ 'site' => 0, 'administrator' => 1, @@ -180,6 +185,8 @@ public function getUpdateTargets($options) * @param OptionsResolver $resolver The OptionsResolver for the params * * @return void + * + * @since __DEPLOY_VERSION__ */ protected function configureUpdateOptions(OptionsResolver $resolver) { diff --git a/libraries/src/Updater/ConstraintChecker.php b/libraries/src/Updater/ConstraintChecker.php index 8a2a1f438c2..d49fbbeb551 100644 --- a/libraries/src/Updater/ConstraintChecker.php +++ b/libraries/src/Updater/ConstraintChecker.php @@ -47,19 +47,22 @@ public function check(array $constraints) } // Check php_minimumm, assume true when not set - if (isset($constraints['php_minimum']) && !$this->checkPhpMinimum($constraints['php_minimum'])) + if (isset($constraints['php_minimum']) + && !$this->checkPhpMinimum($constraints['php_minimum'])) { return false; } // Check supported databases, assume true when not set - if (isset($constraints['supported_databases']) && !$this->checkSupportedDatabases($constraints['supported_databases'])) + if (isset($constraints['supported_databases']) + && !$this->checkSupportedDatabases($constraints['supported_databases'])) { return false; } // Check stability, assume true when not set - if (isset($constraints['stability']) && !$this->checkStability($constraints['stability'])) + if (isset($constraints['stability']) + && !$this->checkStability($constraints['stability'])) { return false; } @@ -102,7 +105,7 @@ protected function checkTargetplatform(\stdClass $targetPlatform) */ protected function checkPhpMinimum(string $phpMinimum) { - // Check if PHP version supported via tag, assume true if tag isn't present + // Check if PHP version supported via tag return version_compare(PHP_VERSION, $phpMinimum, '>='); } From 52b59d34c6706656c8a9cdafc294bd5a3e432939 Mon Sep 17 00:00:00 2001 From: Magnus Singer Date: Sat, 17 Sep 2022 17:34:33 +0200 Subject: [PATCH 52/56] TufValidation add quoteName on delete query (#13) --- libraries/src/TUF/TufValidation.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/src/TUF/TufValidation.php b/libraries/src/TUF/TufValidation.php index 4214690f6d4..1dfc1d0d9ff 100644 --- a/libraries/src/TUF/TufValidation.php +++ b/libraries/src/TUF/TufValidation.php @@ -134,7 +134,7 @@ public function getValidUpdate() // When the validation fails, for example when one file is written but the others don't, we roll back everything // and cancel the update $query = $db->getQuery(true) - ->delete('#__tuf_metadata') + ->delete($db->quoteName('#__tuf_metadata')) ->columns(['snapshot_json', 'targets_json', 'timestamp_json']); $db->setQuery($query); From d6bb842afdcb7a2d738d103d63f965705a3d2726 Mon Sep 17 00:00:00 2001 From: Franciska Perisa <9084265+fancyFranci@users.noreply.github.com> Date: Sat, 17 Sep 2022 19:31:39 +0200 Subject: [PATCH 53/56] Convert to PSR12 code style (#15) --- .../com_installer/src/Model/UpdateModel.php | 1227 ++++++++--------- libraries/src/TUF/DatabaseStorage.php | 240 ++-- .../TUF/Exception/RoleNotFoundException.php | 1 + libraries/src/TUF/HttpFileFetcher.php | 331 +++-- libraries/src/TUF/TufValidation.php | 218 ++- libraries/src/Table/Tuf.php | 23 +- libraries/src/Updater/Adapter/TufAdapter.php | 381 +++-- libraries/src/Updater/ConstraintChecker.php | 334 +++-- .../Libraries/Cms/TUF/HttpFileFetcherTest.php | 415 +++--- .../Cms/Updater/ConstraintCheckerTest.php | 375 ++--- 10 files changed, 1731 insertions(+), 1814 deletions(-) diff --git a/administrator/components/com_installer/src/Model/UpdateModel.php b/administrator/components/com_installer/src/Model/UpdateModel.php index 405b1255bbc..1916668733d 100644 --- a/administrator/components/com_installer/src/Model/UpdateModel.php +++ b/administrator/components/com_installer/src/Model/UpdateModel.php @@ -1,4 +1,5 @@ setState('filter.search', $this->getUserStateFromRequest($this->context . '.filter.search', 'filter_search', '', 'string')); - $this->setState('filter.client_id', $this->getUserStateFromRequest($this->context . '.filter.client_id', 'filter_client_id', null, 'int')); - $this->setState('filter.type', $this->getUserStateFromRequest($this->context . '.filter.type', 'filter_type', '', 'string')); - $this->setState('filter.folder', $this->getUserStateFromRequest($this->context . '.filter.folder', 'filter_folder', '', 'string')); - - $app = Factory::getApplication(); - $this->setState('message', $app->getUserState('com_installer.message')); - $this->setState('extension_message', $app->getUserState('com_installer.extension_message')); - $app->setUserState('com_installer.message', ''); - $app->setUserState('com_installer.extension_message', ''); - - parent::populateState($ordering, $direction); - } - - /** - * Method to get the database query - * - * @return \Joomla\Database\DatabaseQuery The database query - * - * @since 1.6 - */ - protected function getListQuery() - { - $db = $this->getDatabase(); - - // Grab updates ignoring new installs - $query = $db->getQuery(true) - ->select('u.*') - ->select($db->quoteName('e.manifest_cache')) - ->from($db->quoteName('#__updates', 'u')) - ->join( - 'LEFT', - $db->quoteName('#__extensions', 'e'), - $db->quoteName('e.extension_id') . ' = ' . $db->quoteName('u.extension_id') - ) - ->where($db->quoteName('u.extension_id') . ' != 0'); - - // Process select filters. - $clientId = $this->getState('filter.client_id'); - $type = $this->getState('filter.type'); - $folder = $this->getState('filter.folder'); - $extensionId = $this->getState('filter.extension_id'); - - if ($type) - { - $query->where($db->quoteName('u.type') . ' = :type') - ->bind(':type', $type); - } - - if ($clientId != '') - { - $clientId = (int) $clientId; - $query->where($db->quoteName('u.client_id') . ' = :clientid') - ->bind(':clientid', $clientId, ParameterType::INTEGER); - } - - if ($folder != '' && in_array($type, array('plugin', 'library', ''))) - { - $folder = $folder === '*' ? '' : $folder; - $query->where($db->quoteName('u.folder') . ' = :folder') - ->bind(':folder', $folder); - } - - if ($extensionId) - { - $extensionId = (int) $extensionId; - $query->where($db->quoteName('u.extension_id') . ' = :extensionid') - ->bind(':extensionid', $extensionId, ParameterType::INTEGER); - } - else - { - $eid = ExtensionHelper::getExtensionRecord('joomla', 'file')->extension_id; - $query->where($db->quoteName('u.extension_id') . ' != 0') - ->where($db->quoteName('u.extension_id') . ' != :eid') - ->bind(':eid', $eid, ParameterType::INTEGER); - } - - // Process search filter. - $search = $this->getState('filter.search'); - - if (!empty($search)) - { - if (stripos($search, 'eid:') !== false) - { - $sid = (int) substr($search, 4); - $query->where($db->quoteName('u.extension_id') . ' = :sid') - ->bind(':sid', $sid, ParameterType::INTEGER); - } - else - { - if (stripos($search, 'uid:') !== false) - { - $suid = (int) substr($search, 4); - $query->where($db->quoteName('u.update_site_id') . ' = :suid') - ->bind(':suid', $suid, ParameterType::INTEGER); - } - elseif (stripos($search, 'id:') !== false) - { - $uid = (int) substr($search, 3); - $query->where($db->quoteName('u.update_id') . ' = :uid') - ->bind(':uid', $uid, ParameterType::INTEGER); - } - else - { - $search = '%' . str_replace(' ', '%', trim($search)) . '%'; - $query->where($db->quoteName('u.name') . ' LIKE :search') - ->bind(':search', $search); - } - } - } - - return $query; - } - - /** - * Translate a list of objects - * - * @param array $items The array of objects - * - * @return array The array of translated objects - * - * @since 3.5 - */ - protected function translate(&$items) - { - foreach ($items as &$item) - { - $item->client_translated = Text::_([0 => 'JSITE', 1 => 'JADMINISTRATOR', 3 => 'JAPI'][$item->client_id] ?? 'JSITE'); - $manifest = json_decode($item->manifest_cache); - $item->current_version = $manifest->version ?? Text::_('JLIB_UNKNOWN'); - $item->description = $item->description !== '' ? $item->description : Text::_('COM_INSTALLER_MSG_UPDATE_NODESC'); - $item->type_translated = Text::_('COM_INSTALLER_TYPE_' . strtoupper($item->type)); - $item->folder_translated = $item->folder ?: Text::_('COM_INSTALLER_TYPE_NONAPPLICABLE'); - $item->install_type = $item->extension_id ? Text::_('COM_INSTALLER_MSG_UPDATE_UPDATE') : Text::_('COM_INSTALLER_NEW_INSTALL'); - } - - return $items; - } - - /** - * Returns an object list - * - * @param DatabaseQuery $query The query - * @param int $limitstart Offset - * @param int $limit The number of records - * - * @return array - * - * @since 3.5 - */ - protected function _getList($query, $limitstart = 0, $limit = 0) - { - $db = $this->getDatabase(); - $listOrder = $this->getState('list.ordering', 'u.name'); - $listDirn = $this->getState('list.direction', 'asc'); - - // Process ordering. - if (in_array($listOrder, array('client_translated', 'folder_translated', 'type_translated'))) - { - $db->setQuery($query); - $result = $db->loadObjectList(); - $this->translate($result); - $result = ArrayHelper::sortObjects($result, $listOrder, strtolower($listDirn) === 'desc' ? -1 : 1, true, true); - $total = count($result); - - if ($total < $limitstart) - { - $limitstart = 0; - $this->setState('list.start', 0); - } - - return array_slice($result, $limitstart, $limit ?: null); - } - else - { - $query->order($db->quoteName($listOrder) . ' ' . $db->escape($listDirn)); - - $result = parent::_getList($query, $limitstart, $limit); - $this->translate($result); - - return $result; - } - } - - /** - * Get the count of disabled update sites - * - * @return integer - * - * @since 3.4 - */ - public function getDisabledUpdateSites() - { - $db = $this->getDatabase(); - - $query = $db->getQuery(true) - ->select('COUNT(*)') - ->from($db->quoteName('#__update_sites')) - ->where($db->quoteName('enabled') . ' = 0'); - - $db->setQuery($query); - - return $db->loadResult(); - } - - /** - * Finds updates for an extension. - * - * @param int $eid Extension identifier to look for - * @param int $cacheTimeout Cache timeout - * @param int $minimumStability Minimum stability for updates {@see Updater} (0=dev, 1=alpha, 2=beta, 3=rc, 4=stable) - * - * @return boolean Result - * - * @since 1.6 - */ - public function findUpdates($eid = 0, $cacheTimeout = 0, $minimumStability = Updater::STABILITY_STABLE) - { - Updater::getInstance()->findUpdates($eid, $cacheTimeout, $minimumStability); - - return true; - } - - /** - * Removes all of the updates from the table. - * - * @return boolean result of operation - * - * @since 1.6 - */ - public function purge() - { - $db = $this->getDatabase(); - - try - { - $db->truncateTable('#__updates'); - } - catch (ExecutionFailureException $e) - { - $this->_message = Text::_('JLIB_INSTALLER_FAILED_TO_PURGE_UPDATES'); - - return false; - } - - // Reset the last update check timestamp - $query = $db->getQuery(true) - ->update($db->quoteName('#__update_sites')) - ->set($db->quoteName('last_check_timestamp') . ' = ' . $db->quote(0)); - $db->setQuery($query); - $db->execute(); - - // Clear the administrator cache - $this->cleanCache('_system'); - - $this->_message = Text::_('JLIB_INSTALLER_PURGED_UPDATES'); - - return true; - } - - /** - * Update function. - * - * Sets the "result" state with the result of the operation. - * - * @param int[] $uids List of updates to apply - * @param int $minimumStability The minimum allowed stability for installed updates {@see Updater} - * - * @return void - * - * @since 1.6 - */ - public function update($uids, $minimumStability = Updater::STABILITY_STABLE) - { - $result = true; - - foreach ($uids as $uid) - { - $update = new Update; - $instance = new \Joomla\CMS\Table\Update($this->getDatabase()); - - if (!$instance->load($uid)) - { - // Update no longer available, maybe already updated by a package. - continue; - } - - $app = Factory::getApplication(); - $db = Factory::getContainer()->get(DatabaseDriver::class); - $query = $db->getQuery(true) - ->select('type') - ->from('#__update_sites') - ->where($db->quoteName('id') . ' = :id') - ->bind(':id', $instance->update_site_id, ParameterType::INTEGER); - $db->setQuery($query); - $updateSiteType = (string) $db->loadObject(); - - if ($updateSiteType == 'tuf') - { - $app->enqueueMessage(Text::_('JLIB_INSTALLER_TUF_NOT_AVAILABLE'), 'error'); - - return; - } - else - { - $update->loadFromXml($instance->detailsurl, $minimumStability); - } - - // Find and use extra_query from update_site if available - $updateSiteInstance = new \Joomla\CMS\Table\UpdateSite($this->getDatabase()); - $updateSiteInstance->load($instance->update_site_id); - - if ($updateSiteInstance->extra_query) - { - $update->set('extra_query', $updateSiteInstance->extra_query); - } - - $this->preparePreUpdate($update, $instance); - - // Install sets state and enqueues messages - $res = $this->install($update); - - if ($res) - { - $instance->delete($uid); - } - - $result = $res & $result; - } - - // Clear the cached extension data and menu cache - $this->cleanCache('_system'); - $this->cleanCache('com_modules'); - $this->cleanCache('com_plugins'); - $this->cleanCache('mod_menu'); - - // Set the final state - $this->setState('result', $result); - } - - /** - * Handles the actual update installation. - * - * @param Update $update An update definition - * - * @return boolean Result of install - * - * @since 1.6 - */ - private function install($update) - { - // Load overrides plugin. - PluginHelper::importPlugin('installer'); - - $app = Factory::getApplication(); - - if (!isset($update->get('downloadurl')->_data)) - { - Factory::getApplication()->enqueueMessage(Text::_('COM_INSTALLER_INVALID_EXTENSION_UPDATE'), 'error'); - - return false; - } - - $url = trim($update->downloadurl->_data); - $sources = $update->get('downloadSources', array()); - - if ($extra_query = $update->get('extra_query')) - { - $url .= (strpos($url, '?') === false) ? '?' : '&'; - $url .= $extra_query; - } - - $mirror = 0; - - while (!($p_file = InstallerHelper::downloadPackage($url)) && isset($sources[$mirror])) - { - $name = $sources[$mirror]; - $url = trim($name->url); - - if ($extra_query) - { - $url .= (strpos($url, '?') === false) ? '?' : '&'; - $url .= $extra_query; - } - - $mirror++; - } - - // Was the package downloaded? - if (!$p_file) - { - Factory::getApplication()->enqueueMessage(Text::sprintf('COM_INSTALLER_PACKAGE_DOWNLOAD_FAILED', $url), 'error'); - - return false; - } - - $config = $app->getConfig(); - $tmp_dest = $config->get('tmp_path'); - - // Unpack the downloaded package file - $package = InstallerHelper::unpack($tmp_dest . '/' . $p_file); - - if (empty($package)) - { - $app->enqueueMessage(Text::sprintf('COM_INSTALLER_UNPACK_ERROR', $p_file), 'error'); - - return false; - } - - // Get an installer instance - $installer = Installer::getInstance(); - $update->set('type', $package['type']); - - // Check the package - $check = InstallerHelper::isChecksumValid($package['packagefile'], $update); - - if ($check === InstallerHelper::HASH_NOT_VALIDATED) - { - $app->enqueueMessage(Text::_('COM_INSTALLER_INSTALL_CHECKSUM_WRONG'), 'error'); - - return false; - } - - if ($check === InstallerHelper::HASH_NOT_PROVIDED) - { - $app->enqueueMessage(Text::_('COM_INSTALLER_INSTALL_CHECKSUM_WARNING'), 'warning'); - } - - // Install the package - if (!$installer->update($package['dir'])) - { - // There was an error updating the package - $app->enqueueMessage( - Text::sprintf('COM_INSTALLER_MSG_UPDATE_ERROR', - Text::_('COM_INSTALLER_TYPE_TYPE_' . strtoupper($package['type'])) - ), 'error' - ); - $result = false; - } - else - { - // Package updated successfully - $app->enqueueMessage( - Text::sprintf('COM_INSTALLER_MSG_UPDATE_SUCCESS', - Text::_('COM_INSTALLER_TYPE_TYPE_' . strtoupper($package['type'])) - ), 'success' - ); - $result = true; - } - - // Quick change - $this->type = $package['type']; - - // @todo: Reconfigure this code when you have more battery life left - $this->setState('name', $installer->get('name')); - $this->setState('result', $result); - $app->setUserState('com_installer.message', $installer->message); - $app->setUserState('com_installer.extension_message', $installer->get('extension_message')); - - // Cleanup the install files - if (!is_file($package['packagefile'])) - { - $package['packagefile'] = $config->get('tmp_path') . '/' . $package['packagefile']; - } - - InstallerHelper::cleanupInstall($package['packagefile'], $package['extractdir']); - - return $result; - } - - /** - * Method to get the row form. - * - * @param array $data Data for the form. - * @param boolean $loadData True if the form is to load its own data (default case), false if not. - * - * @return Form|bool A Form object on success, false on failure - * - * @since 2.5.2 - */ - public function getForm($data = array(), $loadData = true) - { - // Get the form. - Form::addFormPath(JPATH_COMPONENT . '/models/forms'); - Form::addFieldPath(JPATH_COMPONENT . '/models/fields'); - $form = Form::getInstance('com_installer.update', 'update', array('load_data' => $loadData)); - - // Check for an error. - if ($form == false) - { - $this->setError($form->getMessage()); - - return false; - } - - // Check the session for previously entered form data. - $data = $this->loadFormData(); - - // Bind the form data if present. - if (!empty($data)) - { - $form->bind($data); - } - - return $form; - } - - /** - * Method to get the data that should be injected in the form. - * - * @return mixed The data for the form. - * - * @since 2.5.2 - */ - protected function loadFormData() - { - // Check the session for previously entered form data. - $data = Factory::getApplication()->getUserState($this->context, array()); - - return $data; - } - - /** - * Method to add parameters to the update - * - * @param Update $update An update definition - * @param \Joomla\CMS\Table\Update $table The update instance from the database - * - * @return void - * - * @since 3.7.0 - */ - protected function preparePreUpdate($update, $table) - { - switch ($table->type) - { - // Components could have a helper which adds additional data - case 'component': - $ename = str_replace('com_', '', $table->element); - $fname = $ename . '.php'; - $cname = ucfirst($ename) . 'Helper'; - - $path = JPATH_ADMINISTRATOR . '/components/' . $table->element . '/helpers/' . $fname; - - if (File::exists($path)) - { - require_once $path; - - if (class_exists($cname) && is_callable(array($cname, 'prepareUpdate'))) - { - call_user_func_array(array($cname, 'prepareUpdate'), array(&$update, &$table)); - } - } - - break; - - // Modules could have a helper which adds additional data - case 'module': - $cname = str_replace('_', '', $table->element) . 'Helper'; - $path = ($table->client_id ? JPATH_ADMINISTRATOR : JPATH_SITE) . '/modules/' . $table->element . '/helper.php'; - - if (File::exists($path)) - { - require_once $path; - - if (class_exists($cname) && is_callable(array($cname, 'prepareUpdate'))) - { - call_user_func_array(array($cname, 'prepareUpdate'), array(&$update, &$table)); - } - } - - break; - - // If we have a plugin, we can use the plugin trigger "onInstallerBeforePackageDownload" - // But we should make sure, that our plugin is loaded, so we don't need a second "installer" plugin - case 'plugin': - $cname = str_replace('plg_', '', $table->element); - PluginHelper::importPlugin($table->folder, $cname); - break; - } - } - - /** - * Manipulate the query to be used to evaluate if this is an Empty State to provide specific conditions for this extension. - * - * @return DatabaseQuery - * - * @since 4.0.0 - */ - protected function getEmptyStateQuery() - { - $query = parent::getEmptyStateQuery(); - - $query->where($this->_db->quoteName('extension_id') . ' != 0'); - - return $query; - } + /** + * Constructor. + * + * @param array $config An optional associative array of configuration settings. + * @param MVCFactoryInterface $factory The factory. + * + * @see \Joomla\CMS\MVC\Model\ListModel + * @since 1.6 + */ + public function __construct($config = array(), MVCFactoryInterface $factory = null) + { + if (empty($config['filter_fields'])) { + $config['filter_fields'] = array( + 'name', 'u.name', + 'client_id', 'u.client_id', 'client_translated', + 'type', 'u.type', 'type_translated', + 'folder', 'u.folder', 'folder_translated', + 'extension_id', 'u.extension_id', + ); + } + + parent::__construct($config, $factory); + } + + /** + * Method to auto-populate the model state. + * + * Note. Calling getState in this method will result in recursion. + * + * @param string $ordering An optional ordering field. + * @param string $direction An optional direction (asc|desc). + * + * @return void + * + * @since 1.6 + */ + protected function populateState($ordering = 'u.name', $direction = 'asc') + { + $this->setState('filter.search', $this->getUserStateFromRequest($this->context . '.filter.search', 'filter_search', '', 'string')); + $this->setState('filter.client_id', $this->getUserStateFromRequest($this->context . '.filter.client_id', 'filter_client_id', null, 'int')); + $this->setState('filter.type', $this->getUserStateFromRequest($this->context . '.filter.type', 'filter_type', '', 'string')); + $this->setState('filter.folder', $this->getUserStateFromRequest($this->context . '.filter.folder', 'filter_folder', '', 'string')); + + $app = Factory::getApplication(); + $this->setState('message', $app->getUserState('com_installer.message')); + $this->setState('extension_message', $app->getUserState('com_installer.extension_message')); + $app->setUserState('com_installer.message', ''); + $app->setUserState('com_installer.extension_message', ''); + + parent::populateState($ordering, $direction); + } + + /** + * Method to get the database query + * + * @return \Joomla\Database\DatabaseQuery The database query + * + * @since 1.6 + */ + protected function getListQuery() + { + $db = $this->getDatabase(); + + // Grab updates ignoring new installs + $query = $db->getQuery(true) + ->select('u.*') + ->select($db->quoteName('e.manifest_cache')) + ->from($db->quoteName('#__updates', 'u')) + ->join( + 'LEFT', + $db->quoteName('#__extensions', 'e'), + $db->quoteName('e.extension_id') . ' = ' . $db->quoteName('u.extension_id') + ) + ->where($db->quoteName('u.extension_id') . ' != 0'); + + // Process select filters. + $clientId = $this->getState('filter.client_id'); + $type = $this->getState('filter.type'); + $folder = $this->getState('filter.folder'); + $extensionId = $this->getState('filter.extension_id'); + + if ($type) { + $query->where($db->quoteName('u.type') . ' = :type') + ->bind(':type', $type); + } + + if ($clientId != '') { + $clientId = (int) $clientId; + $query->where($db->quoteName('u.client_id') . ' = :clientid') + ->bind(':clientid', $clientId, ParameterType::INTEGER); + } + + if ($folder != '' && in_array($type, array('plugin', 'library', ''))) { + $folder = $folder === '*' ? '' : $folder; + $query->where($db->quoteName('u.folder') . ' = :folder') + ->bind(':folder', $folder); + } + + if ($extensionId) { + $extensionId = (int) $extensionId; + $query->where($db->quoteName('u.extension_id') . ' = :extensionid') + ->bind(':extensionid', $extensionId, ParameterType::INTEGER); + } else { + $eid = ExtensionHelper::getExtensionRecord('joomla', 'file')->extension_id; + $query->where($db->quoteName('u.extension_id') . ' != 0') + ->where($db->quoteName('u.extension_id') . ' != :eid') + ->bind(':eid', $eid, ParameterType::INTEGER); + } + + // Process search filter. + $search = $this->getState('filter.search'); + + if (!empty($search)) { + if (stripos($search, 'eid:') !== false) { + $sid = (int) substr($search, 4); + $query->where($db->quoteName('u.extension_id') . ' = :sid') + ->bind(':sid', $sid, ParameterType::INTEGER); + } else { + if (stripos($search, 'uid:') !== false) { + $suid = (int) substr($search, 4); + $query->where($db->quoteName('u.update_site_id') . ' = :suid') + ->bind(':suid', $suid, ParameterType::INTEGER); + } elseif (stripos($search, 'id:') !== false) { + $uid = (int) substr($search, 3); + $query->where($db->quoteName('u.update_id') . ' = :uid') + ->bind(':uid', $uid, ParameterType::INTEGER); + } else { + $search = '%' . str_replace(' ', '%', trim($search)) . '%'; + $query->where($db->quoteName('u.name') . ' LIKE :search') + ->bind(':search', $search); + } + } + } + + return $query; + } + + /** + * Translate a list of objects + * + * @param array $items The array of objects + * + * @return array The array of translated objects + * + * @since 3.5 + */ + protected function translate(&$items) + { + foreach ($items as &$item) { + $item->client_translated = Text::_([0 => 'JSITE', 1 => 'JADMINISTRATOR', 3 => 'JAPI'][$item->client_id] ?? 'JSITE'); + $manifest = json_decode($item->manifest_cache); + $item->current_version = $manifest->version ?? Text::_('JLIB_UNKNOWN'); + $item->description = $item->description !== '' ? $item->description : Text::_('COM_INSTALLER_MSG_UPDATE_NODESC'); + $item->type_translated = Text::_('COM_INSTALLER_TYPE_' . strtoupper($item->type)); + $item->folder_translated = $item->folder ?: Text::_('COM_INSTALLER_TYPE_NONAPPLICABLE'); + $item->install_type = $item->extension_id ? Text::_('COM_INSTALLER_MSG_UPDATE_UPDATE') : Text::_('COM_INSTALLER_NEW_INSTALL'); + } + + return $items; + } + + /** + * Returns an object list + * + * @param DatabaseQuery $query The query + * @param int $limitstart Offset + * @param int $limit The number of records + * + * @return array + * + * @since 3.5 + */ + protected function _getList($query, $limitstart = 0, $limit = 0) + { + $db = $this->getDatabase(); + $listOrder = $this->getState('list.ordering', 'u.name'); + $listDirn = $this->getState('list.direction', 'asc'); + + // Process ordering. + if (in_array($listOrder, array('client_translated', 'folder_translated', 'type_translated'))) { + $db->setQuery($query); + $result = $db->loadObjectList(); + $this->translate($result); + $result = ArrayHelper::sortObjects($result, $listOrder, strtolower($listDirn) === 'desc' ? -1 : 1, true, true); + $total = count($result); + + if ($total < $limitstart) { + $limitstart = 0; + $this->setState('list.start', 0); + } + + return array_slice($result, $limitstart, $limit ?: null); + } else { + $query->order($db->quoteName($listOrder) . ' ' . $db->escape($listDirn)); + + $result = parent::_getList($query, $limitstart, $limit); + $this->translate($result); + + return $result; + } + } + + /** + * Get the count of disabled update sites + * + * @return integer + * + * @since 3.4 + */ + public function getDisabledUpdateSites() + { + $db = $this->getDatabase(); + + $query = $db->getQuery(true) + ->select('COUNT(*)') + ->from($db->quoteName('#__update_sites')) + ->where($db->quoteName('enabled') . ' = 0'); + + $db->setQuery($query); + + return $db->loadResult(); + } + + /** + * Finds updates for an extension. + * + * @param int $eid Extension identifier to look for + * @param int $cacheTimeout Cache timeout + * @param int $minimumStability Minimum stability for updates {@see Updater} (0=dev, 1=alpha, 2=beta, 3=rc, 4=stable) + * + * @return boolean Result + * + * @since 1.6 + */ + public function findUpdates($eid = 0, $cacheTimeout = 0, $minimumStability = Updater::STABILITY_STABLE) + { + Updater::getInstance()->findUpdates($eid, $cacheTimeout, $minimumStability); + + return true; + } + + /** + * Removes all of the updates from the table. + * + * @return boolean result of operation + * + * @since 1.6 + */ + public function purge() + { + $db = $this->getDatabase(); + + try { + $db->truncateTable('#__updates'); + } catch (ExecutionFailureException $e) { + $this->_message = Text::_('JLIB_INSTALLER_FAILED_TO_PURGE_UPDATES'); + + return false; + } + + // Reset the last update check timestamp + $query = $db->getQuery(true) + ->update($db->quoteName('#__update_sites')) + ->set($db->quoteName('last_check_timestamp') . ' = ' . $db->quote(0)); + $db->setQuery($query); + $db->execute(); + + // Clear the administrator cache + $this->cleanCache('_system'); + + $this->_message = Text::_('JLIB_INSTALLER_PURGED_UPDATES'); + + return true; + } + + /** + * Update function. + * + * Sets the "result" state with the result of the operation. + * + * @param int[] $uids List of updates to apply + * @param int $minimumStability The minimum allowed stability for installed updates {@see Updater} + * + * @return void + * + * @since 1.6 + */ + public function update($uids, $minimumStability = Updater::STABILITY_STABLE) + { + $result = true; + + foreach ($uids as $uid) { + $update = new Update; + $instance = new \Joomla\CMS\Table\Update($this->getDatabase()); + + if (!$instance->load($uid)) { + // Update no longer available, maybe already updated by a package. + continue; + } + + $app = Factory::getApplication(); + $db = Factory::getContainer()->get(DatabaseDriver::class); + $query = $db->getQuery(true) + ->select('type') + ->from('#__update_sites') + ->where($db->quoteName('id') . ' = :id') + ->bind(':id', $instance->update_site_id, ParameterType::INTEGER); + $db->setQuery($query); + $updateSiteType = (string) $db->loadObject(); + + if ($updateSiteType == 'tuf') { + $app->enqueueMessage(Text::_('JLIB_INSTALLER_TUF_NOT_AVAILABLE'), 'error'); + + return; + } else { + $update->loadFromXml($instance->detailsurl, $minimumStability); + } + + // Find and use extra_query from update_site if available + $updateSiteInstance = new \Joomla\CMS\Table\UpdateSite($this->getDatabase()); + $updateSiteInstance->load($instance->update_site_id); + + if ($updateSiteInstance->extra_query) { + $update->set('extra_query', $updateSiteInstance->extra_query); + } + + $this->preparePreUpdate($update, $instance); + + // Install sets state and enqueues messages + $res = $this->install($update); + + if ($res) { + $instance->delete($uid); + } + + $result = $res & $result; + } + + // Clear the cached extension data and menu cache + $this->cleanCache('_system'); + $this->cleanCache('com_modules'); + $this->cleanCache('com_plugins'); + $this->cleanCache('mod_menu'); + + // Set the final state + $this->setState('result', $result); + } + + /** + * Handles the actual update installation. + * + * @param Update $update An update definition + * + * @return boolean Result of install + * + * @since 1.6 + */ + private function install($update) + { + // Load overrides plugin. + PluginHelper::importPlugin('installer'); + + $app = Factory::getApplication(); + + if (!isset($update->get('downloadurl')->_data)) { + Factory::getApplication()->enqueueMessage(Text::_('COM_INSTALLER_INVALID_EXTENSION_UPDATE'), 'error'); + + return false; + } + + $url = trim($update->downloadurl->_data); + $sources = $update->get('downloadSources', array()); + + if ($extra_query = $update->get('extra_query')) { + $url .= (strpos($url, '?') === false) ? '?' : '&'; + $url .= $extra_query; + } + + $mirror = 0; + + while (!($p_file = InstallerHelper::downloadPackage($url)) && isset($sources[$mirror])) { + $name = $sources[$mirror]; + $url = trim($name->url); + + if ($extra_query) { + $url .= (strpos($url, '?') === false) ? '?' : '&'; + $url .= $extra_query; + } + + $mirror++; + } + + // Was the package downloaded? + if (!$p_file) { + Factory::getApplication()->enqueueMessage(Text::sprintf('COM_INSTALLER_PACKAGE_DOWNLOAD_FAILED', $url), 'error'); + + return false; + } + + $config = $app->getConfig(); + $tmp_dest = $config->get('tmp_path'); + + // Unpack the downloaded package file + $package = InstallerHelper::unpack($tmp_dest . '/' . $p_file); + + if (empty($package)) { + $app->enqueueMessage(Text::sprintf('COM_INSTALLER_UNPACK_ERROR', $p_file), 'error'); + + return false; + } + + // Get an installer instance + $installer = Installer::getInstance(); + $update->set('type', $package['type']); + + // Check the package + $check = InstallerHelper::isChecksumValid($package['packagefile'], $update); + + if ($check === InstallerHelper::HASH_NOT_VALIDATED) { + $app->enqueueMessage(Text::_('COM_INSTALLER_INSTALL_CHECKSUM_WRONG'), 'error'); + + return false; + } + + if ($check === InstallerHelper::HASH_NOT_PROVIDED) { + $app->enqueueMessage(Text::_('COM_INSTALLER_INSTALL_CHECKSUM_WARNING'), 'warning'); + } + + // Install the package + if (!$installer->update($package['dir'])) { + // There was an error updating the package + $app->enqueueMessage( + Text::sprintf( + 'COM_INSTALLER_MSG_UPDATE_ERROR', + Text::_('COM_INSTALLER_TYPE_TYPE_' . strtoupper($package['type'])) + ), + 'error' + ); + $result = false; + } else { + // Package updated successfully + $app->enqueueMessage( + Text::sprintf( + 'COM_INSTALLER_MSG_UPDATE_SUCCESS', + Text::_('COM_INSTALLER_TYPE_TYPE_' . strtoupper($package['type'])) + ), + 'success' + ); + $result = true; + } + + // Quick change + $this->type = $package['type']; + + // @todo: Reconfigure this code when you have more battery life left + $this->setState('name', $installer->get('name')); + $this->setState('result', $result); + $app->setUserState('com_installer.message', $installer->message); + $app->setUserState('com_installer.extension_message', $installer->get('extension_message')); + + // Cleanup the install files + if (!is_file($package['packagefile'])) { + $package['packagefile'] = $config->get('tmp_path') . '/' . $package['packagefile']; + } + + InstallerHelper::cleanupInstall($package['packagefile'], $package['extractdir']); + + return $result; + } + + /** + * Method to get the row form. + * + * @param array $data Data for the form. + * @param boolean $loadData True if the form is to load its own data (default case), false if not. + * + * @return Form|bool A Form object on success, false on failure + * + * @since 2.5.2 + */ + public function getForm($data = array(), $loadData = true) + { + // Get the form. + Form::addFormPath(JPATH_COMPONENT . '/models/forms'); + Form::addFieldPath(JPATH_COMPONENT . '/models/fields'); + $form = Form::getInstance('com_installer.update', 'update', array('load_data' => $loadData)); + + // Check for an error. + if ($form == false) { + $this->setError($form->getMessage()); + + return false; + } + + // Check the session for previously entered form data. + $data = $this->loadFormData(); + + // Bind the form data if present. + if (!empty($data)) { + $form->bind($data); + } + + return $form; + } + + /** + * Method to get the data that should be injected in the form. + * + * @return mixed The data for the form. + * + * @since 2.5.2 + */ + protected function loadFormData() + { + // Check the session for previously entered form data. + $data = Factory::getApplication()->getUserState($this->context, array()); + + return $data; + } + + /** + * Method to add parameters to the update + * + * @param Update $update An update definition + * @param \Joomla\CMS\Table\Update $table The update instance from the database + * + * @return void + * + * @since 3.7.0 + */ + protected function preparePreUpdate($update, $table) + { + switch ($table->type) { + // Components could have a helper which adds additional data + case 'component': + $ename = str_replace('com_', '', $table->element); + $fname = $ename . '.php'; + $cname = ucfirst($ename) . 'Helper'; + + $path = JPATH_ADMINISTRATOR . '/components/' . $table->element . '/helpers/' . $fname; + + if (File::exists($path)) { + require_once $path; + + if (class_exists($cname) && is_callable(array($cname, 'prepareUpdate'))) { + call_user_func_array(array($cname, 'prepareUpdate'), array(&$update, &$table)); + } + } + + break; + + // Modules could have a helper which adds additional data + case 'module': + $cname = str_replace('_', '', $table->element) . 'Helper'; + $path = ($table->client_id ? JPATH_ADMINISTRATOR : JPATH_SITE) . '/modules/' . $table->element . '/helper.php'; + + if (File::exists($path)) { + require_once $path; + + if (class_exists($cname) && is_callable(array($cname, 'prepareUpdate'))) { + call_user_func_array(array($cname, 'prepareUpdate'), array(&$update, &$table)); + } + } + + break; + + // If we have a plugin, we can use the plugin trigger "onInstallerBeforePackageDownload" + // But we should make sure, that our plugin is loaded, so we don't need a second "installer" plugin + case 'plugin': + $cname = str_replace('plg_', '', $table->element); + PluginHelper::importPlugin($table->folder, $cname); + break; + } + } + + /** + * Manipulate the query to be used to evaluate if this is an Empty State to provide specific conditions for this extension. + * + * @return DatabaseQuery + * + * @since 4.0.0 + */ + protected function getEmptyStateQuery() + { + $query = parent::getEmptyStateQuery(); + + $query->where($this->_db->quoteName('extension_id') . ' != 0'); + + return $query; + } } diff --git a/libraries/src/TUF/DatabaseStorage.php b/libraries/src/TUF/DatabaseStorage.php index 27a11d6cdeb..8024a34176b 100644 --- a/libraries/src/TUF/DatabaseStorage.php +++ b/libraries/src/TUF/DatabaseStorage.php @@ -1,4 +1,5 @@ table = new Tuf($db); - - $this->table->load(['extension_id' => $extensionId]); - } - - /** - * Check if an offset/table column exists - * - * @param mixed $offset The offset/database column to check for - * - * @return boolean - */ - public function offsetExists($offset): bool - { - $column = $this->getCleanColumn($offset); - - return substr($column, -5) === '_json' && $this->table->hasField($column) && !is_null($this->table->$column); - } - - /** - * Check if an offset/table column exists - * - * @param mixed $offset The offset/database column to check for - * - * @return boolean - */ - public function tableColumnExists($offset): bool - { - $column = $this->getCleanColumn($offset); - - return substr($column, -5) === '_json' && $this->table->hasField($column); - } - - /** - * Get the value of a table column - * - * @param mixed $offset The column name to get the value for - * - * @return mixed - */ - public function offsetGet($offset) - { - if (!$this->offsetExists($offset)) - { - throw new RoleNotFoundException; - } - - $column = $this->getCleanColumn($offset); - - return $this->table->$column; - } - - /** - * Set a value in a column - * - * @param [type] $offset The table column to set the value - * @param [type] $value The value to set - * - * @return void - */ - public function offsetSet($offset, $value) - { - if (!$this->tableColumnExists($offset)) - { - throw new RoleNotFoundException; - } - - $column = $this->getCleanColumn($offset); - - $this->table->$column = $value; - - $this->table->store(); - } - - /** - * Reset the value to a - * - * @param mixed $offset The table column to reset the value to null - * - * @return void - */ - public function offsetUnset($offset): void - { - if (!$this->offsetExists($offset)) - { - throw new RoleNotFoundException; - } - - $column = $this->getCleanColumn($offset); - - $this->table->$column = null; - - $this->table->store(true); - } - - /** - * Convert file names to table columns - * - * @param string $name The original file name - * - * @return string - */ - protected function getCleanColumn($name): string - { - return str_replace('.', '_', $name); - } + /** + * The Tuf table object + * + * @var Table + */ + protected $table; + + /** + * Initialize the DatabaseStorage class + * + * @param DatabaseDriver $db A database connector object + * @param integer $extensionId The extension ID where the storage should be implemented for + */ + public function __construct(DatabaseDriver $db, int $extensionId) + { + $this->table = new Tuf($db); + + $this->table->load(['extension_id' => $extensionId]); + } + + /** + * Check if an offset/table column exists + * + * @param mixed $offset The offset/database column to check for + * + * @return boolean + */ + public function offsetExists($offset): bool + { + $column = $this->getCleanColumn($offset); + + return substr($column, -5) === '_json' && $this->table->hasField($column) && !is_null($this->table->$column); + } + + /** + * Check if an offset/table column exists + * + * @param mixed $offset The offset/database column to check for + * + * @return boolean + */ + public function tableColumnExists($offset): bool + { + $column = $this->getCleanColumn($offset); + + return substr($column, -5) === '_json' && $this->table->hasField($column); + } + + /** + * Get the value of a table column + * + * @param mixed $offset The column name to get the value for + * + * @return mixed + */ + public function offsetGet($offset) + { + if (!$this->offsetExists($offset)) { + throw new RoleNotFoundException(); + } + + $column = $this->getCleanColumn($offset); + + return $this->table->$column; + } + + /** + * Set a value in a column + * + * @param [type] $offset The table column to set the value + * @param [type] $value The value to set + * + * @return void + */ + public function offsetSet($offset, $value) + { + if (!$this->tableColumnExists($offset)) { + throw new RoleNotFoundException(); + } + + $column = $this->getCleanColumn($offset); + + $this->table->$column = $value; + + $this->table->store(); + } + + /** + * Reset the value to a + * + * @param mixed $offset The table column to reset the value to null + * + * @return void + */ + public function offsetUnset($offset): void + { + if (!$this->offsetExists($offset)) { + throw new RoleNotFoundException(); + } + + $column = $this->getCleanColumn($offset); + + $this->table->$column = null; + + $this->table->store(true); + } + + /** + * Convert file names to table columns + * + * @param string $name The original file name + * + * @return string + */ + protected function getCleanColumn($name): string + { + return str_replace('.', '_', $name); + } } diff --git a/libraries/src/TUF/Exception/RoleNotFoundException.php b/libraries/src/TUF/Exception/RoleNotFoundException.php index fa90a250158..1a279349d61 100644 --- a/libraries/src/TUF/Exception/RoleNotFoundException.php +++ b/libraries/src/TUF/Exception/RoleNotFoundException.php @@ -1,4 +1,5 @@ client = $client; - $this->metadataPrefix = $metadataPrefix; - $this->targetsPrefix = $targetsPrefix; - $this->baseUri = $baseUri; - } - - /** - * Creates an instance of this class with a specific base URI. - * - * @param string $baseUri The base URI from which to fetch files. - * @param string $metadataPrefix (optional) The path prefix for metadata. Defaults to '/metadata/'. - * @param string $targetsPrefix (optional) The path prefix for targets. Defaults to '/targets/'. - * - * @return static A new instance of this class. - * - * @since __DEPLOY_VERSION__ - */ - public static function createFromUri( - string $baseUri, - string $metadataPrefix = '/metadata/', - string $targetsPrefix = '/targets/' - ): self { - $httpFactory = new HttpFactory; - $client = $httpFactory->getHttp([], 'curl'); - - return new static($client, $metadataPrefix, $targetsPrefix, $baseUri); - } - - /** - * Fetches a metadata file from the remote repo. - * - * @param string $fileName The name of the metadata file to fetch. - * @param integer $maxBytes The maximum number of bytes to download. - * - * @return \GuzzleHttp\Promise\PromiseInterface A promise wrapping a StreamInterface instanfe - */ - public function fetchMetadata(string $fileName, int $maxBytes): PromiseInterface - { - return $this->fetchFile($this->baseUri . $this->metadataPrefix . $fileName, $maxBytes); - } - - /** - * Fetches a target file from the remote repo. - * - * @param string $fileName The name of the target to fetch. - * @param integer $maxBytes The maximum number of bytes to download. - * @param array $options (optional) Additional request options to pass to the http client - * @param string $url An arbitrary URL from which the target should be downloaded. - * - * @return PromiseInterface - * - * @since __DEPLOY_VERSION__ - */ - public function fetchTarget( - string $fileName, - int $maxBytes, - array $options = [], - string $url = null - ): PromiseInterface { - $location = $url ?: $this->baseUri . $this->targetsPrefix . $fileName; - - return $this->fetchFile($location, $maxBytes, $options); - } - - /** - * Fetches a file from a URL. - * - * @param string $url The URL of the file to fetch. - * @param integer $maxBytes The maximum number of bytes to download. - * @param array $options Additional request options to pass to the http client - * - * @return PromiseInterface A promise representing the eventual result of the operation. - * - * @since __DEPLOY_VERSION__ - */ - protected function fetchFile(string $url, int $maxBytes, array $options = []): PromiseInterface - { - $headers = (!empty($options['headers'])) ? $options['headers'] : []; - - /** @var Response $response */ - $response = $this->client->get($url, $headers); - $response->getBody()->rewind(); - - if ($response->getStatusCode() === 404) - { - throw new RepoFileNotFound; - } - - if ($response->getStatusCode() !== 200) - { - throw new \RuntimeException( - "Invalid TUF repo response: " . $response->getBody()->getContents(), - $response->getStatusCode() - ); - } - - return new FulfilledPromise($response->getBody()); - } - - /** - * Gets a file if it exists in the remote repo. - * - * @param string $fileName The file name to fetch. - * @param integer $maxBytes The maximum number of bytes to download. - * - * @return string|null The contents of the file or null if it does not exist. - */ - public function fetchMetadataIfExists(string $fileName, int $maxBytes): ?string - { - try - { - return $this->fetchMetadata($fileName, $maxBytes)->wait(); - } - catch (RepoFileNotFound $exception) - { - return null; - } - } + /** + * The HTTP client. + * + * @var \Joomla\Http\Http + * + * @since __DEPLOY_VERSION__ + */ + private $client; + + /** + * The base URI for requests + * + * @var string|null + * + * @since __DEPLOY_VERSION__ + */ + private $baseUri; + + /** + * The path prefix for metadata. + * + * @var string|null + * + * @since __DEPLOY_VERSION__ + */ + private $metadataPrefix; + + /** + * The path prefix for targets. + * + * @var string|null + * + * @since __DEPLOY_VERSION__ + */ + private $targetsPrefix; + + /** + * JHttpFileFetcher constructor. + * + * @param \Joomla\Http\Http $client The HTTP client. + * @param string $metadataPrefix The path prefix for metadata. + * @param string $targetsPrefix The path prefix for targets. + * @param string $baseUri Repo base uri for requests + * + * @since __DEPLOY_VERSION__ + */ + public function __construct(Http $client, string $metadataPrefix, string $targetsPrefix, string $baseUri) + { + $this->client = $client; + $this->metadataPrefix = $metadataPrefix; + $this->targetsPrefix = $targetsPrefix; + $this->baseUri = $baseUri; + } + + /** + * Creates an instance of this class with a specific base URI. + * + * @param string $baseUri The base URI from which to fetch files. + * @param string $metadataPrefix (optional) The path prefix for metadata. Defaults to '/metadata/'. + * @param string $targetsPrefix (optional) The path prefix for targets. Defaults to '/targets/'. + * + * @return static A new instance of this class. + * + * @since __DEPLOY_VERSION__ + */ + public static function createFromUri( + string $baseUri, + string $metadataPrefix = '/metadata/', + string $targetsPrefix = '/targets/' + ): self { + $httpFactory = new HttpFactory(); + $client = $httpFactory->getHttp([], 'curl'); + + return new static($client, $metadataPrefix, $targetsPrefix, $baseUri); + } + + /** + * Fetches a metadata file from the remote repo. + * + * @param string $fileName The name of the metadata file to fetch. + * @param integer $maxBytes The maximum number of bytes to download. + * + * @return \GuzzleHttp\Promise\PromiseInterface A promise wrapping a StreamInterface instanfe + */ + public function fetchMetadata(string $fileName, int $maxBytes): PromiseInterface + { + return $this->fetchFile($this->baseUri . $this->metadataPrefix . $fileName, $maxBytes); + } + + /** + * Fetches a target file from the remote repo. + * + * @param string $fileName The name of the target to fetch. + * @param integer $maxBytes The maximum number of bytes to download. + * @param array $options (optional) Additional request options to pass to the http client + * @param string $url An arbitrary URL from which the target should be downloaded. + * + * @return PromiseInterface + * + * @since __DEPLOY_VERSION__ + */ + public function fetchTarget( + string $fileName, + int $maxBytes, + array $options = [], + string $url = null + ): PromiseInterface { + $location = $url ?: $this->baseUri . $this->targetsPrefix . $fileName; + + return $this->fetchFile($location, $maxBytes, $options); + } + + /** + * Fetches a file from a URL. + * + * @param string $url The URL of the file to fetch. + * @param integer $maxBytes The maximum number of bytes to download. + * @param array $options Additional request options to pass to the http client + * + * @return PromiseInterface A promise representing the eventual result of the operation. + * + * @since __DEPLOY_VERSION__ + */ + protected function fetchFile(string $url, int $maxBytes, array $options = []): PromiseInterface + { + $headers = (!empty($options['headers'])) ? $options['headers'] : []; + + /** @var Response $response */ + $response = $this->client->get($url, $headers); + $response->getBody()->rewind(); + + if ($response->getStatusCode() === 404) { + throw new RepoFileNotFound(); + } + + if ($response->getStatusCode() !== 200) { + throw new \RuntimeException( + "Invalid TUF repo response: " . $response->getBody()->getContents(), + $response->getStatusCode() + ); + } + + return new FulfilledPromise($response->getBody()); + } + + /** + * Gets a file if it exists in the remote repo. + * + * @param string $fileName The file name to fetch. + * @param integer $maxBytes The maximum number of bytes to download. + * + * @return string|null The contents of the file or null if it does not exist. + */ + public function fetchMetadataIfExists(string $fileName, int $maxBytes): ?string + { + try { + return $this->fetchMetadata($fileName, $maxBytes)->wait(); + } catch (RepoFileNotFound $exception) { + return null; + } + } } diff --git a/libraries/src/TUF/TufValidation.php b/libraries/src/TUF/TufValidation.php index 1dfc1d0d9ff..fb53e0ca597 100644 --- a/libraries/src/TUF/TufValidation.php +++ b/libraries/src/TUF/TufValidation.php @@ -1,4 +1,5 @@ extensionId = $extensionId; - - $resolver = new OptionsResolver; - - try - { - $this->configureTufOptions($resolver); - } - catch (\Exception $e) - { - } - - try - { - $params = $resolver->resolve($params); - } - catch (\Exception $e) - { - if ($e instanceof UndefinedOptionsException || $e instanceof InvalidOptionsException) - { - throw $e; - } - } - - $this->params = $params; - } - - /** - * Configures default values or pass arguments to params - * - * @param OptionsResolver $resolver The OptionsResolver for the params - * @return void - */ - protected function configureTufOptions(OptionsResolver $resolver) - { - $resolver->setDefaults( - [ - 'url_prefix' => 'https://raw.githubusercontent.com', - 'metadata_path' => '/joomla/updates/test/repository/', - 'targets_path' => '/targets/', - 'mirrors' => [], - ] - ) - ->setAllowedTypes('url_prefix', 'string') - ->setAllowedTypes('metadata_path', 'string') - ->setAllowedTypes('targets_path', 'string') - ->setAllowedTypes('mirrors', 'array'); - } - - /** - * Checks for updates and writes it into the database if they are valid. Then it gets the targets.json content and - * returns it - * - * @return mixed Returns the targets.json if the validation is successful, otherwise null - */ - public function getValidUpdate() - { - $db = Factory::getContainer()->get(DatabaseDriver::class); - - $fileFetcher = HttpFileFetcher::createFromUri($this->params['url_prefix'], $this->params['metadata_path'], $this->params['targets_path']); - - $storage = new DatabaseStorage($db, $this->extensionId); - - $updater = new Updater( - $fileFetcher, - $this->params['mirrors'], - $storage - ); - - try - { - // Refresh the data if needed, it will be written inside the DB, then we fetch it afterwards and return it to - // the caller - $updater->refresh(); - - return $storage['targets.json']; - } - catch (FreezeAttackException | MetadataException | SignatureThresholdException | RollbackAttackException $e) - { - // When the validation fails, for example when one file is written but the others don't, we roll back everything - // and cancel the update - $query = $db->getQuery(true) - ->delete($db->quoteName('#__tuf_metadata')) - ->columns(['snapshot_json', 'targets_json', 'timestamp_json']); - $db->setQuery($query); - - return null; - } - } + /** + * The id of the extension to be updated + * + * @var integer + */ + private $extensionId; + + /** + * The params of the validator + * + * @var mixed + */ + private $params; + + /** + * Validating updates with TUF + * + * @param integer $extensionId The ID of the extension to be checked + * @param mixed $params The parameters containing the Base-URI, the Metadata- and Targets-Path and mirrors for the update + */ + public function __construct(int $extensionId, $params) + { + $this->extensionId = $extensionId; + + $resolver = new OptionsResolver; + + try { + $this->configureTufOptions($resolver); + } catch (\Exception $e) { + } + + try { + $params = $resolver->resolve($params); + } catch (\Exception $e) { + if ($e instanceof UndefinedOptionsException || $e instanceof InvalidOptionsException) { + throw $e; + } + } + + $this->params = $params; + } + + /** + * Configures default values or pass arguments to params + * + * @param OptionsResolver $resolver The OptionsResolver for the params + * @return void + */ + protected function configureTufOptions(OptionsResolver $resolver) + { + $resolver->setDefaults( + [ + 'url_prefix' => 'https://raw.githubusercontent.com', + 'metadata_path' => '/joomla/updates/test/repository/', + 'targets_path' => '/targets/', + 'mirrors' => [], + ] + ) + ->setAllowedTypes('url_prefix', 'string') + ->setAllowedTypes('metadata_path', 'string') + ->setAllowedTypes('targets_path', 'string') + ->setAllowedTypes('mirrors', 'array'); + } + + /** + * Checks for updates and writes it into the database if they are valid. Then it gets the targets.json content and + * returns it + * + * @return mixed Returns the targets.json if the validation is successful, otherwise null + */ + public function getValidUpdate() + { + $db = Factory::getContainer()->get(DatabaseDriver::class); + + $fileFetcher = HttpFileFetcher::createFromUri($this->params['url_prefix'], $this->params['metadata_path'], $this->params['targets_path']); + + $storage = new DatabaseStorage($db, $this->extensionId); + + $updater = new Updater( + $fileFetcher, + $this->params['mirrors'], + $storage + ); + + try { + // Refresh the data if needed, it will be written inside the DB, then we fetch it afterwards and return it to + // the caller + $updater->refresh(); + + return $storage['targets.json']; + } catch (FreezeAttackException | MetadataException | SignatureThresholdException | RollbackAttackException $e) { + // When the validation fails, for example when one file is written but the others don't, we roll back everything + // and cancel the update + $query = $db->getQuery(true) + ->delete($db->quoteName('#__tuf_metadata')) + ->columns(['snapshot_json', 'targets_json', 'timestamp_json']); + $db->setQuery($query); + + return null; + } + } } diff --git a/libraries/src/Table/Tuf.php b/libraries/src/Table/Tuf.php index 0d4b7f9d178..6c604164e9e 100644 --- a/libraries/src/Table/Tuf.php +++ b/libraries/src/Table/Tuf.php @@ -1,4 +1,5 @@ 0, - 'administrator' => 1, - 'installation' => 2, - 'api' => 3, - 'cli' => 4 - ]; - - /** - * Finds an update. - * - * @param array $options Update options. - * - * @return array|boolean Array containing the array of update sites and array of updates. False on failure - * - * @since __DEPLOY_VERSION__ - */ - public function findUpdate($options) - { - $updates = []; - $targets = $this->getUpdateTargets($options); - - foreach ($targets as $target) - { - $updateTable = Table::getInstance('update'); - $updateTable->set('update_site_id', $options['update_site_id']); - - $updateTable->bind($target); - - $updates[] = $updateTable; - } - - return array('update_sites' => array(), 'updates' => $updates); - } - - /** - * Finds targets. - * - * @param array $options Update options. - * - * @return array|boolean Array containing the array of update sites and array of updates. False on failure - * - * @since __DEPLOY_VERSION__ - */ - public function getUpdateTargets($options) - { - $versions = array(); - $resolver = new OptionsResolver; - - try - { - $this->configureUpdateOptions($resolver); - $keys = $resolver->getDefinedOptions(); - } - catch (\Exception $e) - { - } - - // Get extension_id for TufValidation - $db = $this->parent->getDbo(); - - $query = $db->getQuery(true) - ->select($db->quoteName('extension_id')) - ->from($db->quoteName('#__update_sites_extensions')) - ->where($db->quoteName('update_site_id') . ' = :id') - ->bind(':id', $options['update_site_id'], ParameterType::INTEGER); - $db->setQuery($query); - - try - { - $extension_id = $db->loadResult(); - } - catch (\RuntimeException $e) - { - // Do nothing - } - - $params = [ - 'url_prefix' => 'https://raw.githubusercontent.com', - 'metadata_path' => '/joomla/updates/test/repository/', - 'targets_path' => '/targets/', - 'mirrors' => [] - ]; - - $TufValidation = new TufValidation($extension_id, $params); - $metaData = $TufValidation->getValidUpdate(); - - $metaData = json_decode($metaData); - - if (isset($metaData->signed->targets)) - { - foreach ($metaData->signed->targets as $filename => $target) - { - $values = []; - - foreach ($keys as $key) - { - if (isset($target->custom->$key)) - { - $values[$key] = $target->custom->$key; - } - } - - if (isset($values['client']) && is_string($values['client']) - && key_exists(strtolower($values['client']), $this->clientId)) - { - $values['client'] = $this->clientId[strtolower($values['client'])]; - } - - if (isset($values['infourl']) && isset($values['infourl']->url)) - { - $values['infourl'] = $values['infourl']->url; - } - - try - { - $values = $resolver->resolve($values); - } - catch (\Exception $e) - { - continue; - } - - $versions[$values['version']] = $values; - } - - usort($versions, function ($a, $b) { - return version_compare($b['version'], $a['version']); - }); - - $checker = new ConstraintChecker; - - foreach ($versions as $version) - { - if ($checker->check((array) $version)) - { - return array($version); - } - } - } - - return false; - } - - /** - * Configures default values or pass arguments to params - * - * @param OptionsResolver $resolver The OptionsResolver for the params - * - * @return void - * - * @since __DEPLOY_VERSION__ - */ - protected function configureUpdateOptions(OptionsResolver $resolver) - { - $resolver->setDefaults( - [ - 'name' => null, - 'description' => '', - 'element' => '', - 'type' => null, - 'client' => 1, - 'version' => "1", - 'data' => '', - 'detailsurl' => '', - 'infourl' => '', - 'downloads' => [], - 'targetplatform' => new \StdClass, - 'php_minimum' => null, - 'supported_databases' => new \StdClass, - 'stability' => '' - ] - ) - ->setAllowedTypes('version', 'string') - ->setAllowedTypes('name', 'string') - ->setAllowedTypes('element', 'string') - ->setAllowedTypes('data', 'string') - ->setAllowedTypes('description', 'string') - ->setAllowedTypes('type', 'string') - ->setAllowedTypes('detailsurl', 'string') - ->setAllowedTypes('infourl', 'string') - ->setAllowedTypes('client', 'int') - ->setAllowedTypes('downloads', 'array') - ->setAllowedTypes('targetplatform', 'object') - ->setAllowedTypes('php_minimum', 'string') - ->setAllowedTypes('supported_databases', 'object') - ->setAllowedTypes('stability', 'string') - ->setRequired(['version']); - } + /** + * The client ID mapping array + * + * @var array + */ + private $clientId = [ + 'site' => 0, + 'administrator' => 1, + 'installation' => 2, + 'api' => 3, + 'cli' => 4 + ]; + + /** + * Finds an update. + * + * @param array $options Update options. + * + * @return array|boolean Array containing the array of update sites and array of updates. False on failure + * + * @since __DEPLOY_VERSION__ + */ + public function findUpdate($options) + { + $updates = []; + $targets = $this->getUpdateTargets($options); + + foreach ($targets as $target) { + $updateTable = Table::getInstance('update'); + $updateTable->set('update_site_id', $options['update_site_id']); + + $updateTable->bind($target); + + $updates[] = $updateTable; + } + + return array('update_sites' => array(), 'updates' => $updates); + } + + /** + * Finds targets. + * + * @param array $options Update options. + * + * @return array|boolean Array containing the array of update sites and array of updates. False on failure + * + * @since __DEPLOY_VERSION__ + */ + public function getUpdateTargets($options) + { + $versions = array(); + $resolver = new OptionsResolver(); + + try { + $this->configureUpdateOptions($resolver); + $keys = $resolver->getDefinedOptions(); + } catch (\Exception $e) { + } + + // Get extension_id for TufValidation + $db = $this->parent->getDbo(); + + $query = $db->getQuery(true) + ->select($db->quoteName('extension_id')) + ->from($db->quoteName('#__update_sites_extensions')) + ->where($db->quoteName('update_site_id') . ' = :id') + ->bind(':id', $options['update_site_id'], ParameterType::INTEGER); + $db->setQuery($query); + + try { + $extension_id = $db->loadResult(); + } catch (\RuntimeException $e) { + // Do nothing + } + + $params = [ + 'url_prefix' => 'https://raw.githubusercontent.com', + 'metadata_path' => '/joomla/updates/test/repository/', + 'targets_path' => '/targets/', + 'mirrors' => [] + ]; + + $TufValidation = new TufValidation($extension_id, $params); + $metaData = $TufValidation->getValidUpdate(); + + $metaData = json_decode($metaData); + + if (isset($metaData->signed->targets)) { + foreach ($metaData->signed->targets as $filename => $target) { + $values = []; + + foreach ($keys as $key) { + if (isset($target->custom->$key)) { + $values[$key] = $target->custom->$key; + } + } + + if ( + isset($values['client']) && is_string($values['client']) + && key_exists(strtolower($values['client']), $this->clientId) + ) { + $values['client'] = $this->clientId[strtolower($values['client'])]; + } + + if (isset($values['infourl']) && isset($values['infourl']->url)) { + $values['infourl'] = $values['infourl']->url; + } + + try { + $values = $resolver->resolve($values); + } catch (\Exception $e) { + continue; + } + + $versions[$values['version']] = $values; + } + + usort($versions, function ($a, $b) { + return version_compare($b['version'], $a['version']); + }); + + $checker = new ConstraintChecker(); + + foreach ($versions as $version) { + if ($checker->check((array) $version)) { + return array($version); + } + } + } + + return false; + } + + /** + * Configures default values or pass arguments to params + * + * @param OptionsResolver $resolver The OptionsResolver for the params + * + * @return void + * + * @since __DEPLOY_VERSION__ + */ + protected function configureUpdateOptions(OptionsResolver $resolver) + { + $resolver->setDefaults( + [ + 'name' => null, + 'description' => '', + 'element' => '', + 'type' => null, + 'client' => 1, + 'version' => "1", + 'data' => '', + 'detailsurl' => '', + 'infourl' => '', + 'downloads' => [], + 'targetplatform' => new \StdClass(), + 'php_minimum' => null, + 'supported_databases' => new \StdClass(), + 'stability' => '' + ] + ) + ->setAllowedTypes('version', 'string') + ->setAllowedTypes('name', 'string') + ->setAllowedTypes('element', 'string') + ->setAllowedTypes('data', 'string') + ->setAllowedTypes('description', 'string') + ->setAllowedTypes('type', 'string') + ->setAllowedTypes('detailsurl', 'string') + ->setAllowedTypes('infourl', 'string') + ->setAllowedTypes('client', 'int') + ->setAllowedTypes('downloads', 'array') + ->setAllowedTypes('targetplatform', 'object') + ->setAllowedTypes('php_minimum', 'string') + ->setAllowedTypes('supported_databases', 'object') + ->setAllowedTypes('stability', 'string') + ->setRequired(['version']); + } } diff --git a/libraries/src/Updater/ConstraintChecker.php b/libraries/src/Updater/ConstraintChecker.php index d49fbbeb551..0c62279a44b 100644 --- a/libraries/src/Updater/ConstraintChecker.php +++ b/libraries/src/Updater/ConstraintChecker.php @@ -1,4 +1,5 @@ checkTargetplatform($constraints['targetplatform'])) - { - return false; - } - - // Check php_minimumm, assume true when not set - if (isset($constraints['php_minimum']) - && !$this->checkPhpMinimum($constraints['php_minimum'])) - { - return false; - } - - // Check supported databases, assume true when not set - if (isset($constraints['supported_databases']) - && !$this->checkSupportedDatabases($constraints['supported_databases'])) - { - return false; - } - - // Check stability, assume true when not set - if (isset($constraints['stability']) - && !$this->checkStability($constraints['stability'])) - { - return false; - } - - return true; - } - - /** - * Check the targetPlatform - * - * @param object $targetPlatform - * - * @return boolean - * - * @since __DEPLOY_VERSION__ - */ - protected function checkTargetplatform(\stdClass $targetPlatform) - { - // Lower case and remove the exclamation mark - $product = strtolower(InputFilter::getInstance()->clean(Version::PRODUCT, 'cmd')); - - // Check that the product matches and that the version matches (optionally a regexp) - if ($product === $targetPlatform->name - && preg_match('/^' . $targetPlatform->version . '/', JVERSION)) - { - return true; - } - - return false; - } - - /** - * Check the minimum PHP version - * - * @param string $phpMinimum The minimum php version to check - * - * @return boolean - * - * @since __DEPLOY_VERSION__ - */ - protected function checkPhpMinimum(string $phpMinimum) - { - // Check if PHP version supported via tag - return version_compare(PHP_VERSION, $phpMinimum, '>='); - } - - /** - * Check the supported databases and versions - * - * @param object $supportedDatabases stdClass of supported databases and versions - * - * @return boolean - * - * @since __DEPLOY_VERSION__ - */ - protected function checkSupportedDatabases(\stdClass $supportedDatabases) - { - $db = Factory::getDbo(); - $dbType = strtolower($db->getServerType()); - $dbVersion = $db->getVersion(); - - // MySQL and MariaDB use the same database driver but not the same version numbers - if ($dbType === 'mysql') - { - // Check whether we have a MariaDB version string and extract the proper version from it - if (stripos($dbVersion, 'mariadb') !== false) - { - // MariaDB: Strip off any leading '5.5.5-', if present - $dbVersion = preg_replace('/^5\.5\.5-/', '', $dbVersion); - $dbType = 'mariadb'; - } - } - - // Do we have an entry for the database? - if (\property_exists($supportedDatabases, $dbType)) - { - $minimumVersion = $supportedDatabases->$dbType; - - return version_compare($dbVersion, $minimumVersion, '>='); - } - - return false; - } - - /** - * Check the stability - * - * @param string $stability Stability to check - * - * @return boolean - * - * @since __DEPLOY_VERSION__ - */ - protected function checkStability(string $stability) - { - $minimumStability = ComponentHelper::getParams('com_installer')->get('minimum_stability', Updater::STABILITY_STABLE); - - $stabilityInt = $this->stabilityToInteger($stability); - - if (($stabilityInt < $minimumStability)) - { - return false; - } - - return true; - } - - /** - * Converts a tag to numeric stability representation. If the tag doesn't represent a known stability level (one of - * dev, alpha, beta, rc, stable) it is ignored. - * - * @param string $tag The tag string, e.g. dev, alpha, beta, rc, stable - * - * @return integer - * - * @since __DEPLOY_VERSION__ - */ - protected function stabilityToInteger($tag) - { - $constant = '\\Joomla\\CMS\\Updater\\Updater::STABILITY_' . strtoupper($tag); - - if (\defined($constant)) - { - return \constant($constant); - } - - return Updater::STABILITY_STABLE; - } + /** + * Checks whether the passed constraints are matched + * + * @param array $constraints The provided constraints to be checked + * + * @return boolean + * + * @since __DEPLOY_VERSION__ + */ + public function check(array $constraints) + { + if (!isset($constraints['targetplatform'])) { + // targetplatform is required + return false; + } + + // Check targetplatform + if (!$this->checkTargetplatform($constraints['targetplatform'])) { + return false; + } + + // Check php_minimumm, assume true when not set + if ( + isset($constraints['php_minimum']) + && !$this->checkPhpMinimum($constraints['php_minimum']) + ) { + return false; + } + + // Check supported databases, assume true when not set + if ( + isset($constraints['supported_databases']) + && !$this->checkSupportedDatabases($constraints['supported_databases']) + ) { + return false; + } + + // Check stability, assume true when not set + if ( + isset($constraints['stability']) + && !$this->checkStability($constraints['stability']) + ) { + return false; + } + + return true; + } + + /** + * Check the targetPlatform + * + * @param object $targetPlatform + * + * @return boolean + * + * @since __DEPLOY_VERSION__ + */ + protected function checkTargetplatform(\stdClass $targetPlatform) + { + // Lower case and remove the exclamation mark + $product = strtolower(InputFilter::getInstance()->clean(Version::PRODUCT, 'cmd')); + + // Check that the product matches and that the version matches (optionally a regexp) + if ( + $product === $targetPlatform->name + && preg_match('/^' . $targetPlatform->version . '/', JVERSION) + ) { + return true; + } + + return false; + } + + /** + * Check the minimum PHP version + * + * @param string $phpMinimum The minimum php version to check + * + * @return boolean + * + * @since __DEPLOY_VERSION__ + */ + protected function checkPhpMinimum(string $phpMinimum) + { + // Check if PHP version supported via tag + return version_compare(PHP_VERSION, $phpMinimum, '>='); + } + + /** + * Check the supported databases and versions + * + * @param object $supportedDatabases stdClass of supported databases and versions + * + * @return boolean + * + * @since __DEPLOY_VERSION__ + */ + protected function checkSupportedDatabases(\stdClass $supportedDatabases) + { + $db = Factory::getDbo(); + $dbType = strtolower($db->getServerType()); + $dbVersion = $db->getVersion(); + + // MySQL and MariaDB use the same database driver but not the same version numbers + if ($dbType === 'mysql') { + // Check whether we have a MariaDB version string and extract the proper version from it + if (stripos($dbVersion, 'mariadb') !== false) { + // MariaDB: Strip off any leading '5.5.5-', if present + $dbVersion = preg_replace('/^5\.5\.5-/', '', $dbVersion); + $dbType = 'mariadb'; + } + } + + // Do we have an entry for the database? + if (\property_exists($supportedDatabases, $dbType)) { + $minimumVersion = $supportedDatabases->$dbType; + + return version_compare($dbVersion, $minimumVersion, '>='); + } + + return false; + } + + /** + * Check the stability + * + * @param string $stability Stability to check + * + * @return boolean + * + * @since __DEPLOY_VERSION__ + */ + protected function checkStability(string $stability) + { + $minimumStability = ComponentHelper::getParams('com_installer')->get('minimum_stability', Updater::STABILITY_STABLE); + + $stabilityInt = $this->stabilityToInteger($stability); + + if (($stabilityInt < $minimumStability)) { + return false; + } + + return true; + } + + /** + * Converts a tag to numeric stability representation. If the tag doesn't represent a known stability level (one of + * dev, alpha, beta, rc, stable) it is ignored. + * + * @param string $tag The tag string, e.g. dev, alpha, beta, rc, stable + * + * @return integer + * + * @since __DEPLOY_VERSION__ + */ + protected function stabilityToInteger($tag) + { + $constant = '\\Joomla\\CMS\\Updater\\Updater::STABILITY_' . strtoupper($tag); + + if (\defined($constant)) { + return \constant($constant); + } + + return Updater::STABILITY_STABLE; + } } diff --git a/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php b/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php index 88e464b9e14..933f63a03ac 100644 --- a/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php +++ b/tests/Unit/Libraries/Cms/TUF/HttpFileFetcherTest.php @@ -1,4 +1,5 @@ testContent. - * - * @return void - * - * @dataProvider providerFetchFileError - * - * @covers ::fetchFile - */ - public function testFetchFileError( - int $statusCode, - string $exceptionClass, - ?int $exceptionCode = null, - ?int $maxBytes = null - ): void { - $clientResponseMock = $this->getMockBuilder(\Joomla\Http\Response::class)->getMock(); - $clientResponseMock->method('getStatusCode')->willReturn($statusCode); - - $clientMock = $this->getMockBuilder(Http::class)->getMock(); - $clientMock->method('get')->willReturn($clientResponseMock); - - $this->expectException($exceptionClass); - $this->expectExceptionCode($exceptionCode ?? $statusCode); - $this->getFetcher($clientMock) - ->fetchMetadata('test.json', $maxBytes ?? strlen($this->testContent)) - ->wait(); - } - - /** - * Tests various error conditions when fetching a file with fetchFileIfExists(). - * - * @param integer $statusCode - * The response status code. - * @param string $exceptionClass - * The expected exception class that will be thrown. - * @param integer|null $exceptionCode - * (optional) The expected exception code. Defaults to the status code. - * @param integer|null $maxBytes - * (optional) The maximum number of bytes to read from the response. - * Defaults to the length of $this->testContent. - * - * @return void - * - * @dataProvider providerFileIfExistsError - * - * @covers ::providerFileIfExists - */ - public function testFetchFileIfExistsError( - int $statusCode, - string $exceptionClass, - ?int $exceptionCode = null, - ?int $maxBytes = null - ): void { - $clientResponseMock = $this->getMockBuilder(\Joomla\Http\Response::class)->getMock(); - $clientResponseMock->method('getStatusCode')->willReturn($statusCode); - - $clientMock = $this->getMockBuilder(Http::class)->getMock(); - $clientMock->method('get')->willReturn($clientResponseMock); - - $this->expectException($exceptionClass); - $this->expectExceptionCode($exceptionCode ?? $statusCode); - $this->getFetcher($clientMock) - ->fetchMetadataIfExists('test.json', $maxBytes ?? strlen($this->testContent)); - } - - /** - * Tests fetching a file without any errors. - * - * @return void - */ - public function testFetchMetadataReturnsCorrectResponseOnSuccessfulFetch(): void - { - $clientBodyMock = $this->getMockBuilder(StreamInterface::class)->getMock(); - $clientBodyMock->method('getContents')->willReturn($this->testContent); - - $clientResponseMock = $this->getMockBuilder(\Joomla\Http\Response::class)->getMock(); - $clientResponseMock->method('getStatusCode')->willReturn(200); - $clientResponseMock->method('getBody')->willReturn($clientBodyMock); - - $clientMock = $this->getMockBuilder(Http::class)->getMock(); - $clientMock->method('get')->willReturn($clientResponseMock); - - $this->assertSame( - $this->testContent, - $this->getFetcher($clientMock)->fetchMetadata('test.json', 256)->wait()->getContents() - ); - } - - /** - * Tests fetching a file without any errors. - * - * @return void - */ - public function testFetchMetadataIfExistsReturnsCorrectResponseOnSuccessfulFetch(): void - { - $clientBodyMock = $this->getMockBuilder(StreamInterface::class)->getMock(); - $clientBodyMock->method('rewind')->willReturnSelf(); - $clientBodyMock->method('__toString')->willReturn($this->testContent); - - $clientResponseMock = $this->getMockBuilder(\Joomla\Http\Response::class)->getMock(); - $clientResponseMock->method('getStatusCode')->willReturn(200); - $clientResponseMock->method('getBody')->willReturn($clientBodyMock); - - $clientMock = $this->getMockBuilder(Http::class)->getMock(); - $clientMock->method('get')->willReturn($clientResponseMock); - - $this->assertSame( - $this->testContent, - $this->getFetcher($clientMock)->fetchMetadataIfExists('test.json', 256) - ); - } - - /** - * Tests fetching a file without any errors. - * - * @return void - */ - public function testFetchMetadataIfExistsReturnsCorrectResponseOnNotFoundFetch(): void - { - $clientBodyMock = $this->getMockBuilder(StreamInterface::class)->getMock(); - $clientBodyMock->method('getContents')->willReturn($this->testContent); - - $clientResponseMock = $this->getMockBuilder(\Joomla\Http\Response::class)->getMock(); - $clientResponseMock->method('getStatusCode')->willReturn(404); - $clientResponseMock->method('getBody')->willReturn($clientBodyMock); - - $clientMock = $this->getMockBuilder(Http::class)->getMock(); - $clientMock->method('get')->willReturn($clientResponseMock); - - $this->assertNull( - $this->getFetcher($clientMock)->fetchMetadataIfExists('test.json', 256) - ); - } - - /** - * Tests creating a file fetcher with a repo base URI. - * - * @return void - * - * @covers ::createFromUri - */ - public function testCreateFromUri(): void - { - $this->assertInstanceOf( - HttpFileFetcher::class, - HttpFileFetcher::createFromUri('https://example.com') - ); - } + /** + * The content of the mocked response(s). + * + * This is deliberately not readable by json_decode(), in order to prove + * that the fetcher does not try to parse or process the response content + * in any way. + * + * @var string + */ + private $testContent = 'Zombie ipsum reversus ab viral inferno, nam rick grimes malum cerebro.'; + + /** + * Returns an instance of the file fetcher under test. + * + * @return HttpFileFetcher + * An instance of the file fetcher under test. + */ + private function getFetcher($clientMock): HttpFileFetcher + { + return new HttpFileFetcher($clientMock, '/metadata/', '/targets/', ""); + } + + /** + * Data provider for testfetchFileError(). + * + * @return array[] + * Sets of arguments to pass to the test method. + */ + public function providerFetchFileError(): array + { + return [ + [404, RepoFileNotFound::class, 0], + [403, 'RuntimeException'] + ]; + } + + /** + * Data provider for testFetchFileIfExistsError(). + * + * @return array[] + * Sets of arguments to pass to the test method. + */ + public function providerFileIfExistsError(): array + { + return [ + [403, 'RuntimeException'] + ]; + } + + /** + * Tests various error conditions when fetching a file with fetchFile(). + * + * @param integer $statusCode + * The response status code. + * @param string $exceptionClass + * The expected exception class that will be thrown. + * @param integer|null $exceptionCode + * (optional) The expected exception code. Defaults to the status code. + * @param integer|null $maxBytes + * (optional) The maximum number of bytes to read from the response. + * Defaults to the length of $this->testContent. + * + * @return void + * + * @dataProvider providerFetchFileError + * + * @covers ::fetchFile + */ + public function testFetchFileError( + int $statusCode, + string $exceptionClass, + ?int $exceptionCode = null, + ?int $maxBytes = null + ): void { + $clientResponseMock = $this->getMockBuilder(\Joomla\Http\Response::class)->getMock(); + $clientResponseMock->method('getStatusCode')->willReturn($statusCode); + + $clientMock = $this->getMockBuilder(Http::class)->getMock(); + $clientMock->method('get')->willReturn($clientResponseMock); + + $this->expectException($exceptionClass); + $this->expectExceptionCode($exceptionCode ?? $statusCode); + $this->getFetcher($clientMock) + ->fetchMetadata('test.json', $maxBytes ?? strlen($this->testContent)) + ->wait(); + } + + /** + * Tests various error conditions when fetching a file with fetchFileIfExists(). + * + * @param integer $statusCode + * The response status code. + * @param string $exceptionClass + * The expected exception class that will be thrown. + * @param integer|null $exceptionCode + * (optional) The expected exception code. Defaults to the status code. + * @param integer|null $maxBytes + * (optional) The maximum number of bytes to read from the response. + * Defaults to the length of $this->testContent. + * + * @return void + * + * @dataProvider providerFileIfExistsError + * + * @covers ::providerFileIfExists + */ + public function testFetchFileIfExistsError( + int $statusCode, + string $exceptionClass, + ?int $exceptionCode = null, + ?int $maxBytes = null + ): void { + $clientResponseMock = $this->getMockBuilder(\Joomla\Http\Response::class)->getMock(); + $clientResponseMock->method('getStatusCode')->willReturn($statusCode); + + $clientMock = $this->getMockBuilder(Http::class)->getMock(); + $clientMock->method('get')->willReturn($clientResponseMock); + + $this->expectException($exceptionClass); + $this->expectExceptionCode($exceptionCode ?? $statusCode); + $this->getFetcher($clientMock) + ->fetchMetadataIfExists('test.json', $maxBytes ?? strlen($this->testContent)); + } + + /** + * Tests fetching a file without any errors. + * + * @return void + */ + public function testFetchMetadataReturnsCorrectResponseOnSuccessfulFetch(): void + { + $clientBodyMock = $this->getMockBuilder(StreamInterface::class)->getMock(); + $clientBodyMock->method('getContents')->willReturn($this->testContent); + + $clientResponseMock = $this->getMockBuilder(\Joomla\Http\Response::class)->getMock(); + $clientResponseMock->method('getStatusCode')->willReturn(200); + $clientResponseMock->method('getBody')->willReturn($clientBodyMock); + + $clientMock = $this->getMockBuilder(Http::class)->getMock(); + $clientMock->method('get')->willReturn($clientResponseMock); + + $this->assertSame( + $this->testContent, + $this->getFetcher($clientMock)->fetchMetadata('test.json', 256)->wait()->getContents() + ); + } + + /** + * Tests fetching a file without any errors. + * + * @return void + */ + public function testFetchMetadataIfExistsReturnsCorrectResponseOnSuccessfulFetch(): void + { + $clientBodyMock = $this->getMockBuilder(StreamInterface::class)->getMock(); + $clientBodyMock->method('rewind')->willReturnSelf(); + $clientBodyMock->method('__toString')->willReturn($this->testContent); + + $clientResponseMock = $this->getMockBuilder(\Joomla\Http\Response::class)->getMock(); + $clientResponseMock->method('getStatusCode')->willReturn(200); + $clientResponseMock->method('getBody')->willReturn($clientBodyMock); + + $clientMock = $this->getMockBuilder(Http::class)->getMock(); + $clientMock->method('get')->willReturn($clientResponseMock); + + $this->assertSame( + $this->testContent, + $this->getFetcher($clientMock)->fetchMetadataIfExists('test.json', 256) + ); + } + + /** + * Tests fetching a file without any errors. + * + * @return void + */ + public function testFetchMetadataIfExistsReturnsCorrectResponseOnNotFoundFetch(): void + { + $clientBodyMock = $this->getMockBuilder(StreamInterface::class)->getMock(); + $clientBodyMock->method('getContents')->willReturn($this->testContent); + + $clientResponseMock = $this->getMockBuilder(\Joomla\Http\Response::class)->getMock(); + $clientResponseMock->method('getStatusCode')->willReturn(404); + $clientResponseMock->method('getBody')->willReturn($clientBodyMock); + + $clientMock = $this->getMockBuilder(Http::class)->getMock(); + $clientMock->method('get')->willReturn($clientResponseMock); + + $this->assertNull( + $this->getFetcher($clientMock)->fetchMetadataIfExists('test.json', 256) + ); + } + + /** + * Tests creating a file fetcher with a repo base URI. + * + * @return void + * + * @covers ::createFromUri + */ + public function testCreateFromUri(): void + { + $this->assertInstanceOf( + HttpFileFetcher::class, + HttpFileFetcher::createFromUri('https://example.com') + ); + } } diff --git a/tests/Unit/Libraries/Cms/Updater/ConstraintCheckerTest.php b/tests/Unit/Libraries/Cms/Updater/ConstraintCheckerTest.php index 85b32172e86..2316a54c7f5 100644 --- a/tests/Unit/Libraries/Cms/Updater/ConstraintCheckerTest.php +++ b/tests/Unit/Libraries/Cms/Updater/ConstraintCheckerTest.php @@ -1,4 +1,5 @@ checker = new ConstraintChecker(); - } - - /** - * Overrides the parent tearDown method. - * - * @return void - * - * @see \PHPUnit\Framework\TestCase::tearDown() - * @since __DEPLOY_VERSION__ - */ - protected function tearDown():void - { - unset($this->checker); - parent::tearDown(); - } - - public function testCheckMethodReturnsFalseIfPlatformIsMissing() - { - $constraint = []; - $this->assertFalse($this->checker->check($constraint)); - } - - public function testCheckMethodReturnsTrueIfPlatformIsOnlyConstraint() - { - $constraint = ['targetplatform' => (object) ["name" => "joomla", "version" => "4.*"]]; - $this->assertTrue($this->checker->check($constraint)); - } - - /** - * Tests the checkSupportedDatabases method - * - * @return void - * - * @since __DEPLOY_VERSION__ - * - * @dataProvider supportedDatabasesDataProvider - */ - public function testCheckSupportedDatabases($currentDatabase, $supportedDatabases, $expectedResult) - { - $dbMock = $this->createMock(DatabaseDriver::class); - $dbMock->method('getServerType')->willReturn($currentDatabase['type']); - $dbMock->method('getVersion')->willReturn($currentDatabase['version']); - Factory::$database = $dbMock; - - $method = $this->getPublicMethod('checkSupportedDatabases'); - $result = $method->invoke($this->checker, $supportedDatabases); - - $this->assertSame($expectedResult, $result); - } - - /** - * Tests the checkPhpMinimum method - * - * @return void - * - * @since __DEPLOY_VERSION__ - * - * @dataProvider targetplatformDataProvider - */ - public function testCheckPhpMinimumReturnFalseForFuturePhp() - { - $method = $this->getPublicMethod('checkPhpMinimum'); - - $this->assertFalse($method->invoke($this->checker, '99.9.9')); - } - - /** - * Tests the checkTargetplatform method - * - * @return void - * - * @since __DEPLOY_VERSION__ - * - * @dataProvider targetplatformDataProvider - */ - public function testCheckTargetplatform($targetPlatform, $expectedResult) - { - $method = $this->getPublicMethod('checkTargetplatform'); - $result = $method->invoke($this->checker, $targetPlatform); - - $this->assertSame($expectedResult, $result); - } - - /** - * Data provider for testCheckSupportedDatabases method - * - * @since __DEPLOY_VERSION__ - * - * @return array[] - */ - protected function supportedDatabasesDataProvider() - { - return [ - [ - ['type' => 'mysql', 'version' => '5.7.37-log-cll-lve'], - (object) ['mysql' => '5.6', 'mariadb' => '10.3'], - true - ], - [ - ['type' => 'mysql', 'version' => '5.6.0-log-cll-lve'], - (object) ['mysql' => '5.6', 'mariadb' => '10.3'], - true - ], - [ - ['type' => 'mysql', 'version' => '10.3.34-MariaDB-0+deb10u1'], - (object) ['mysql' => '5.6', 'mariadb' => '10.3'], - true - ], - [ - ['type' => 'mysql', 'version' => '5.7.37-log-cll-lve'], - (object) ['mysql' => '5.8', 'mariadb' => '10.3'], - false - ], - [ - ['type' => 'pgsql', 'version' => '14.3'], - (object) ['mysql' => '5.8', 'mariadb' => '10.3'], - false - ], - [ - ['type' => 'mysql', 'version' => '10.3.34-MariaDB-0+deb10u1'], - (object) ['mysql' => '5.6', 'mariadb' => '10.4'], - false - ], - [ - ['type' => 'mysql', 'version' => '5.5.5-10.3.34-MariaDB-0+deb10u1'], - (object) ['mysql' => '5.6', 'mariadb' => '10.3'], - true - ], - ]; - } - - /** - * Data provider for testCheckTargetplatform method - * - * @since __DEPLOY_VERSION__ - * - * @return array[] - */ - protected function targetplatformDataProvider() - { - return [ - [(object) ["name" => "foobar", "version" => "1.*"], false], - [(object) ["name" => "foobar", "version" => "4.*"], false], - [(object) ["name" => "joomla", "version" => "1.*"], false], - [(object) ["name" => "joomla", "version" => "3.1.2"], false], - [(object) ["name" => "joomla", "version" => ""], true], - [(object) ["name" => "joomla", "version" => ".*"], true], - [(object) ["name" => "joomla", "version" => JVERSION], true], - [(object) ["name" => "joomla", "version" => "4.*"], true], - ]; - } - - /** - * Internal helper method to get access to protected methods - * - * @since __DEPLOY_VERSION__ - * - * @param $method - * - * @return \ReflectionMethod - * @throws \ReflectionException - */ - protected function getPublicMethod($method) - { - $reflectionClass = new \ReflectionClass($this->checker); - $method = $reflectionClass->getMethod($method); - $method->setAccessible(true); - - return $method; - } + /** + * @var ConstraintChecker + * @since __DEPLOY_VERSION__ + */ + protected $checker; + + /** + * Sets up the fixture, for example, opens a network connection. + * This method is called before a test is executed. + * + * @return void + * + * @since __DEPLOY_VERSION__ + */ + protected function setUp(): void + { + $this->checker = new ConstraintChecker(); + } + + /** + * Overrides the parent tearDown method. + * + * @return void + * + * @see \PHPUnit\Framework\TestCase::tearDown() + * @since __DEPLOY_VERSION__ + */ + protected function tearDown(): void + { + unset($this->checker); + parent::tearDown(); + } + + public function testCheckMethodReturnsFalseIfPlatformIsMissing() + { + $constraint = []; + $this->assertFalse($this->checker->check($constraint)); + } + + public function testCheckMethodReturnsTrueIfPlatformIsOnlyConstraint() + { + $constraint = ['targetplatform' => (object) ["name" => "joomla", "version" => "4.*"]]; + $this->assertTrue($this->checker->check($constraint)); + } + + /** + * Tests the checkSupportedDatabases method + * + * @return void + * + * @since __DEPLOY_VERSION__ + * + * @dataProvider supportedDatabasesDataProvider + */ + public function testCheckSupportedDatabases($currentDatabase, $supportedDatabases, $expectedResult) + { + $dbMock = $this->createMock(DatabaseDriver::class); + $dbMock->method('getServerType')->willReturn($currentDatabase['type']); + $dbMock->method('getVersion')->willReturn($currentDatabase['version']); + Factory::$database = $dbMock; + + $method = $this->getPublicMethod('checkSupportedDatabases'); + $result = $method->invoke($this->checker, $supportedDatabases); + + $this->assertSame($expectedResult, $result); + } + + /** + * Tests the checkPhpMinimum method + * + * @return void + * + * @since __DEPLOY_VERSION__ + * + * @dataProvider targetplatformDataProvider + */ + public function testCheckPhpMinimumReturnFalseForFuturePhp() + { + $method = $this->getPublicMethod('checkPhpMinimum'); + + $this->assertFalse($method->invoke($this->checker, '99.9.9')); + } + + /** + * Tests the checkTargetplatform method + * + * @return void + * + * @since __DEPLOY_VERSION__ + * + * @dataProvider targetplatformDataProvider + */ + public function testCheckTargetplatform($targetPlatform, $expectedResult) + { + $method = $this->getPublicMethod('checkTargetplatform'); + $result = $method->invoke($this->checker, $targetPlatform); + + $this->assertSame($expectedResult, $result); + } + + /** + * Data provider for testCheckSupportedDatabases method + * + * @since __DEPLOY_VERSION__ + * + * @return array[] + */ + protected function supportedDatabasesDataProvider() + { + return [ + [ + ['type' => 'mysql', 'version' => '5.7.37-log-cll-lve'], + (object) ['mysql' => '5.6', 'mariadb' => '10.3'], + true + ], + [ + ['type' => 'mysql', 'version' => '5.6.0-log-cll-lve'], + (object) ['mysql' => '5.6', 'mariadb' => '10.3'], + true + ], + [ + ['type' => 'mysql', 'version' => '10.3.34-MariaDB-0+deb10u1'], + (object) ['mysql' => '5.6', 'mariadb' => '10.3'], + true + ], + [ + ['type' => 'mysql', 'version' => '5.7.37-log-cll-lve'], + (object) ['mysql' => '5.8', 'mariadb' => '10.3'], + false + ], + [ + ['type' => 'pgsql', 'version' => '14.3'], + (object) ['mysql' => '5.8', 'mariadb' => '10.3'], + false + ], + [ + ['type' => 'mysql', 'version' => '10.3.34-MariaDB-0+deb10u1'], + (object) ['mysql' => '5.6', 'mariadb' => '10.4'], + false + ], + [ + ['type' => 'mysql', 'version' => '5.5.5-10.3.34-MariaDB-0+deb10u1'], + (object) ['mysql' => '5.6', 'mariadb' => '10.3'], + true + ], + ]; + } + + /** + * Data provider for testCheckTargetplatform method + * + * @since __DEPLOY_VERSION__ + * + * @return array[] + */ + protected function targetplatformDataProvider() + { + return [ + [(object) ["name" => "foobar", "version" => "1.*"], false], + [(object) ["name" => "foobar", "version" => "4.*"], false], + [(object) ["name" => "joomla", "version" => "1.*"], false], + [(object) ["name" => "joomla", "version" => "3.1.2"], false], + [(object) ["name" => "joomla", "version" => ""], true], + [(object) ["name" => "joomla", "version" => ".*"], true], + [(object) ["name" => "joomla", "version" => JVERSION], true], + [(object) ["name" => "joomla", "version" => "4.*"], true], + ]; + } + + /** + * Internal helper method to get access to protected methods + * + * @since __DEPLOY_VERSION__ + * + * @param $method + * + * @return \ReflectionMethod + * @throws \ReflectionException + */ + protected function getPublicMethod($method) + { + $reflectionClass = new \ReflectionClass($this->checker); + $method = $reflectionClass->getMethod($method); + $method->setAccessible(true); + + return $method; + } } From 16108c110a122b68ce8d8dface9339949d1d2b94 Mon Sep 17 00:00:00 2001 From: Franciska Perisa <9084265+fancyFranci@users.noreply.github.com> Date: Sat, 17 Sep 2022 19:36:34 +0200 Subject: [PATCH 54/56] Add error messages (#14) --- administrator/language/en-GB/lib_joomla.ini | 6 +++- libraries/src/TUF/TufValidation.php | 38 +++++++++++++++----- libraries/src/Updater/Adapter/TufAdapter.php | 12 ++++--- 3 files changed, 42 insertions(+), 14 deletions(-) diff --git a/administrator/language/en-GB/lib_joomla.ini b/administrator/language/en-GB/lib_joomla.ini index 450de241eae..201135c0c11 100644 --- a/administrator/language/en-GB/lib_joomla.ini +++ b/administrator/language/en-GB/lib_joomla.ini @@ -655,11 +655,15 @@ JLIB_INSTALLER_SQL_BEGIN="Start of SQL updates." JLIB_INSTALLER_SQL_BEGIN_SCHEMA="The current database version (schema) is %s." JLIB_INSTALLER_SQL_END="End of SQL updates." JLIB_INSTALLER_SQL_END_NOT_COMPLETE="End of SQL updates - INCOMPLETE." +JLIB_INSTALLER_TUF_FREEZE_ATTACK="Update not possible because the offered update is expired." +JLIB_INSTALLER_TUF_INVALID_METADATA="The saved TUF update information is invalid." +JLIB_INSTALLER_TUF_NOT_AVAILABLE="TUF is not available for extensions yet." +JLIB_INSTALLER_TUF_ROLLBACK_ATTACK="Update not possible because the offered update version is older than the current installed version." +JLIB_INSTALLER_TUF_SIGNATURE_THRESHOLD="Update not possible because the offered update has not enough signatures." JLIB_INSTALLER_UNINSTALL="Uninstall" JLIB_INSTALLER_UPDATE="Update" JLIB_INSTALLER_UPDATE_LOG_QUERY="Ran query from file %1$s. Query text: %2$s." JLIB_INSTALLER_WARNING_UNABLE_TO_INSTALL_CONTENT_LANGUAGE="Unable to create a content language for %s language: %s" -JLIB_INSTALLER_TUF_NOT_AVAILABLE="TUF is not available for extensions yet." JLIB_JS_AJAX_ERROR_CONNECTION_ABORT="A connection abort has occurred while fetching the JSON data." JLIB_JS_AJAX_ERROR_NO_CONTENT="No content was returned." diff --git a/libraries/src/TUF/TufValidation.php b/libraries/src/TUF/TufValidation.php index fb53e0ca597..27a190d63e4 100644 --- a/libraries/src/TUF/TufValidation.php +++ b/libraries/src/TUF/TufValidation.php @@ -10,6 +10,7 @@ namespace Joomla\CMS\TUF; use Joomla\CMS\Factory; +use Joomla\CMS\Language\Text; use Joomla\CMS\TUF\HttpFileFetcher; use Joomla\Database\DatabaseDriver; use Symfony\Component\OptionsResolver\Exception\InvalidOptionsException; @@ -118,15 +119,36 @@ public function getValidUpdate() $updater->refresh(); return $storage['targets.json']; - } catch (FreezeAttackException | MetadataException | SignatureThresholdException | RollbackAttackException $e) { - // When the validation fails, for example when one file is written but the others don't, we roll back everything - // and cancel the update - $query = $db->getQuery(true) - ->delete($db->quoteName('#__tuf_metadata')) - ->columns(['snapshot_json', 'targets_json', 'timestamp_json']); - $db->setQuery($query); - + } catch (MetadataException $e) { + $this->rollBackTufMetadata(); + Factory::getApplication()->enqueueMessage(Text::_('JLIB_INSTALLER_TUF_INVALID_METADATA'), 'error'); + return null; + } catch (FreezeAttackException $e) { + $this->rollBackTufMetadata(); + Factory::getApplication()->enqueueMessage(Text::_('JLIB_INSTALLER_TUF_FREEZE_ATTACK'), 'error'); + return null; + } catch (RollbackAttackException $e) { + $this->rollBackTufMetadata(); + Factory::getApplication()->enqueueMessage(Text::_('JLIB_INSTALLER_TUF_ROLLBACK_ATTACK'), 'error'); + return null; + } catch (SignatureThresholdException $e) { + $this->rollBackTufMetadata(); + Factory::getApplication()->enqueueMessage(Text::_('JLIB_INSTALLER_TUF_SIGNATURE_THRESHOLD'), 'error'); return null; } } + + /** + * When the validation fails, for example when one file is written but the others don't, we roll back everything + * + * @return void + */ + private function rollBackTufMetadata() + { + $db = Factory::getContainer()->get(DatabaseDriver::class); + $query = $db->getQuery(true) + ->delete($db->quoteName('#__tuf_metadata')) + ->columns(['snapshot_json', 'targets_json', 'timestamp_json']); + $db->setQuery($query); + } } diff --git a/libraries/src/Updater/Adapter/TufAdapter.php b/libraries/src/Updater/Adapter/TufAdapter.php index a46c5df8151..446210acc12 100644 --- a/libraries/src/Updater/Adapter/TufAdapter.php +++ b/libraries/src/Updater/Adapter/TufAdapter.php @@ -52,13 +52,15 @@ public function findUpdate($options) $updates = []; $targets = $this->getUpdateTargets($options); - foreach ($targets as $target) { - $updateTable = Table::getInstance('update'); - $updateTable->set('update_site_id', $options['update_site_id']); + if ($targets) { + foreach ($targets as $target) { + $updateTable = Table::getInstance('update'); + $updateTable->set('update_site_id', $options['update_site_id']); - $updateTable->bind($target); + $updateTable->bind($target); - $updates[] = $updateTable; + $updates[] = $updateTable; + } } return array('update_sites' => array(), 'updates' => $updates); From e1cfeb4def6ef4dfc155e87dad1baf72515780f7 Mon Sep 17 00:00:00 2001 From: Magnus Singer Date: Sun, 18 Sep 2022 15:20:45 +0200 Subject: [PATCH 55/56] Continue integration of TUF into Joomla (#16) --- .../src/Model/UpdateModel.php | 317 ++++++++---------- libraries/src/TUF/DatabaseStorage.php | 15 +- libraries/src/TUF/HttpFileFetcher.php | 47 +-- libraries/src/TUF/TufValidation.php | 13 +- libraries/src/Table/Update.php | 11 +- .../src/Updater/Adapter/CollectionAdapter.php | 14 +- libraries/src/Updater/Adapter/TufAdapter.php | 90 +++-- libraries/src/Updater/ConstraintChecker.php | 18 +- .../src/Updater/Update/AbstractUpdate.php | 193 +++++++++++ libraries/src/Updater/Update/DataUpdate.php | 96 ++++++ .../src/Updater/Update/UpdateInterface.php | 16 + .../{Update.php => Update/XmlUpdate.php} | 208 ++---------- libraries/src/Updater/UpdateAdapter.php | 22 +- libraries/src/Updater/Updater.php | 64 ++-- 14 files changed, 648 insertions(+), 476 deletions(-) create mode 100644 libraries/src/Updater/Update/AbstractUpdate.php create mode 100644 libraries/src/Updater/Update/DataUpdate.php create mode 100644 libraries/src/Updater/Update/UpdateInterface.php rename libraries/src/Updater/{Update.php => Update/XmlUpdate.php} (71%) diff --git a/administrator/components/com_joomlaupdate/src/Model/UpdateModel.php b/administrator/components/com_joomlaupdate/src/Model/UpdateModel.php index a0899f9dc20..f376b7b5b96 100644 --- a/administrator/components/com_joomlaupdate/src/Model/UpdateModel.php +++ b/administrator/components/com_joomlaupdate/src/Model/UpdateModel.php @@ -1,5 +1,4 @@ get('updatesource', 'nochange')) { - // "Minor & Patch Release for Current version AND Next Major Release". - case 'next': - $updateURL = 'https://update.joomla.org/core/sts/list_sts.xml'; - break; - - // "Testing" - case 'testing': - $updateURL = 'https://update.joomla.org/core/test/list_test.xml'; - break; - - // "Custom" - // @todo: check if the customurl is valid and not just "not empty". - case 'custom': - if (trim($params->get('customurl', '')) != '') { - $updateURL = trim($params->get('customurl', '')); - } else { - Factory::getApplication()->enqueueMessage(Text::_('COM_JOOMLAUPDATE_CONFIG_UPDATESOURCE_CUSTOM_ERROR'), 'error'); - - return; - } - break; + $updateURL = 'https://raw.githubusercontent.com/joomla/updates/test8/repository/'; + if ($params->get('updatesource', 'nochange') == 'custom') { + $paramsURL = $params->get('customurl', ''); + if (trim($paramsURL) != '') { + $updateURL = trim($paramsURL); + } else { + Factory::getApplication()->enqueueMessage(Text::_('COM_JOOMLAUPDATE_CONFIG_UPDATESOURCE_CUSTOM_ERROR'), 'error'); - /** - * "Minor & Patch Release for Current version (recommended and default)". - * The commented "case" below are for documenting where 'default' and legacy options falls - * case 'default': - * case 'lts': - * case 'sts': (It's shown as "Default" because that option does not exist any more) - * case 'nochange': - */ - default: - $updateURL = 'https://update.joomla.org/core/list.xml'; + return; + } } $id = ExtensionHelper::getExtensionRecord('joomla', 'file')->extension_id; @@ -132,7 +109,7 @@ public function applyUpdateSite() /** * Makes sure that the Joomla! update cache is up-to-date. * - * @param boolean $force Force reload, ignoring the cache timeout. + * @param boolean $force Force reload, ignoring the cache timeout. * * @return void * @@ -144,12 +121,12 @@ public function refreshUpdates($force = false) $cache_timeout = 0; } else { $update_params = ComponentHelper::getParams('com_installer'); - $cache_timeout = (int) $update_params->get('cachetimeout', 6); + $cache_timeout = (int)$update_params->get('cachetimeout', 6); $cache_timeout = 3600 * $cache_timeout; } - $updater = Updater::getInstance(); - $minimumStability = Updater::STABILITY_STABLE; + $updater = Updater::getInstance(); + $minimumStability = Updater::STABILITY_STABLE; $comJoomlaupdateParams = ComponentHelper::getParams('com_joomlaupdate'); if (in_array($comJoomlaupdateParams->get('updatesource', 'nochange'), array('testing', 'custom'))) { @@ -240,15 +217,14 @@ public function getUpdateInformation() // Initialise the return array. $this->updateInformation = array( 'installed' => \JVERSION, - 'latest' => null, - 'object' => null, + 'latest' => null, + 'object' => null, 'hasUpdate' => false, - 'current' => JVERSION // This is deprecated please use 'installed' or JVERSION directly ); // Fetch the update information from the database. $id = ExtensionHelper::getExtensionRecord('joomla', 'file')->extension_id; - $db = version_compare(JVERSION, '4.2.0', 'lt') ? $this->getDbo() : $this->getDatabase(); + $db = $this->getDatabase(); $query = $db->getQuery(true) ->select('*') ->from($db->quoteName('#__updates')) @@ -272,7 +248,15 @@ public function getUpdateInformation() return $this->updateInformation; } - $minimumStability = Updater::STABILITY_STABLE; + $this->updateInformation['latest'] = $updateObject->version; + $this->updateInformation['current'] = JVERSION; + + // Check whether this is an update or not. + if (version_compare($updateObject->version, JVERSION, '>')) { + $this->updateInformation['hasUpdate'] = true; + } + + $minimumStability = Updater::STABILITY_STABLE; $comJoomlaupdateParams = ComponentHelper::getParams('com_joomlaupdate'); if (in_array($comJoomlaupdateParams->get('updatesource', 'nochange'), array('testing', 'custom'))) { @@ -280,17 +264,15 @@ public function getUpdateInformation() } // Fetch the full update details from the update details URL. - $update = new Update(); - $update->loadFromXml($updateObject->detailsurl, $minimumStability); + if (empty($updateObject->data)) { + $update = new XmlUpdate(); + $update->loadFromXml($updateObject->detailsurl, $minimumStability); + } else { + $update = new DataUpdate(); + $update->loadFromData($updateObject, $minimumStability); + } - // Make sure we use the current information we got from the detailsurl $this->updateInformation['object'] = $update; - $this->updateInformation['latest'] = $updateObject->version; - - // Check whether this is an update or not. - if (version_compare($this->updateInformation['latest'], JVERSION, '>')) { - $this->updateInformation['hasUpdate'] = true; - } return $this->updateInformation; } @@ -304,10 +286,10 @@ public function getUpdateInformation() */ public function purge() { - $db = version_compare(JVERSION, '4.2.0', 'lt') ? $this->getDbo() : $this->getDatabase(); + $db = $this->getDatabase(); // Modify the database record - $update_site = new \stdClass(); + $update_site = new \stdClass; $update_site->last_check_timestamp = 0; $update_site->enabled = 1; $update_site->update_site_id = 1; @@ -340,10 +322,10 @@ public function download() { $updateInfo = $this->getUpdateInformation(); $packageURL = trim($updateInfo['object']->downloadurl->_data); - $sources = $updateInfo['object']->get('downloadSources', array()); + $sources = $updateInfo['object']->get('downloadSources', array()); // We have to manually follow the redirects here so we set the option to false. - $httpOptions = new Registry(); + $httpOptions = new Registry; $httpOptions->set('follow_location', false); try { @@ -357,7 +339,7 @@ public function download() // Follow the Location headers until the actual download URL is known while (isset($head->headers['location'])) { - $packageURL = (string) $head->headers['location'][0]; + $packageURL = (string)$head->headers['location'][0]; try { $head = HttpFactory::getHttp($httpOptions)->head($packageURL); @@ -377,14 +359,14 @@ public function download() } // Find the path to the temp directory and the local package. - $tempdir = (string) InputFilter::getInstance( + $tempdir = (string)InputFilter::getInstance( [], [], InputFilter::ONLY_BLOCK_DEFINED_TAGS, InputFilter::ONLY_BLOCK_DEFINED_ATTRIBUTES ) ->clean(Factory::getApplication()->get('tmp_path'), 'path'); - $target = $tempdir . '/' . $basename; + $target = $tempdir . '/' . $basename; $response = []; // Do we have a cached file? @@ -395,7 +377,7 @@ public function download() $mirror = 0; while (!($download = $this->downloadPackage($packageURL, $target)) && isset($sources[$mirror])) { - $name = $sources[$mirror]; + $name = $sources[$mirror]; $packageURL = trim($name->url); $mirror++; } @@ -409,7 +391,7 @@ public function download() $mirror = 0; while (!($download = $this->downloadPackage($packageURL, $target)) && isset($sources[$mirror])) { - $name = $sources[$mirror]; + $name = $sources[$mirror]; $packageURL = trim($name->url); $mirror++; } @@ -429,8 +411,8 @@ public function download() /** * Return the result of the checksum of a package with the SHA256/SHA384/SHA512 tags in the update server manifest * - * @param string $packagefile Location of the package to be installed - * @param Update $updateObject The Update Object + * @param string $packagefile Location of the package to be installed + * @param Update $updateObject The Update Object * * @return boolean False in case the validation did not work; true in any other case. * @@ -446,7 +428,7 @@ private function isChecksumValid($packagefile, $updateObject) foreach ($hashes as $hash) { if ($updateObject->get($hash, false)) { $hashPackage = hash_file($hash, $packagefile); - $hashRemote = $updateObject->$hash->_data; + $hashRemote = $updateObject->$hash->_data; if ($hashPackage !== $hashRemote) { // Return false in case the hash did not match @@ -462,8 +444,8 @@ private function isChecksumValid($packagefile, $updateObject) /** * Downloads a package file to a specific directory * - * @param string $url The URL to download from - * @param string $target The directory to store the file + * @param string $url The URL to download from + * @param string $target The directory to store the file * * @return boolean True on success * @@ -500,7 +482,7 @@ protected function downloadPackage($url, $target) /** * Backwards compatibility. Use createUpdateFile() instead. * - * @param null $basename The basename of the file to create + * @param null $basename The basename of the file to create * * @return boolean * @since 2.5.1 @@ -519,7 +501,7 @@ public function createRestorationFile($basename = null): bool * thereby determining how many and which overrides need to be checked and possibly updated * after Joomla installed an update. * - * @param string $basename Optional base path to the file. + * @param string $basename Optional base path to the file. * * @return boolean True if successful; false otherwise. * @@ -548,9 +530,9 @@ public function createUpdateFile($basename = null): bool } // Get the package name. - $config = $app->getConfig(); + $config = $app->getConfig(); $tempdir = $config->get('tmp_path'); - $file = $tempdir . '/' . $basename; + $file = $tempdir . '/' . $basename; $filesize = @filesize($file); $app->setUserState('com_joomlaupdate.password', $password); @@ -636,8 +618,7 @@ public function finaliseUpgrade() $installer->setUpgrade(true); $installer->setOverwrite(true); - $db = version_compare(JVERSION, '4.2.0', 'lt') ? $this->getDbo() : $this->getDatabase(); - $installer->extension = new \Joomla\CMS\Table\Extension($db); + $installer->extension = new \Joomla\CMS\Table\Extension($this->getDatabase()); $installer->extension->load(ExtensionHelper::getExtensionRecord('joomla', 'file')->extension_id); $installer->setAdapter($installer->extension->type); @@ -649,7 +630,7 @@ public function finaliseUpgrade() // Run the script file. \JLoader::register('JoomlaInstallerScript', JPATH_ADMINISTRATOR . '/components/com_admin/script.php'); - $manifestClass = new \JoomlaInstallerScript(); + $manifestClass = new \JoomlaInstallerScript; ob_start(); ob_implicit_flush(false); @@ -672,7 +653,7 @@ public function finaliseUpgrade() ob_end_clean(); // Get a database connector object. - $db = version_compare(JVERSION, '4.2.0', 'lt') ? $this->getDbo() : $this->getDatabase(); + $db = $this->getDatabase(); /* * Check to see if a file extension by the same name is already installed. @@ -699,7 +680,7 @@ public function finaliseUpgrade() } $id = $db->loadResult(); - $row = new \Joomla\CMS\Table\Extension($db); + $row = new \Joomla\CMS\Table\Extension($this->getDatabase()); if ($id) { // Load the entry and update the manifest_cache. @@ -784,7 +765,7 @@ public function finaliseUpgrade() ob_end_clean(); // Clobber any possible pending updates. - $update = new \Joomla\CMS\Table\Update($db); + $update = new \Joomla\CMS\Table\Update($this->getDatabase()); $uid = $update->find( array('element' => 'joomla', 'type' => 'file', 'client_id' => '0', 'folder' => '') ); @@ -889,7 +870,7 @@ public function upload() $userfile = $input->files->get('install_package', null, 'raw'); // Make sure that file uploads are enabled in php. - if (!(bool) ini_get('file_uploads')) { + if (!(bool)ini_get('file_uploads')) { throw new \RuntimeException(Text::_('COM_INSTALLER_MSG_INSTALL_WARNINSTALLFILE'), 500); } @@ -927,7 +908,7 @@ public function upload() // Build the appropriate paths. $tmp_dest = tempnam(Factory::getApplication()->get('tmp_path'), 'ju'); - $tmp_src = $userfile['tmp_name']; + $tmp_src = $userfile['tmp_name']; // Move uploaded file. $result = File::upload($tmp_src, $tmp_dest, false, true); @@ -942,7 +923,7 @@ public function upload() /** * Checks the super admin credentials are valid for the currently logged in users * - * @param array $credentials The credentials to authenticate the user with + * @param array $credentials The credentials to authenticate the user with * * @return boolean * @@ -952,7 +933,7 @@ public function captiveLogin($credentials) { // Make sure the username matches $username = $credentials['username'] ?? null; - $user = Factory::getUser(); + $user = Factory::getUser(); if (strtolower($user->username) != strtolower($username)) { return false; @@ -965,7 +946,7 @@ public function captiveLogin($credentials) // Get the global Authentication object. $authenticate = Authentication::getInstance(); - $response = $authenticate->authenticate($credentials); + $response = $authenticate->authenticate($credentials); if ($response->status !== Authentication::STATUS_SUCCESS) { return false; @@ -1015,10 +996,10 @@ public function removePackageFiles() /** * Gets PHP options. - * @todo: Outsource, build common code base for pre install and pre update check - * * @return array Array of PHP config options * + * @todo: Outsource, build common code base for pre install and pre update check + * * @since 3.10.0 */ public function getPhpOptions() @@ -1030,54 +1011,54 @@ public function getPhpOptions() * A Joomla! Update which is not supported by current PHP * version is not shown. So this check is actually unnecessary. */ - $option = new \stdClass(); - $option->label = Text::sprintf('INSTL_PHP_VERSION_NEWER', $this->getTargetMinimumPHPVersion()); - $option->state = $this->isPhpVersionSupported(); + $option = new \stdClass; + $option->label = Text::sprintf('INSTL_PHP_VERSION_NEWER', $this->getTargetMinimumPHPVersion()); + $option->state = $this->isPhpVersionSupported(); $option->notice = null; - $options[] = $option; + $options[] = $option; // Check for zlib support. - $option = new \stdClass(); - $option->label = Text::_('INSTL_ZLIB_COMPRESSION_SUPPORT'); - $option->state = extension_loaded('zlib'); + $option = new \stdClass; + $option->label = Text::_('INSTL_ZLIB_COMPRESSION_SUPPORT'); + $option->state = extension_loaded('zlib'); $option->notice = null; - $options[] = $option; + $options[] = $option; // Check for XML support. - $option = new \stdClass(); - $option->label = Text::_('INSTL_XML_SUPPORT'); - $option->state = extension_loaded('xml'); + $option = new \stdClass; + $option->label = Text::_('INSTL_XML_SUPPORT'); + $option->state = extension_loaded('xml'); $option->notice = null; - $options[] = $option; + $options[] = $option; // Check for mbstring options. if (extension_loaded('mbstring')) { // Check for default MB language. - $option = new \stdClass(); - $option->label = Text::_('INSTL_MB_LANGUAGE_IS_DEFAULT'); - $option->state = strtolower(ini_get('mbstring.language')) === 'neutral'; + $option = new \stdClass; + $option->label = Text::_('INSTL_MB_LANGUAGE_IS_DEFAULT'); + $option->state = strtolower(ini_get('mbstring.language')) === 'neutral'; $option->notice = $option->state ? null : Text::_('INSTL_NOTICEMBLANGNOTDEFAULT'); $options[] = $option; // Check for MB function overload. - $option = new \stdClass(); - $option->label = Text::_('INSTL_MB_STRING_OVERLOAD_OFF'); - $option->state = ini_get('mbstring.func_overload') == 0; + $option = new \stdClass; + $option->label = Text::_('INSTL_MB_STRING_OVERLOAD_OFF'); + $option->state = ini_get('mbstring.func_overload') == 0; $option->notice = $option->state ? null : Text::_('INSTL_NOTICEMBSTRINGOVERLOAD'); $options[] = $option; } // Check for a missing native parse_ini_file implementation. - $option = new \stdClass(); - $option->label = Text::_('INSTL_PARSE_INI_FILE_AVAILABLE'); - $option->state = $this->getIniParserAvailability(); + $option = new \stdClass; + $option->label = Text::_('INSTL_PARSE_INI_FILE_AVAILABLE'); + $option->state = $this->getIniParserAvailability(); $option->notice = null; $options[] = $option; // Check for missing native json_encode / json_decode support. - $option = new \stdClass(); - $option->label = Text::_('INSTL_JSON_SUPPORT_AVAILABLE'); - $option->state = function_exists('json_encode') && function_exists('json_decode'); + $option = new \stdClass; + $option->label = Text::_('INSTL_JSON_SUPPORT_AVAILABLE'); + $option->state = function_exists('json_encode') && function_exists('json_decode'); $option->notice = null; $options[] = $option; $updateInformation = $this->getUpdateInformation(); @@ -1085,18 +1066,18 @@ public function getPhpOptions() // Check if configured database is compatible with the next major version of Joomla $nextMajorVersion = Version::MAJOR_VERSION + 1; - if (version_compare($updateInformation['latest'], (string) $nextMajorVersion, '>=')) { - $option = new \stdClass(); - $option->label = Text::sprintf('INSTL_DATABASE_SUPPORTED', $this->getConfiguredDatabaseType()); - $option->state = $this->isDatabaseTypeSupported(); + if (version_compare($updateInformation['latest'], (string)$nextMajorVersion, '>=')) { + $option = new \stdClass; + $option->label = Text::sprintf('INSTL_DATABASE_SUPPORTED', $this->getConfiguredDatabaseType()); + $option->state = $this->isDatabaseTypeSupported(); $option->notice = null; - $options[] = $option; + $options[] = $option; } // Check if database structure is up to date - $option = new \stdClass(); - $option->label = Text::_('COM_JOOMLAUPDATE_VIEW_DEFAULT_DATABASE_STRUCTURE_TITLE'); - $option->state = $this->getDatabaseSchemaCheck(); + $option = new \stdClass; + $option->label = Text::_('COM_JOOMLAUPDATE_VIEW_DEFAULT_DATABASE_STRUCTURE_TITLE'); + $option->state = $this->getDatabaseSchemaCheck(); $option->notice = $option->state ? null : Text::_('COM_JOOMLAUPDATE_VIEW_DEFAULT_DATABASE_STRUCTURE_NOTICE'); $options[] = $option; @@ -1105,10 +1086,10 @@ public function getPhpOptions() /** * Gets PHP Settings. - * @todo: Outsource, build common code base for pre install and pre update check - * * @return array * + * @todo: Outsource, build common code base for pre install and pre update check + * * @since 3.10.0 */ public function getPhpSettings() @@ -1116,56 +1097,56 @@ public function getPhpSettings() $settings = array(); // Check for display errors. - $setting = new \stdClass(); + $setting = new \stdClass; $setting->label = Text::_('INSTL_DISPLAY_ERRORS'); - $setting->state = (bool) ini_get('display_errors'); + $setting->state = (bool)ini_get('display_errors'); $setting->recommended = false; $settings[] = $setting; // Check for file uploads. - $setting = new \stdClass(); + $setting = new \stdClass; $setting->label = Text::_('INSTL_FILE_UPLOADS'); - $setting->state = (bool) ini_get('file_uploads'); + $setting->state = (bool)ini_get('file_uploads'); $setting->recommended = true; $settings[] = $setting; // Check for output buffering. - $setting = new \stdClass(); + $setting = new \stdClass; $setting->label = Text::_('INSTL_OUTPUT_BUFFERING'); - $setting->state = (int) ini_get('output_buffering') !== 0; + $setting->state = (int)ini_get('output_buffering') !== 0; $setting->recommended = false; $settings[] = $setting; // Check for session auto-start. - $setting = new \stdClass(); + $setting = new \stdClass; $setting->label = Text::_('INSTL_SESSION_AUTO_START'); - $setting->state = (bool) ini_get('session.auto_start'); + $setting->state = (bool)ini_get('session.auto_start'); $setting->recommended = false; $settings[] = $setting; // Check for native ZIP support. - $setting = new \stdClass(); + $setting = new \stdClass; $setting->label = Text::_('INSTL_ZIP_SUPPORT_AVAILABLE'); $setting->state = function_exists('zip_open') && function_exists('zip_read'); $setting->recommended = true; $settings[] = $setting; // Check for GD support - $setting = new \stdClass(); + $setting = new \stdClass; $setting->label = Text::sprintf('INSTL_EXTENSION_AVAILABLE', 'GD'); $setting->state = extension_loaded('gd'); $setting->recommended = true; $settings[] = $setting; // Check for iconv support - $setting = new \stdClass(); + $setting = new \stdClass; $setting->label = Text::sprintf('INSTL_EXTENSION_AVAILABLE', 'iconv'); $setting->state = function_exists('iconv'); $setting->recommended = true; $settings[] = $setting; // Check for intl support - $setting = new \stdClass(); + $setting = new \stdClass; $setting->label = Text::sprintf('INSTL_EXTENSION_AVAILABLE', 'intl'); $setting->state = function_exists('transliterator_transliterate'); $setting->recommended = true; @@ -1197,10 +1178,10 @@ private function getConfiguredDatabaseType() public function isDatabaseTypeSupported() { $updateInformation = $this->getUpdateInformation(); - $nextMajorVersion = Version::MAJOR_VERSION + 1; + $nextMajorVersion = Version::MAJOR_VERSION + 1; // Check if configured database is compatible with Joomla 4 - if (version_compare($updateInformation['latest'], (string) $nextMajorVersion, '>=')) { + if (version_compare($updateInformation['latest'], (string)$nextMajorVersion, '>=')) { $unsupportedDatabaseTypes = array('sqlsrv', 'sqlazure'); $currentDatabaseType = $this->getConfiguredDatabaseType(); @@ -1242,10 +1223,10 @@ private function getTargetMinimumPHPVersion() /** * Checks the availability of the parse_ini_file and parse_ini_string functions. - * @todo: Outsource, build common code base for pre install and pre update check - * * @return boolean True if the method exists. * + * @todo: Outsource, build common code base for pre install and pre update check + * * @since 3.10.0 */ public function getIniParserAvailability() @@ -1330,7 +1311,7 @@ private function getDatabaseSchemaCheck(): bool */ public function getNonCoreExtensions() { - $db = version_compare(JVERSION, '4.2.0', 'lt') ? $this->getDbo() : $this->getDatabase(); + $db = $this->getDatabase(); $query = $db->getQuery(true); $query->select( @@ -1372,15 +1353,15 @@ public function getNonCoreExtensions() /** * Gets an array containing all installed and enabled plugins, that are not core plugins. * - * @param array $folderFilter Limit the list of plugins to a specific set of folder values + * @param array $folderFilter Limit the list of plugins to a specific set of folder values * * @return array name,version,updateserver * * @since 3.10.0 */ - public function getNonCorePlugins($folderFilter = ['system','user','authentication','actionlog','multifactorauth']) + public function getNonCorePlugins($folderFilter = ['system', 'user', 'authentication', 'actionlog', 'multifactorauth']) { - $db = version_compare(JVERSION, '4.2.0', 'lt') ? $this->getDbo() : $this->getDatabase(); + $db = $this->getDatabase(); $query = $db->getQuery(true); $query->select( @@ -1399,8 +1380,7 @@ public function getNonCorePlugins($folderFilter = ['system','user','authenticati )->where( $db->qn('ex.enabled') . ' = 1' )->whereNotIn( - $db->quoteName('ex.extension_id'), - ExtensionHelper::getCoreExtensionIds() + $db->quoteName('ex.extension_id'), ExtensionHelper::getCoreExtensionIds() ); if (count($folderFilter) > 0) { @@ -1432,8 +1412,8 @@ public function getNonCorePlugins($folderFilter = ['system','user','authenticati /** * Called by controller's fetchExtensionCompatibility, which is called via AJAX. * - * @param string $extensionID The ID of the checked extension - * @param string $joomlaTargetVersion Target version of Joomla + * @param string $extensionID The ID of the checked extension + * @param string $joomlaTargetVersion Target version of Joomla * * @return object * @@ -1444,7 +1424,7 @@ public function fetchCompatibility($extensionID, $joomlaTargetVersion) $updateSites = $this->getUpdateSitesInfo($extensionID); if (empty($updateSites)) { - return (object) array('state' => 2); + return (object)array('state' => 2); } foreach ($updateSites as $updateSite) { @@ -1455,24 +1435,24 @@ public function fetchCompatibility($extensionID, $joomlaTargetVersion) $compatibleVersions = $this->checkCompatibility($updateFileUrl, $joomlaTargetVersion); // Return the compatible versions - return (object) array('state' => 1, 'compatibleVersions' => $compatibleVersions); + return (object)array('state' => 1, 'compatibleVersions' => $compatibleVersions); } } else { $compatibleVersions = $this->checkCompatibility($updateSite['location'], $joomlaTargetVersion); // Return the compatible versions - return (object) array('state' => 1, 'compatibleVersions' => $compatibleVersions); + return (object)array('state' => 1, 'compatibleVersions' => $compatibleVersions); } } // In any other case we mark this extension as not compatible - return (object) array('state' => 0); + return (object)array('state' => 0); } /** * Returns records with update sites and extension information for a given extension ID. * - * @param int $extensionID The extension ID + * @param int $extensionID The extension ID * * @return array * @@ -1480,8 +1460,8 @@ public function fetchCompatibility($extensionID, $joomlaTargetVersion) */ private function getUpdateSitesInfo($extensionID) { - $id = (int) $extensionID; - $db = version_compare(JVERSION, '4.2.0', 'lt') ? $this->getDbo() : $this->getDatabase(); + $id = (int)$extensionID; + $db = $this->getDatabase(); $query = $db->getQuery(true); $query->select( @@ -1519,8 +1499,8 @@ private function getUpdateSitesInfo($extensionID) /** * Method to get details URLs from a collection update site for given extension and Joomla target version. * - * @param array $updateSiteInfo The update site and extension information record to process - * @param string $joomlaTargetVersion The Joomla! version to test against, + * @param array $updateSiteInfo The update site and extension information record to process + * @param string $joomlaTargetVersion The Joomla! version to test against, * * @return array An array of URLs. * @@ -1530,7 +1510,7 @@ private function getCollectionDetailsUrls($updateSiteInfo, $joomlaTargetVersion) { $return = array(); - $http = new Http(); + $http = new Http; try { $response = $http->get($updateSiteInfo['location']); @@ -1545,24 +1525,22 @@ private function getCollectionDetailsUrls($updateSiteInfo, $joomlaTargetVersion) $updateSiteXML = simplexml_load_string($response->body); foreach ($updateSiteXML->extension as $extension) { - $attribs = new \stdClass(); + $attribs = new \stdClass; - $attribs->element = ''; - $attribs->type = ''; - $attribs->folder = ''; + $attribs->element = ''; + $attribs->type = ''; + $attribs->folder = ''; $attribs->targetplatformversion = ''; foreach ($extension->attributes() as $key => $value) { - $attribs->$key = (string) $value; + $attribs->$key = (string)$value; } - if ( - $attribs->element === $updateSiteInfo['ext_element'] + if ($attribs->element === $updateSiteInfo['ext_element'] && $attribs->type === $updateSiteInfo['ext_type'] && $attribs->folder === $updateSiteInfo['ext_folder'] - && preg_match('/^' . $attribs->targetplatformversion . '/', $joomlaTargetVersion) - ) { - $return[] = (string) $extension['detailsurl']; + && preg_match('/^' . $attribs->targetplatformversion . '/', $joomlaTargetVersion)) { + $return[] = (string)$extension['detailsurl']; } } @@ -1572,8 +1550,8 @@ private function getCollectionDetailsUrls($updateSiteInfo, $joomlaTargetVersion) /** * Method to check non core extensions for compatibility. * - * @param string $updateFileUrl The items update XML url. - * @param string $joomlaTargetVersion The Joomla! version to test against + * @param string $updateFileUrl The items update XML url. + * @param string $joomlaTargetVersion The Joomla! version to test against * * @return array An array of strings with compatible version numbers * @@ -1583,7 +1561,7 @@ private function checkCompatibility($updateFileUrl, $joomlaTargetVersion) { $minimumStability = ComponentHelper::getParams('com_installer')->get('minimum_stability', Updater::STABILITY_STABLE); - $update = new Update(); + $update = new Update; $update->set('jversion.full', $joomlaTargetVersion); $update->loadFromXml($updateFileUrl, $minimumStability); @@ -1605,7 +1583,7 @@ private function checkCompatibility($updateFileUrl, $joomlaTargetVersion) /** * Translates an extension name * - * @param object &$item The extension of which the name needs to be translated + * @param object &$item The extension of which the name needs to be translated * * @return void * @@ -1656,7 +1634,7 @@ protected function translateExtensionName(&$item) /** * Checks whether a given template is active * - * @param string $template The template name to be checked + * @param string $template The template name to be checked * * @return boolean * @@ -1664,7 +1642,7 @@ protected function translateExtensionName(&$item) */ public function isTemplateActive($template) { - $db = version_compare(JVERSION, '4.2.0', 'lt') ? $this->getDbo() : $this->getDatabase(); + $db = $this->getDatabase(); $query = $db->getQuery(true); $query->select( @@ -1701,8 +1679,7 @@ function ($value) { )->from( $db->qn('#__menu') )->whereIn( - $db->qn('template_style_id'), - $ids + $db->qn('template_style_id'), $ids ); $menu = $db->setQuery($query)->loadResult() > 0; diff --git a/libraries/src/TUF/DatabaseStorage.php b/libraries/src/TUF/DatabaseStorage.php index 8024a34176b..67c9cad2168 100644 --- a/libraries/src/TUF/DatabaseStorage.php +++ b/libraries/src/TUF/DatabaseStorage.php @@ -1,5 +1,4 @@ getHttp([], 'curl'); @@ -101,8 +101,8 @@ public static function createFromUri( /** * Fetches a metadata file from the remote repo. * - * @param string $fileName The name of the metadata file to fetch. - * @param integer $maxBytes The maximum number of bytes to download. + * @param string $fileName The name of the metadata file to fetch. + * @param integer $maxBytes The maximum number of bytes to download. * * @return \GuzzleHttp\Promise\PromiseInterface A promise wrapping a StreamInterface instanfe */ @@ -114,10 +114,10 @@ public function fetchMetadata(string $fileName, int $maxBytes): PromiseInterface /** * Fetches a target file from the remote repo. * - * @param string $fileName The name of the target to fetch. - * @param integer $maxBytes The maximum number of bytes to download. - * @param array $options (optional) Additional request options to pass to the http client - * @param string $url An arbitrary URL from which the target should be downloaded. + * @param string $fileName The name of the target to fetch. + * @param integer $maxBytes The maximum number of bytes to download. + * @param array $options (optional) Additional request options to pass to the http client + * @param string $url An arbitrary URL from which the target should be downloaded. * * @return PromiseInterface * @@ -125,10 +125,11 @@ public function fetchMetadata(string $fileName, int $maxBytes): PromiseInterface */ public function fetchTarget( string $fileName, - int $maxBytes, - array $options = [], + int $maxBytes, + array $options = [], string $url = null - ): PromiseInterface { + ): PromiseInterface + { $location = $url ?: $this->baseUri . $this->targetsPrefix . $fileName; return $this->fetchFile($location, $maxBytes, $options); @@ -137,9 +138,9 @@ public function fetchTarget( /** * Fetches a file from a URL. * - * @param string $url The URL of the file to fetch. - * @param integer $maxBytes The maximum number of bytes to download. - * @param array $options Additional request options to pass to the http client + * @param string $url The URL of the file to fetch. + * @param integer $maxBytes The maximum number of bytes to download. + * @param array $options Additional request options to pass to the http client * * @return PromiseInterface A promise representing the eventual result of the operation. * @@ -170,8 +171,8 @@ protected function fetchFile(string $url, int $maxBytes, array $options = []): P /** * Gets a file if it exists in the remote repo. * - * @param string $fileName The file name to fetch. - * @param integer $maxBytes The maximum number of bytes to download. + * @param string $fileName The file name to fetch. + * @param integer $maxBytes The maximum number of bytes to download. * * @return string|null The contents of the file or null if it does not exist. */ diff --git a/libraries/src/TUF/TufValidation.php b/libraries/src/TUF/TufValidation.php index 27a190d63e4..c5d76550f08 100644 --- a/libraries/src/TUF/TufValidation.php +++ b/libraries/src/TUF/TufValidation.php @@ -1,5 +1,4 @@ setDefaults( [ - 'url_prefix' => 'https://raw.githubusercontent.com', - 'metadata_path' => '/joomla/updates/test/repository/', - 'targets_path' => '/targets/', + 'url_prefix' => '', + 'metadata_path' => '', + 'targets_path' => '', 'mirrors' => [], ] ) diff --git a/libraries/src/Table/Update.php b/libraries/src/Table/Update.php index 22a2994d21c..91774f038b1 100644 --- a/libraries/src/Table/Update.php +++ b/libraries/src/Table/Update.php @@ -1,5 +1,4 @@ stack[] = $name; - $tag = $this->_getStackLocation(); + $tag = $this->_getStackLocation(); // Reset the data if (isset($this->$tag)) { @@ -183,8 +183,8 @@ public function _startElement($parser, $name, $attrs = array()) * Closing an XML element * Note: This is a protected function though has to be exposed externally as a callback * - * @param object $parser Parser object - * @param string $name Name of the element closing + * @param object $parser Parser object + * @param string $name Name of the element closing * * @return void * @@ -205,7 +205,7 @@ protected function _endElement($parser, $name) /** * Finds an update * - * @param array $options Options to use: update_site_id: the unique ID of the update site to look at + * @param array $options Options to use: update_site_id: the unique ID of the update site to look at * * @return array|boolean Update_sites and updates discovered. False on failure * diff --git a/libraries/src/Updater/Adapter/TufAdapter.php b/libraries/src/Updater/Adapter/TufAdapter.php index 446210acc12..0bcc1a62057 100644 --- a/libraries/src/Updater/Adapter/TufAdapter.php +++ b/libraries/src/Updater/Adapter/TufAdapter.php @@ -31,17 +31,17 @@ class TufAdapter extends UpdateAdapter * @var array */ private $clientId = [ - 'site' => 0, + 'site' => 0, 'administrator' => 1, - 'installation' => 2, - 'api' => 3, - 'cli' => 4 + 'installation' => 2, + 'api' => 3, + 'cli' => 4 ]; /** * Finds an update. * - * @param array $options Update options. + * @param array $options Update options. * * @return array|boolean Array containing the array of update sites and array of updates. False on failure * @@ -69,7 +69,7 @@ public function findUpdate($options) /** * Finds targets. * - * @param array $options Update options. + * @param array $options Update options. * * @return array|boolean Array containing the array of update sites and array of updates. False on failure * @@ -102,15 +102,42 @@ public function getUpdateTargets($options) // Do nothing } - $params = [ - 'url_prefix' => 'https://raw.githubusercontent.com', - 'metadata_path' => '/joomla/updates/test/repository/', - 'targets_path' => '/targets/', - 'mirrors' => [] - ]; + // Get params for TufValidation + $query = $db->getQuery(true) + ->select($db->quoteName('location')) + ->from($db->quoteName('#__update_sites')) + ->where($db->quoteName('update_site_id') . ' = :id') + ->bind(':id', $options['update_site_id'], ParameterType::INTEGER); + $db->setQuery($query); + + try { + $params_string = $db->loadResult(); + $params_mirrors = explode('|', $params_string); + $params = [ + 'url_prefix' => '', + 'metadata_path' => '', + 'targets_path' => '', + 'mirrors' => [] + ]; + for ($i = 0; $i < count($params_mirrors); $i++) { + if ($i == 0) { + $params['url_prefix'] = $params_mirrors[$i]; + } else { + $mirror = [ + 'url_prefix' => $params_mirrors[$i], + 'metadata_path' => '', + 'targets_path' => '', + 'confined_target_dirs' => [] + ]; + array_push($params['mirrors'], $mirror); + } + } + } catch (\RuntimeException $e) { + // Do nothing + } $TufValidation = new TufValidation($extension_id, $params); - $metaData = $TufValidation->getValidUpdate(); + $metaData = $TufValidation->getValidUpdate(); $metaData = json_decode($metaData); @@ -141,6 +168,13 @@ public function getUpdateTargets($options) continue; } + $values['data'] = [ + 'downloads' => $values['downloads'], + 'targetplatform' => $values['targetplatform'], + 'supported_databases' => $values['supported_databases'], + 'hashes' => $target->hashes + ]; + $versions[$values['version']] = $values; } @@ -151,7 +185,7 @@ public function getUpdateTargets($options) $checker = new ConstraintChecker(); foreach ($versions as $version) { - if ($checker->check((array) $version)) { + if ($checker->check((array)$version)) { return array($version); } } @@ -163,7 +197,7 @@ public function getUpdateTargets($options) /** * Configures default values or pass arguments to params * - * @param OptionsResolver $resolver The OptionsResolver for the params + * @param OptionsResolver $resolver The OptionsResolver for the params * * @return void * @@ -173,20 +207,20 @@ protected function configureUpdateOptions(OptionsResolver $resolver) { $resolver->setDefaults( [ - 'name' => null, - 'description' => '', - 'element' => '', - 'type' => null, - 'client' => 1, - 'version' => "1", - 'data' => '', - 'detailsurl' => '', - 'infourl' => '', - 'downloads' => [], - 'targetplatform' => new \StdClass(), - 'php_minimum' => null, + 'name' => null, + 'description' => '', + 'element' => '', + 'type' => null, + 'client' => 0, + 'version' => "1", + 'data' => '', + 'detailsurl' => '', + 'infourl' => '', + 'downloads' => [], + 'targetplatform' => new \StdClass(), + 'php_minimum' => null, 'supported_databases' => new \StdClass(), - 'stability' => '' + 'stability' => '' ] ) ->setAllowedTypes('version', 'string') diff --git a/libraries/src/Updater/ConstraintChecker.php b/libraries/src/Updater/ConstraintChecker.php index 0c62279a44b..fbf95eb8b5a 100644 --- a/libraries/src/Updater/ConstraintChecker.php +++ b/libraries/src/Updater/ConstraintChecker.php @@ -27,7 +27,7 @@ class ConstraintChecker /** * Checks whether the passed constraints are matched * - * @param array $constraints The provided constraints to be checked + * @param array $constraints The provided constraints to be checked * * @return boolean * @@ -75,7 +75,7 @@ public function check(array $constraints) /** * Check the targetPlatform * - * @param object $targetPlatform + * @param object $targetPlatform * * @return boolean * @@ -100,7 +100,7 @@ protected function checkTargetplatform(\stdClass $targetPlatform) /** * Check the minimum PHP version * - * @param string $phpMinimum The minimum php version to check + * @param string $phpMinimum The minimum php version to check * * @return boolean * @@ -115,7 +115,7 @@ protected function checkPhpMinimum(string $phpMinimum) /** * Check the supported databases and versions * - * @param object $supportedDatabases stdClass of supported databases and versions + * @param object $supportedDatabases stdClass of supported databases and versions * * @return boolean * @@ -123,8 +123,8 @@ protected function checkPhpMinimum(string $phpMinimum) */ protected function checkSupportedDatabases(\stdClass $supportedDatabases) { - $db = Factory::getDbo(); - $dbType = strtolower($db->getServerType()); + $db = Factory::getDbo(); + $dbType = strtolower($db->getServerType()); $dbVersion = $db->getVersion(); // MySQL and MariaDB use the same database driver but not the same version numbers @@ -133,7 +133,7 @@ protected function checkSupportedDatabases(\stdClass $supportedDatabases) if (stripos($dbVersion, 'mariadb') !== false) { // MariaDB: Strip off any leading '5.5.5-', if present $dbVersion = preg_replace('/^5\.5\.5-/', '', $dbVersion); - $dbType = 'mariadb'; + $dbType = 'mariadb'; } } @@ -150,7 +150,7 @@ protected function checkSupportedDatabases(\stdClass $supportedDatabases) /** * Check the stability * - * @param string $stability Stability to check + * @param string $stability Stability to check * * @return boolean * @@ -173,7 +173,7 @@ protected function checkStability(string $stability) * Converts a tag to numeric stability representation. If the tag doesn't represent a known stability level (one of * dev, alpha, beta, rc, stable) it is ignored. * - * @param string $tag The tag string, e.g. dev, alpha, beta, rc, stable + * @param string $tag The tag string, e.g. dev, alpha, beta, rc, stable * * @return integer * diff --git a/libraries/src/Updater/Update/AbstractUpdate.php b/libraries/src/Updater/Update/AbstractUpdate.php new file mode 100644 index 00000000000..0b93c1d5d19 --- /dev/null +++ b/libraries/src/Updater/Update/AbstractUpdate.php @@ -0,0 +1,193 @@ + + * @license GNU General Public License version 2 or later; see LICENSE.txt + */ + +namespace Joomla\CMS\Updater\Update; + +use Joomla\CMS\Object\CMSObject; +use Joomla\CMS\Updater\DownloadSource; +use Joomla\CMS\Updater\Updater; + +\defined('JPATH_PLATFORM') or die; + +abstract class AbstractUpdate extends CMSObject implements UpdateInterface +{ + /** + * Update manifest `` element + * + * @var string + * @since 1.7.0 + */ + public $name; + + /** + * Update manifest `` element + * + * @var string + * @since 1.7.0 + */ + protected $description; + + /** + * Update manifest `` element + * + * @var string + * @since 1.7.0 + */ + protected $element; + + /** + * Update manifest `` element + * + * @var string + * @since 1.7.0 + */ + protected $type; + + /** + * Update manifest `` element + * + * @var string + * @since 1.7.0 + */ + protected $version; + + /** + * Update manifest `` element + * + * @var string + * @since 1.7.0 + */ + protected $infourl; + + /** + * Update manifest `` element + * + * @var string + * @since 1.7.0 + */ + protected $client; + + /** + * Update manifest `` element + * + * @var string + * @since 1.7.0 + */ + protected $group; + + /** + * Update manifest `` element + * + * @var string + * @since 1.7.0 + */ + protected $downloads; + + /** + * Update manifest `` elements + * + * @var DownloadSource[] + * @since 3.8.3 + */ + protected $downloadSources = array(); + + /** + * Update manifest `` element + * + * @var string + * @since 1.7.0 + */ + protected $tags; + + /** + * Update manifest `` element + * + * @var string + * @since 1.7.0 + */ + protected $maintainer; + + /** + * Update manifest `` element + * + * @var string + * @since 1.7.0 + */ + protected $maintainerurl; + + /** + * Update manifest `` element + * + * @var string + * @since 1.7.0 + */ + protected $category; + + /** + * Update manifest `` element + * + * @var string + * @since 1.7.0 + */ + protected $relationships; + + /** + * Update manifest `` element + * + * @var string + * @since 1.7.0 + */ + protected $targetplatform; + + /** + * Extra query for download URLs + * + * @var string + * @since 3.2.0 + */ + protected $extra_query; + + /** + * Object containing the current update data + * + * @var \stdClass + * @since 3.0.0 + */ + protected $currentUpdate; + + /** + * Object containing the latest update data + * + * @var \stdClass + * @since 3.0.0 + */ + protected $latest; + + /** + * The minimum stability required for updates to be taken into account. The possible values are: + * 0 dev Development snapshots, nightly builds, pre-release versions and so on + * 1 alpha Alpha versions (work in progress, things are likely to be broken) + * 2 beta Beta versions (major functionality in place, show-stopper bugs are likely to be present) + * 3 rc Release Candidate versions (almost stable, minor bugs might be present) + * 4 stable Stable versions (production quality code) + * + * @var integer + * @since 14.1 + * + * @see Updater + */ + protected $minimum_stability = Updater::STABILITY_STABLE; + + /** + * Array with compatible versions used by the pre-update check + * + * @var array + * @since 3.10.2 + */ + protected $compatibleVersions = array(); +} diff --git a/libraries/src/Updater/Update/DataUpdate.php b/libraries/src/Updater/Update/DataUpdate.php new file mode 100644 index 00000000000..64dea6792bb --- /dev/null +++ b/libraries/src/Updater/Update/DataUpdate.php @@ -0,0 +1,96 @@ + + * @license GNU General Public License version 2 or later; see LICENSE.txt + */ + +namespace Joomla\CMS\Updater\Update; + +\defined('JPATH_PLATFORM') or die; + +use Joomla\CMS\Factory; +use Joomla\CMS\Filter\InputFilter; +use Joomla\CMS\Http\HttpFactory; +use Joomla\CMS\Language\Text; +use Joomla\CMS\Log\Log; +use Joomla\CMS\Updater\DownloadSource; +use Joomla\CMS\Updater\Updater; +use Joomla\CMS\Version; +use Joomla\Registry\Registry; + +/** + * Update class. It is used by Updater::update() to install an update. Use Updater::findUpdates() to find updates for + * an extension. + * + * @since 1.7.0 + */ +class DataUpdate extends AbstractUpdate +{ + /** + * Object for holding for data + * + * @var resource + * @since 3.0.0 + */ + protected $data; + + /** + * Loads an XML file from a URL. + * + * @param mixed $updateObject The object of the update containing all information. + * @param int $minimumStability The minimum stability required for updating the extension {@see Updater} + * + * @return boolean True on success + * + * @since 1.7.0 + */ + public function loadFromData($updateObject, $minimumStability = Updater::STABILITY_STABLE) + { + foreach ($updateObject as $key => $data) { + $this->$key = $updateObject->$key; + } + + $dataJson = json_decode($updateObject->data); + $this->targetplatform = $dataJson->targetplatform; + + foreach ($dataJson->downloads as $download) { + $source = new DownloadSource; + foreach ($download as $key => $data) { + $key = strtolower($key); + $source->$key = $data; + } + $this->downloadSources[] = $source; + } + + $this->currentUpdate = new \stdClass(); + $this->downloadurl = new \stdClass(); + $this->downloadurl->_data = $this->downloadSources[0]->url; + $this->downloadurl->format = $this->downloadSources[0]->format; + $this->downloadurl->type = $this->downloadSources[0]->type; + + return true; + } + + /** + * Converts a tag to numeric stability representation. If the tag doesn't represent a known stability level (one of + * dev, alpha, beta, rc, stable) it is ignored. + * + * @param string $tag The tag string, e.g. dev, alpha, beta, rc, stable + * + * @return integer + * + * @since 3.4 + */ + protected function stabilityTagToInteger($tag) + { + $constant = '\\Joomla\\CMS\\Updater\\Updater::STABILITY_' . strtoupper($tag); + + if (\defined($constant)) { + return \constant($constant); + } + + return Updater::STABILITY_STABLE; + } +} diff --git a/libraries/src/Updater/Update/UpdateInterface.php b/libraries/src/Updater/Update/UpdateInterface.php new file mode 100644 index 00000000000..38d654dbae8 --- /dev/null +++ b/libraries/src/Updater/Update/UpdateInterface.php @@ -0,0 +1,16 @@ + + * @license GNU General Public License version 2 or later; see LICENSE.txt + */ + +namespace Joomla\CMS\Updater\Update; + +\defined('JPATH_PLATFORM') or die; + +interface UpdateInterface +{ + +} diff --git a/libraries/src/Updater/Update.php b/libraries/src/Updater/Update/XmlUpdate.php similarity index 71% rename from libraries/src/Updater/Update.php rename to libraries/src/Updater/Update/XmlUpdate.php index c2999b1bb1e..e4e1ea6eacb 100644 --- a/libraries/src/Updater/Update.php +++ b/libraries/src/Updater/Update/XmlUpdate.php @@ -1,20 +1,20 @@ + * @copyright (C) 2022 Open Source Matters, Inc. * @license GNU General Public License version 2 or later; see LICENSE.txt */ -namespace Joomla\CMS\Updater; +namespace Joomla\CMS\Updater\Update; use Joomla\CMS\Factory; use Joomla\CMS\Filter\InputFilter; use Joomla\CMS\Http\HttpFactory; use Joomla\CMS\Language\Text; use Joomla\CMS\Log\Log; -use Joomla\CMS\Object\CMSObject; +use Joomla\CMS\Updater\DownloadSource; +use Joomla\CMS\Updater\Updater; use Joomla\CMS\Version; use Joomla\Registry\Registry; @@ -28,144 +28,8 @@ * * @since 1.7.0 */ -class Update extends CMSObject +class XmlUpdate extends AbstractUpdate { - /** - * Update manifest `` element - * - * @var string - * @since 1.7.0 - */ - protected $name; - - /** - * Update manifest `` element - * - * @var string - * @since 1.7.0 - */ - protected $description; - - /** - * Update manifest `` element - * - * @var string - * @since 1.7.0 - */ - protected $element; - - /** - * Update manifest `` element - * - * @var string - * @since 1.7.0 - */ - protected $type; - - /** - * Update manifest `` element - * - * @var string - * @since 1.7.0 - */ - protected $version; - - /** - * Update manifest `` element - * - * @var string - * @since 1.7.0 - */ - protected $infourl; - - /** - * Update manifest `` element - * - * @var string - * @since 1.7.0 - */ - protected $client; - - /** - * Update manifest `` element - * - * @var string - * @since 1.7.0 - */ - protected $group; - - /** - * Update manifest `` element - * - * @var string - * @since 1.7.0 - */ - protected $downloads; - - /** - * Update manifest `` elements - * - * @var DownloadSource[] - * @since 3.8.3 - */ - protected $downloadSources = array(); - - /** - * Update manifest `` element - * - * @var string - * @since 1.7.0 - */ - protected $tags; - - /** - * Update manifest `` element - * - * @var string - * @since 1.7.0 - */ - protected $maintainer; - - /** - * Update manifest `` element - * - * @var string - * @since 1.7.0 - */ - protected $maintainerurl; - - /** - * Update manifest `` element - * - * @var string - * @since 1.7.0 - */ - protected $category; - - /** - * Update manifest `` element - * - * @var string - * @since 1.7.0 - */ - protected $relationships; - - /** - * Update manifest `` element - * - * @var string - * @since 1.7.0 - */ - protected $targetplatform; - - /** - * Extra query for download URLs - * - * @var string - * @since 3.2.0 - */ - protected $extra_query; - /** * Resource handle for the XML Parser * @@ -256,9 +120,9 @@ protected function _getLastTag() /** * XML Start Element callback * - * @param object $parser Parser object - * @param string $name Name of the tag found - * @param array $attrs Attributes of the tag + * @param object $parser Parser object + * @param string $name Name of the tag found + * @param array $attrs Attributes of the tag * * @return void * @@ -268,7 +132,7 @@ protected function _getLastTag() public function _startElement($parser, $name, $attrs = array()) { $this->stack[] = $name; - $tag = $this->_getStackLocation(); + $tag = $this->_getStackLocation(); // Reset the data if (isset($this->$tag)) { @@ -278,12 +142,12 @@ public function _startElement($parser, $name, $attrs = array()) switch ($name) { // This is a new update; create a current update case 'UPDATE': - $this->currentUpdate = new \stdClass(); + $this->currentUpdate = new \stdClass; break; // Handle the array of download sources case 'DOWNLOADSOURCE': - $source = new DownloadSource(); + $source = new DownloadSource; foreach ($attrs as $key => $data) { $key = strtolower($key); @@ -303,7 +167,7 @@ public function _startElement($parser, $name, $attrs = array()) $name = strtolower($name); if (!isset($this->currentUpdate->$name)) { - $this->currentUpdate->$name = new \stdClass(); + $this->currentUpdate->$name = new \stdClass; } $this->currentUpdate->$name->_data = ''; @@ -319,8 +183,8 @@ public function _startElement($parser, $name, $attrs = array()) /** * Callback for closing the element * - * @param object $parser Parser object - * @param string $name Name of element that was closed + * @param object $parser Parser object + * @param string $name Name of element that was closed * * @return void * @@ -337,11 +201,9 @@ public function _endElement($parser, $name) $product = strtolower(InputFilter::getInstance()->clean(Version::PRODUCT, 'cmd')); // Check that the product matches and that the version matches (optionally a regexp) - if ( - isset($this->currentUpdate->targetplatform->name) + if (isset($this->currentUpdate->targetplatform->name) && $product == $this->currentUpdate->targetplatform->name - && preg_match('/^' . $this->currentUpdate->targetplatform->version . '/', $this->get('jversion.full', JVERSION)) - ) { + && preg_match('/^' . $this->currentUpdate->targetplatform->version . '/', $this->get('jversion.full', JVERSION))) { $phpMatch = false; // Check if PHP version supported via tag, assume true if tag isn't present @@ -353,9 +215,9 @@ public function _endElement($parser, $name) // Check if DB & version is supported via tag, assume supported if tag isn't present if (isset($this->currentUpdate->supported_databases)) { - $db = Factory::getDbo(); - $dbType = strtolower($db->getServerType()); - $dbVersion = $db->getVersion(); + $db = Factory::getDbo(); + $dbType = strtolower($db->getServerType()); + $dbVersion = $db->getVersion(); $supportedDbs = $this->currentUpdate->supported_databases; // MySQL and MariaDB use the same database driver but not the same version numbers @@ -364,14 +226,14 @@ public function _endElement($parser, $name) if (stripos($dbVersion, 'mariadb') !== false) { // MariaDB: Strip off any leading '5.5.5-', if present $dbVersion = preg_replace('/^5\.5\.5-/', '', $dbVersion); - $dbType = 'mariadb'; + $dbType = 'mariadb'; } } // Do we have an entry for the database? if (isset($supportedDbs->$dbType)) { $minimumVersion = $supportedDbs->$dbType; - $dbMatch = version_compare($dbVersion, $minimumVersion, '>='); + $dbMatch = version_compare($dbVersion, $minimumVersion, '>='); } } else { // Set to true if the tag is not set @@ -390,10 +252,8 @@ public function _endElement($parser, $name) $this->compatibleVersions[] = $this->currentUpdate->version->_data; } - if ( - !isset($this->latest) - || version_compare($this->currentUpdate->version->_data, $this->latest->version->_data, '>') - ) { + if (!isset($this->latest) + || version_compare($this->currentUpdate->version->_data, $this->latest->version->_data, '>')) { $this->latest = $this->currentUpdate; } } @@ -419,8 +279,8 @@ public function _endElement($parser, $name) /** * Character Parser Function * - * @param object $parser Parser object. - * @param object $data The data. + * @param object $parser Parser object. + * @param object $data The data. * * @return void * @@ -435,7 +295,7 @@ public function _characterData($parser, $data) $tag = strtolower($tag); if ($tag === 'tag') { - $this->currentUpdate->stability = $this->stabilityTagToInteger((string) $data); + $this->currentUpdate->stability = $this->stabilityTagToInteger((string)$data); return; } @@ -456,8 +316,8 @@ public function _characterData($parser, $data) /** * Loads an XML file from a URL. * - * @param string $url The URL. - * @param int $minimumStability The minimum stability required for updating the extension {@see Updater} + * @param string $url The URL. + * @param int $minimumStability The minimum stability required for updating the extension {@see Updater} * * @return boolean True on success * @@ -465,8 +325,8 @@ public function _characterData($parser, $data) */ public function loadFromXml($url, $minimumStability = Updater::STABILITY_STABLE) { - $version = new Version(); - $httpOption = new Registry(); + $version = new Version; + $httpOption = new Registry; $httpOption->set('userAgent', $version->getUserAgent('Joomla', true, false)); try { @@ -493,12 +353,10 @@ public function loadFromXml($url, $minimumStability = Updater::STABILITY_STABLE) if (!xml_parse($this->xmlParser, $response->body)) { Log::add( sprintf( - 'XML error: %s at line %d', - xml_error_string(xml_get_error_code($this->xmlParser)), + 'XML error: %s at line %d', xml_error_string(xml_get_error_code($this->xmlParser)), xml_get_current_line_number($this->xmlParser) ), - Log::WARNING, - 'updater' + Log::WARNING, 'updater' ); return false; @@ -513,7 +371,7 @@ public function loadFromXml($url, $minimumStability = Updater::STABILITY_STABLE) * Converts a tag to numeric stability representation. If the tag doesn't represent a known stability level (one of * dev, alpha, beta, rc, stable) it is ignored. * - * @param string $tag The tag string, e.g. dev, alpha, beta, rc, stable + * @param string $tag The tag string, e.g. dev, alpha, beta, rc, stable * * @return integer * diff --git a/libraries/src/Updater/UpdateAdapter.php b/libraries/src/Updater/UpdateAdapter.php index 310e0ba88b6..a5db109b95e 100644 --- a/libraries/src/Updater/UpdateAdapter.php +++ b/libraries/src/Updater/UpdateAdapter.php @@ -124,7 +124,7 @@ protected function _getLastTag() /** * Finds an update * - * @param array $options Options to use: update_site_id: the unique ID of the update site to look at + * @param array $options Options to use: update_site_id: the unique ID of the update site to look at * * @return array Update_sites and updates discovered * @@ -137,15 +137,15 @@ abstract public function findUpdate($options); * from their URL and enabled afterwards. If the URL fetch fails with a PHP fatal error (e.g. timeout) the faulty * update site will remain disabled the next time we attempt to load the update information. * - * @param int $updateSiteId The numeric ID of the update site to enable/disable - * @param bool $enabled Enable the site when true, disable it when false + * @param int $updateSiteId The numeric ID of the update site to enable/disable + * @param bool $enabled Enable the site when true, disable it when false * * @return void */ protected function toggleUpdateSite($updateSiteId, $enabled = true) { - $updateSiteId = (int) $updateSiteId; - $enabled = (bool) $enabled ? 1 : 0; + $updateSiteId = (int)$updateSiteId; + $enabled = (bool)$enabled ? 1 : 0; if (empty($updateSiteId)) { return; @@ -170,13 +170,13 @@ protected function toggleUpdateSite($updateSiteId, $enabled = true) /** * Get the name of an update site. This is used in logging. * - * @param int $updateSiteId The numeric ID of the update site + * @param int $updateSiteId The numeric ID of the update site * * @return string The name of the update site or an empty string if it's not found */ protected function getUpdateSiteName($updateSiteId) { - $updateSiteId = (int) $updateSiteId; + $updateSiteId = (int)$updateSiteId; if (empty($updateSiteId)) { return ''; @@ -204,7 +204,7 @@ protected function getUpdateSiteName($updateSiteId) /** * Try to get the raw HTTP response from the update site, hopefully containing the update XML. * - * @param array $options The update options, see findUpdate() in children classes + * @param array $options The update options, see findUpdate() in children classes * * @return \Joomla\CMS\Http\Response|bool False if we can't connect to the site, HTTP Response object otherwise * @@ -220,7 +220,7 @@ protected function getUpdateSiteResponse($options = array()) $options['update_site_name'] = $this->getUpdateSiteName($this->updateSiteId); } - $this->updateSiteName = $options['update_site_name']; + $this->updateSiteName = $options['update_site_name']; $this->appendExtension = false; if (\array_key_exists('append_extension', $options)) { @@ -241,7 +241,7 @@ protected function getUpdateSiteResponse($options = array()) $startTime = microtime(true); - $version = new Version(); + $version = new Version(); $httpOption = new Registry(); $httpOption->set('userAgent', $version->getUserAgent('Joomla', true, false)); @@ -257,7 +257,7 @@ protected function getUpdateSiteResponse($options = array()) $this->toggleUpdateSite($this->updateSiteId, true); // Log the time it took to load this update site's information - $endTime = microtime(true); + $endTime = microtime(true); $timeToLoad = sprintf('%0.2f', $endTime - $startTime); Log::add( "Loading information from update site #{$this->updateSiteId} with name " . diff --git a/libraries/src/Updater/Updater.php b/libraries/src/Updater/Updater.php index 613dbcfc36d..680e96aebcb 100644 --- a/libraries/src/Updater/Updater.php +++ b/libraries/src/Updater/Updater.php @@ -76,9 +76,9 @@ class Updater extends Adapter /** * Constructor * - * @param string $basepath Base Path of the adapters - * @param string $classprefix Class prefix of adapters - * @param string $adapterfolder Name of folder to append to base path + * @param string $basepath Base Path of the adapters + * @param string $classprefix Class prefix of adapters + * @param string $adapterfolder Name of folder to append to base path * * @since 3.1 */ @@ -107,13 +107,13 @@ public static function getInstance() /** * Finds the update for an extension. Any discovered updates are stored in the #__updates table. * - * @param int|array $eid Extension Identifier or list of Extension Identifiers; if zero use all + * @param int|array $eid Extension Identifier or list of Extension Identifiers; if zero use all * sites - * @param integer $cacheTimeout How many seconds to cache update information; if zero, force reload the + * @param integer $cacheTimeout How many seconds to cache update information; if zero, force reload the * update information - * @param integer $minimumStability Minimum stability for the updates; 0=dev, 1=alpha, 2=beta, 3=rc, + * @param integer $minimumStability Minimum stability for the updates; 0=dev, 1=alpha, 2=beta, 3=rc, * 4=stable - * @param boolean $includeCurrent Should I include the current version in the results? + * @param boolean $includeCurrent Should I include the current version in the results? * * @return boolean True if there are updates * @@ -129,8 +129,8 @@ public function findUpdates($eid = 0, $cacheTimeout = 0, $minimumStability = sel return $retval; } - $now = time(); - $earliestTime = $now - $cacheTimeout; + $now = time(); + $earliestTime = $now - $cacheTimeout; $sitesWithUpdates = array(); if ($cacheTimeout > 0) { @@ -185,7 +185,7 @@ public function findUpdates($eid = 0, $cacheTimeout = 0, $minimumStability = sel * Returns the update site records for an extension with ID $eid. If $eid is zero all enabled update sites records * will be returned. * - * @param int $eid The extension ID to fetch. + * @param int $eid The extension ID to fetch. * * @return array * @@ -193,7 +193,7 @@ public function findUpdates($eid = 0, $cacheTimeout = 0, $minimumStability = sel */ private function getUpdateSites($eid = 0) { - $db = $this->getDbo(); + $db = $this->getDbo(); $query = $db->getQuery(true); $query->select( @@ -217,7 +217,7 @@ private function getUpdateSites($eid = 0) if (\is_array($eid)) { $query->whereIn($db->quoteName('b.extension_id'), $eid); - } elseif ($eid = (int) $eid) { + } elseif ($eid = (int)$eid) { $query->where($db->quoteName('b.extension_id') . ' = :eid') ->bind(':eid', $eid, ParameterType::INTEGER); } @@ -237,9 +237,9 @@ private function getUpdateSites($eid = 0) /** * Loads the contents of an update site record $updateSite and returns the update objects * - * @param array $updateSite The update site record to process - * @param int $minimumStability Minimum stability for the returned update records - * @param bool $includeCurrent Should I also include the current version? + * @param array $updateSite The update site record to process + * @param int $minimumStability Minimum stability for the returned update records + * @param bool $includeCurrent Should I also include the current version? * * @return array The update records. Empty array if no updates are found. * @@ -260,7 +260,7 @@ private function getUpdateObjectsForSite($updateSite, $minimumStability = self:: // Get the update information from the remote update XML document /** @var UpdateAdapter $adapter */ - $adapter = $this->_adapters[ $updateSite['type']]; + $adapter = $this->_adapters[$updateSite['type']]; $update_result = $adapter->findUpdate($updateSite); // Version comparison operator. @@ -270,11 +270,11 @@ private function getUpdateObjectsForSite($updateSite, $minimumStability = self:: // If we have additional update sites in the remote (collection) update XML document, parse them if (\array_key_exists('update_sites', $update_result) && \count($update_result['update_sites'])) { $thisUrl = trim($updateSite['location']); - $thisId = (int) $updateSite['update_site_id']; + $thisId = (int)$updateSite['update_site_id']; foreach ($update_result['update_sites'] as $extraUpdateSite) { $extraUrl = trim($extraUpdateSite['location']); - $extraId = (int) $extraUpdateSite['update_site_id']; + $extraId = (int)$extraUpdateSite['update_site_id']; // Do not try to fetch the same update site twice if (($thisId == $extraId) || ($thisUrl == $extraUrl)) { @@ -303,20 +303,20 @@ private function getUpdateObjectsForSite($updateSite, $minimumStability = self:: $uid = $update ->find( array( - 'element' => $current_update->get('element'), - 'type' => $current_update->get('type'), + 'element' => $current_update->get('element'), + 'type' => $current_update->get('type'), 'client_id' => $current_update->get('client_id'), - 'folder' => $current_update->get('folder'), + 'folder' => $current_update->get('folder'), ) ); $eid = $extension ->find( array( - 'element' => $current_update->get('element'), - 'type' => $current_update->get('type'), + 'element' => $current_update->get('element'), + 'type' => $current_update->get('type'), 'client_id' => $current_update->get('client_id'), - 'folder' => $current_update->get('folder'), + 'folder' => $current_update->get('folder'), ) ); @@ -339,7 +339,7 @@ private function getUpdateObjectsForSite($updateSite, $minimumStability = self:: $update->load($uid); // We already have an update in the database lets check whether it has an extension_id - if ((int) $update->extension_id === 0 && $eid) { + if ((int)$update->extension_id === 0 && $eid) { // The current update does not have an extension_id but we found one. Let's use it. $current_update->extension_id = $eid; } @@ -359,7 +359,7 @@ private function getUpdateObjectsForSite($updateSite, $minimumStability = self:: /** * Returns the IDs of the update sites with cached updates * - * @param int $timestamp Optional. If set, only update sites checked before $timestamp will be taken into + * @param int $timestamp Optional. If set, only update sites checked before $timestamp will be taken into * account. * * @return array The IDs of the update sites with cached updates @@ -368,8 +368,8 @@ private function getUpdateObjectsForSite($updateSite, $minimumStability = self:: */ private function getSitesWithUpdates($timestamp = 0) { - $db = Factory::getDbo(); - $timestamp = (int) $timestamp; + $db = Factory::getDbo(); + $timestamp = (int)$timestamp; $query = $db->getQuery(true) ->select('DISTINCT ' . $db->quoteName('update_site_id')) @@ -403,7 +403,7 @@ private function getSitesWithUpdates($timestamp = 0) /** * Update the last check timestamp of an update site * - * @param int $updateSiteId The update site ID to mark as just checked + * @param int $updateSiteId The update site ID to mark as just checked * * @return void * @@ -411,9 +411,9 @@ private function getSitesWithUpdates($timestamp = 0) */ private function updateLastCheckTimestamp($updateSiteId) { - $timestamp = time(); - $db = Factory::getDbo(); - $updateSiteId = (int) $updateSiteId; + $timestamp = time(); + $db = Factory::getDbo(); + $updateSiteId = (int)$updateSiteId; $query = $db->getQuery(true) ->update($db->quoteName('#__update_sites')) From 97ce6b35635dd918adcd898ef2655854667f1567 Mon Sep 17 00:00:00 2001 From: Benjamin Trenkle Date: Fri, 8 Dec 2023 15:16:36 +0100 Subject: [PATCH 56/56] Add CMSObject replacement --- composer.json | 2 +- composer.lock | 730 ++++++++++++++++-- .../src/Updater/Update/AbstractUpdate.php | 5 +- 3 files changed, 675 insertions(+), 62 deletions(-) diff --git a/composer.json b/composer.json index 70575f51404..301d77e262c 100644 --- a/composer.json +++ b/composer.json @@ -106,7 +106,7 @@ "phpseclib/bcmath_compat": "^2.0.1", "jfcherng/php-diff": "^6.15.3", "voku/portable-utf8": "^6.0.13", - "php-tuf/php-tuf": "dev-joomla-tuf-combined" + "php-tuf/php-tuf": "^0.1.1" }, "require-dev": { "phpunit/phpunit": "^9.6.11", diff --git a/composer.lock b/composer.lock index 881e6a8da24..195ea9d7c9d 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "a11e9fcd1917529c4c799d5c8760ec09", + "content-hash": "f301b27784f84615793549841b234621", "packages": [ { "name": "algo26-matthias/idna-convert", @@ -575,6 +575,320 @@ }, "time": "2023-02-18T17:41:46+00:00" }, + { + "name": "guzzlehttp/guzzle", + "version": "7.8.1", + "source": { + "type": "git", + "url": "https://github.com/guzzle/guzzle.git", + "reference": "41042bc7ab002487b876a0683fc8dce04ddce104" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/41042bc7ab002487b876a0683fc8dce04ddce104", + "reference": "41042bc7ab002487b876a0683fc8dce04ddce104", + "shasum": "" + }, + "require": { + "ext-json": "*", + "guzzlehttp/promises": "^1.5.3 || ^2.0.1", + "guzzlehttp/psr7": "^1.9.1 || ^2.5.1", + "php": "^7.2.5 || ^8.0", + "psr/http-client": "^1.0", + "symfony/deprecation-contracts": "^2.2 || ^3.0" + }, + "provide": { + "psr/http-client-implementation": "1.0" + }, + "require-dev": { + "bamarni/composer-bin-plugin": "^1.8.2", + "ext-curl": "*", + "php-http/client-integration-tests": "dev-master#2c025848417c1135031fdf9c728ee53d0a7ceaee as 3.0.999", + "php-http/message-factory": "^1.1", + "phpunit/phpunit": "^8.5.36 || ^9.6.15", + "psr/log": "^1.1 || ^2.0 || ^3.0" + }, + "suggest": { + "ext-curl": "Required for CURL handler support", + "ext-intl": "Required for Internationalized Domain Name (IDN) support", + "psr/log": "Required for using the Log middleware" + }, + "type": "library", + "extra": { + "bamarni-bin": { + "bin-links": true, + "forward-command": false + } + }, + "autoload": { + "files": [ + "src/functions_include.php" + ], + "psr-4": { + "GuzzleHttp\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Graham Campbell", + "email": "hello@gjcampbell.co.uk", + "homepage": "https://github.com/GrahamCampbell" + }, + { + "name": "Michael Dowling", + "email": "mtdowling@gmail.com", + "homepage": "https://github.com/mtdowling" + }, + { + "name": "Jeremy Lindblom", + "email": "jeremeamia@gmail.com", + "homepage": "https://github.com/jeremeamia" + }, + { + "name": "George Mponos", + "email": "gmponos@gmail.com", + "homepage": "https://github.com/gmponos" + }, + { + "name": "Tobias Nyholm", + "email": "tobias.nyholm@gmail.com", + "homepage": "https://github.com/Nyholm" + }, + { + "name": "Márk Sági-Kazár", + "email": "mark.sagikazar@gmail.com", + "homepage": "https://github.com/sagikazarmark" + }, + { + "name": "Tobias Schultze", + "email": "webmaster@tubo-world.de", + "homepage": "https://github.com/Tobion" + } + ], + "description": "Guzzle is a PHP HTTP client library", + "keywords": [ + "client", + "curl", + "framework", + "http", + "http client", + "psr-18", + "psr-7", + "rest", + "web service" + ], + "support": { + "issues": "https://github.com/guzzle/guzzle/issues", + "source": "https://github.com/guzzle/guzzle/tree/7.8.1" + }, + "funding": [ + { + "url": "https://github.com/GrahamCampbell", + "type": "github" + }, + { + "url": "https://github.com/Nyholm", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/guzzle", + "type": "tidelift" + } + ], + "time": "2023-12-03T20:35:24+00:00" + }, + { + "name": "guzzlehttp/promises", + "version": "2.0.2", + "source": { + "type": "git", + "url": "https://github.com/guzzle/promises.git", + "reference": "bbff78d96034045e58e13dedd6ad91b5d1253223" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/guzzle/promises/zipball/bbff78d96034045e58e13dedd6ad91b5d1253223", + "reference": "bbff78d96034045e58e13dedd6ad91b5d1253223", + "shasum": "" + }, + "require": { + "php": "^7.2.5 || ^8.0" + }, + "require-dev": { + "bamarni/composer-bin-plugin": "^1.8.2", + "phpunit/phpunit": "^8.5.36 || ^9.6.15" + }, + "type": "library", + "extra": { + "bamarni-bin": { + "bin-links": true, + "forward-command": false + } + }, + "autoload": { + "psr-4": { + "GuzzleHttp\\Promise\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Graham Campbell", + "email": "hello@gjcampbell.co.uk", + "homepage": "https://github.com/GrahamCampbell" + }, + { + "name": "Michael Dowling", + "email": "mtdowling@gmail.com", + "homepage": "https://github.com/mtdowling" + }, + { + "name": "Tobias Nyholm", + "email": "tobias.nyholm@gmail.com", + "homepage": "https://github.com/Nyholm" + }, + { + "name": "Tobias Schultze", + "email": "webmaster@tubo-world.de", + "homepage": "https://github.com/Tobion" + } + ], + "description": "Guzzle promises library", + "keywords": [ + "promise" + ], + "support": { + "issues": "https://github.com/guzzle/promises/issues", + "source": "https://github.com/guzzle/promises/tree/2.0.2" + }, + "funding": [ + { + "url": "https://github.com/GrahamCampbell", + "type": "github" + }, + { + "url": "https://github.com/Nyholm", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/promises", + "type": "tidelift" + } + ], + "time": "2023-12-03T20:19:20+00:00" + }, + { + "name": "guzzlehttp/psr7", + "version": "1.9.1", + "source": { + "type": "git", + "url": "https://github.com/guzzle/psr7.git", + "reference": "e4490cabc77465aaee90b20cfc9a770f8c04be6b" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/guzzle/psr7/zipball/e4490cabc77465aaee90b20cfc9a770f8c04be6b", + "reference": "e4490cabc77465aaee90b20cfc9a770f8c04be6b", + "shasum": "" + }, + "require": { + "php": ">=5.4.0", + "psr/http-message": "~1.0", + "ralouphie/getallheaders": "^2.0.5 || ^3.0.0" + }, + "provide": { + "psr/http-message-implementation": "1.0" + }, + "require-dev": { + "ext-zlib": "*", + "phpunit/phpunit": "~4.8.36 || ^5.7.27 || ^6.5.14 || ^7.5.20 || ^8.5.8 || ^9.3.10" + }, + "suggest": { + "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses" + }, + "type": "library", + "autoload": { + "files": [ + "src/functions_include.php" + ], + "psr-4": { + "GuzzleHttp\\Psr7\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Graham Campbell", + "email": "hello@gjcampbell.co.uk", + "homepage": "https://github.com/GrahamCampbell" + }, + { + "name": "Michael Dowling", + "email": "mtdowling@gmail.com", + "homepage": "https://github.com/mtdowling" + }, + { + "name": "George Mponos", + "email": "gmponos@gmail.com", + "homepage": "https://github.com/gmponos" + }, + { + "name": "Tobias Nyholm", + "email": "tobias.nyholm@gmail.com", + "homepage": "https://github.com/Nyholm" + }, + { + "name": "Márk Sági-Kazár", + "email": "mark.sagikazar@gmail.com", + "homepage": "https://github.com/sagikazarmark" + }, + { + "name": "Tobias Schultze", + "email": "webmaster@tubo-world.de", + "homepage": "https://github.com/Tobion" + } + ], + "description": "PSR-7 message implementation that also provides common utility methods", + "keywords": [ + "http", + "message", + "psr-7", + "request", + "response", + "stream", + "uri", + "url" + ], + "support": { + "issues": "https://github.com/guzzle/psr7/issues", + "source": "https://github.com/guzzle/psr7/tree/1.9.1" + }, + "funding": [ + { + "url": "https://github.com/GrahamCampbell", + "type": "github" + }, + { + "url": "https://github.com/Nyholm", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/psr7", + "type": "tidelift" + } + ], + "time": "2023-04-17T16:00:37+00:00" + }, { "name": "jakeasmith/http_build_url", "version": "1.0.1", @@ -2728,6 +3042,65 @@ }, "time": "2023-09-19T19:53:10+00:00" }, + { + "name": "myclabs/deep-copy", + "version": "1.11.1", + "source": { + "type": "git", + "url": "https://github.com/myclabs/DeepCopy.git", + "reference": "7284c22080590fb39f2ffa3e9057f10a4ddd0e0c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/7284c22080590fb39f2ffa3e9057f10a4ddd0e0c", + "reference": "7284c22080590fb39f2ffa3e9057f10a4ddd0e0c", + "shasum": "" + }, + "require": { + "php": "^7.1 || ^8.0" + }, + "conflict": { + "doctrine/collections": "<1.6.8", + "doctrine/common": "<2.13.3 || >=3,<3.2.2" + }, + "require-dev": { + "doctrine/collections": "^1.6.8", + "doctrine/common": "^2.13.3 || ^3.2.2", + "phpunit/phpunit": "^7.5.20 || ^8.5.23 || ^9.5.13" + }, + "type": "library", + "autoload": { + "files": [ + "src/DeepCopy/deep_copy.php" + ], + "psr-4": { + "DeepCopy\\": "src/DeepCopy/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "Create deep copies (clones) of your objects", + "keywords": [ + "clone", + "copy", + "duplicate", + "object", + "object graph" + ], + "support": { + "issues": "https://github.com/myclabs/DeepCopy/issues", + "source": "https://github.com/myclabs/DeepCopy/tree/1.11.1" + }, + "funding": [ + { + "url": "https://tidelift.com/funding/github/packagist/myclabs/deep-copy", + "type": "tidelift" + } + ], + "time": "2023-03-08T13:26:56+00:00" + }, { "name": "paragonie/constant_time_encoding", "version": "v2.6.3", @@ -2881,6 +3254,68 @@ }, "time": "2023-04-30T00:54:53+00:00" }, + { + "name": "php-tuf/php-tuf", + "version": "0.1.1", + "source": { + "type": "git", + "url": "https://github.com/joomla-projects/php-tuf.git", + "reference": "032cb8de4da0a80b9fe0fb386a61ffca8fab6c63" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/joomla-projects/php-tuf/zipball/032cb8de4da0a80b9fe0fb386a61ffca8fab6c63", + "reference": "032cb8de4da0a80b9fe0fb386a61ffca8fab6c63", + "shasum": "" + }, + "require": { + "ext-json": "*", + "guzzlehttp/guzzle": "^6.5 || ^7.2", + "guzzlehttp/psr7": "^1.7", + "myclabs/deep-copy": "^1.10.2", + "paragonie/sodium_compat": "^1.13", + "php": ">=7.2.5", + "symfony/validator": "^4.4 || ^5" + }, + "require-dev": { + "php-tuf/phpcodesniffer-standard": "dev-main", + "phpunit/phpunit": "^8.5.8|^9", + "symfony/phpunit-bridge": "^5" + }, + "suggest": { + "ext-libsodium": "Provides faster verification of updates" + }, + "type": "library", + "autoload": { + "psr-4": { + "Tuf\\": "src/" + } + }, + "autoload-dev": { + "psr-4": { + "Tuf\\Tests\\": "tests/" + } + }, + "scripts": { + "phpcs": [ + "phpcs -s --standard=PhpTuf ./src ./tests" + ], + "phpcbf": [ + "phpcbf --standard=PhpTuf ./src ./tests" + ], + "test": [ + "phpunit ./tests" + ], + "lint": [ + "find src -name '*.php' -exec php -l {} \\;" + ] + }, + "license": [ + "MIT" + ], + "description": "PHP implementation of The Update Framework (TUF)", + "time": "2021-07-12T17:01:35+00:00" + }, { "name": "phpmailer/phpmailer", "version": "v6.8.1", @@ -3542,6 +3977,50 @@ }, "time": "2021-07-14T16:46:02+00:00" }, + { + "name": "ralouphie/getallheaders", + "version": "3.0.3", + "source": { + "type": "git", + "url": "https://github.com/ralouphie/getallheaders.git", + "reference": "120b605dfeb996808c31b6477290a714d356e822" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ralouphie/getallheaders/zipball/120b605dfeb996808c31b6477290a714d356e822", + "reference": "120b605dfeb996808c31b6477290a714d356e822", + "shasum": "" + }, + "require": { + "php": ">=5.6" + }, + "require-dev": { + "php-coveralls/php-coveralls": "^2.1", + "phpunit/phpunit": "^5 || ^6.5" + }, + "type": "library", + "autoload": { + "files": [ + "src/getallheaders.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Ralph Khattar", + "email": "ralph.khattar@gmail.com" + } + ], + "description": "A polyfill for getallheaders.", + "support": { + "issues": "https://github.com/ralouphie/getallheaders/issues", + "source": "https://github.com/ralouphie/getallheaders/tree/develop" + }, + "time": "2019-03-08T08:55:37+00:00" + }, { "name": "spomky-labs/cbor-php", "version": "3.0.2", @@ -4773,6 +5252,84 @@ ], "time": "2023-07-05T08:41:27+00:00" }, + { + "name": "symfony/translation-contracts", + "version": "v3.4.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/translation-contracts.git", + "reference": "dee0c6e5b4c07ce851b462530088e64b255ac9c5" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/translation-contracts/zipball/dee0c6e5b4c07ce851b462530088e64b255ac9c5", + "reference": "dee0c6e5b4c07ce851b462530088e64b255ac9c5", + "shasum": "" + }, + "require": { + "php": ">=8.1" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-main": "3.4-dev" + }, + "thanks": { + "name": "symfony/contracts", + "url": "https://github.com/symfony/contracts" + } + }, + "autoload": { + "psr-4": { + "Symfony\\Contracts\\Translation\\": "" + }, + "exclude-from-classmap": [ + "/Test/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Generic abstractions related to translation", + "homepage": "https://symfony.com", + "keywords": [ + "abstractions", + "contracts", + "decoupling", + "interfaces", + "interoperability", + "standards" + ], + "support": { + "source": "https://github.com/symfony/translation-contracts/tree/v3.4.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2023-07-25T15:08:44+00:00" + }, { "name": "symfony/uid", "version": "v6.3.0", @@ -4847,6 +5404,118 @@ ], "time": "2023-04-08T07:25:02+00:00" }, + { + "name": "symfony/validator", + "version": "v5.4.32", + "source": { + "type": "git", + "url": "https://github.com/symfony/validator.git", + "reference": "d205d071c4a7ef5b6b43349c7e41d47d1b227636" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/validator/zipball/d205d071c4a7ef5b6b43349c7e41d47d1b227636", + "reference": "d205d071c4a7ef5b6b43349c7e41d47d1b227636", + "shasum": "" + }, + "require": { + "php": ">=7.2.5", + "symfony/deprecation-contracts": "^2.1|^3", + "symfony/polyfill-ctype": "~1.8", + "symfony/polyfill-mbstring": "~1.0", + "symfony/polyfill-php73": "~1.0", + "symfony/polyfill-php80": "^1.16", + "symfony/polyfill-php81": "^1.22", + "symfony/translation-contracts": "^1.1|^2|^3" + }, + "conflict": { + "doctrine/annotations": "<1.13", + "doctrine/cache": "<1.11", + "doctrine/lexer": "<1.1", + "symfony/dependency-injection": "<4.4", + "symfony/expression-language": "<5.1", + "symfony/http-kernel": "<4.4", + "symfony/intl": "<4.4", + "symfony/property-info": "<5.3", + "symfony/translation": "<4.4", + "symfony/yaml": "<4.4" + }, + "require-dev": { + "doctrine/annotations": "^1.13|^2", + "doctrine/cache": "^1.11|^2.0", + "egulias/email-validator": "^2.1.10|^3|^4", + "symfony/cache": "^4.4|^5.0|^6.0", + "symfony/config": "^4.4|^5.0|^6.0", + "symfony/console": "^4.4|^5.0|^6.0", + "symfony/dependency-injection": "^4.4|^5.0|^6.0", + "symfony/expression-language": "^5.1|^6.0", + "symfony/finder": "^4.4|^5.0|^6.0", + "symfony/http-client": "^4.4|^5.0|^6.0", + "symfony/http-foundation": "^4.4|^5.0|^6.0", + "symfony/http-kernel": "^4.4|^5.0|^6.0", + "symfony/intl": "^4.4|^5.0|^6.0", + "symfony/mime": "^4.4|^5.0|^6.0", + "symfony/property-access": "^4.4|^5.0|^6.0", + "symfony/property-info": "^5.3|^6.0", + "symfony/translation": "^4.4|^5.0|^6.0", + "symfony/yaml": "^4.4|^5.0|^6.0" + }, + "suggest": { + "egulias/email-validator": "Strict (RFC compliant) email validation", + "psr/cache-implementation": "For using the mapping cache.", + "symfony/config": "", + "symfony/expression-language": "For using the Expression validator and the ExpressionLanguageSyntax constraints", + "symfony/http-foundation": "", + "symfony/intl": "", + "symfony/property-access": "For accessing properties within comparison constraints", + "symfony/property-info": "To automatically add NotNull and Type constraints", + "symfony/translation": "For translating validation errors.", + "symfony/yaml": "" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\Validator\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Provides tools to validate values", + "homepage": "https://symfony.com", + "support": { + "source": "https://github.com/symfony/validator/tree/v5.4.32" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2023-11-29T07:42:18+00:00" + }, { "name": "symfony/var-dumper", "version": "v6.3.4", @@ -7277,65 +7946,6 @@ }, "time": "2022-10-05T17:30:19+00:00" }, - { - "name": "myclabs/deep-copy", - "version": "1.11.1", - "source": { - "type": "git", - "url": "https://github.com/myclabs/DeepCopy.git", - "reference": "7284c22080590fb39f2ffa3e9057f10a4ddd0e0c" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/7284c22080590fb39f2ffa3e9057f10a4ddd0e0c", - "reference": "7284c22080590fb39f2ffa3e9057f10a4ddd0e0c", - "shasum": "" - }, - "require": { - "php": "^7.1 || ^8.0" - }, - "conflict": { - "doctrine/collections": "<1.6.8", - "doctrine/common": "<2.13.3 || >=3,<3.2.2" - }, - "require-dev": { - "doctrine/collections": "^1.6.8", - "doctrine/common": "^2.13.3 || ^3.2.2", - "phpunit/phpunit": "^7.5.20 || ^8.5.23 || ^9.5.13" - }, - "type": "library", - "autoload": { - "files": [ - "src/DeepCopy/deep_copy.php" - ], - "psr-4": { - "DeepCopy\\": "src/DeepCopy/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "description": "Create deep copies (clones) of your objects", - "keywords": [ - "clone", - "copy", - "duplicate", - "object", - "object graph" - ], - "support": { - "issues": "https://github.com/myclabs/DeepCopy/issues", - "source": "https://github.com/myclabs/DeepCopy/tree/1.11.1" - }, - "funding": [ - { - "url": "https://tidelift.com/funding/github/packagist/myclabs/deep-copy", - "type": "tidelift" - } - ], - "time": "2023-03-08T13:26:56+00:00" - }, { "name": "netresearch/jsonmapper", "version": "v4.2.0", diff --git a/libraries/src/Updater/Update/AbstractUpdate.php b/libraries/src/Updater/Update/AbstractUpdate.php index 0b93c1d5d19..efe9d502bae 100644 --- a/libraries/src/Updater/Update/AbstractUpdate.php +++ b/libraries/src/Updater/Update/AbstractUpdate.php @@ -14,8 +14,11 @@ \defined('JPATH_PLATFORM') or die; -abstract class AbstractUpdate extends CMSObject implements UpdateInterface +abstract class AbstractUpdate implements UpdateInterface { + use LegacyErrorHandlingTrait; + use LegacyPropertyManagementTrait; + /** * Update manifest `` element *