Application::updateCSP() - Code Metrics - Inspection of "Prefix global scale nodes with the current protoco..." - nextcloud/richdocuments - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#1328)

by Julius

created 2021-01-27 08:35 UTC

Application::updateCSP() C

↳ Parent: Application

Complexity

Conditions	13
Paths	60

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	182

Importance

Changes

Metric	Value
dl	0
loc	47
ccs	0
cts	29
cp	0
rs	6.6166
c	0
b	0
f	0
cc	13
nc	60
nop	0
crap	182

How to fix Complexity

<?php
/**
 * @copyright Copyright (c) 2016 Lukas Reschke <[email protected]>
 *
 * @author Lukas Reschke <[email protected]>
 * @author Roeland Jago Douma <[email protected]>
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 *
 */

namespace OCA\Richdocuments\AppInfo;

use OC\Files\Type\Detection;
use OC\Security\CSP\ContentSecurityPolicy;
use OCA\Federation\TrustedServers;
use OCA\Richdocuments\AppConfig;
use OCA\Richdocuments\Capabilities;
use OCA\Richdocuments\Preview\MSExcel;
use OCA\Richdocuments\Preview\MSWord;
use OCA\Richdocuments\Preview\OOXML;
use OCA\Richdocuments\Preview\OpenDocument;
use OCA\Richdocuments\Preview\Pdf;
use OCA\Richdocuments\Service\CapabilitiesService;
use OCA\Richdocuments\Service\FederationService;
use OCA\Richdocuments\WOPI\DiscoveryManager;
use OCA\Viewer\Event\LoadViewer;
use OCP\AppFramework\App;
use OCP\AppFramework\QueryException;
use OCP\EventDispatcher\IEventDispatcher;
use OCP\GlobalScale\IConfig;
use OCP\IPreview;

class Application extends App {

	const APPNAME = 'richdocuments';

	/**
	 * Strips the path and query parameters from the URL.
	 *
	 * @param string $url
	 * @return string
	 */
	private function domainOnly($url) {
		$parsed_url = parse_url($url);
		$scheme = isset($parsed_url['scheme']) ? $parsed_url['scheme'] . '://' : '';
		$host	= isset($parsed_url['host']) ? $parsed_url['host'] : '';
		$port	= isset($parsed_url['port']) ? ':' . $parsed_url['port'] : '';
		return "$scheme$host$port";
	}

	public function __construct(array $urlParams = array()) {
		parent::__construct(self::APPNAME, $urlParams);

		try {
			/** @var IEventDispatcher $eventDispatcher */
			$eventDispatcher = $this->getContainer()->getServer()->query(IEventDispatcher::class);
			if (class_exists(LoadViewer::class)) {
				$eventDispatcher->addListener(LoadViewer::class, function () {
					\OCP\Util::addScript('richdocuments', 'viewer');
				});
			}
		} catch (QueryException $e) {

		}

		$this->getContainer()->registerCapability(Capabilities::class);
	}

	public function registerProvider() {
		$container = $this->getContainer();

		// Register mimetypes
		/** @var Detection $detector */
		$detector = $container->query(\OCP\Files\IMimeTypeDetector::class);
		$detector->getAllMappings();
		$detector->registerType('ott','application/vnd.oasis.opendocument.text-template');
		$detector->registerType('ots', 'application/vnd.oasis.opendocument.spreadsheet-template');
		$detector->registerType('otp', 'application/vnd.oasis.opendocument.presentation-template');

		/** @var IPreview $previewManager */
		$previewManager = $container->query(IPreview::class);

		$previewManager->registerProvider('/application\/vnd.ms-excel/', function() use ($container) {
			return $container->query(MSExcel::class);
		});

		$previewManager->registerProvider('/application\/msword/', function() use ($container) {
			return $container->query(MSWord::class);
		});

		$previewManager->registerProvider('/application\/vnd.openxmlformats-officedocument.*/', function() use ($container) {
			return $container->query(OOXML::class);
		});

		// \OC::$server->getLogger()->debug('==== Richdocuments Application registerProvider: calling manager registerProvider:');
		$previewManager->registerProvider('/application\/vnd.oasis.opendocument.*/', function() use ($container) {
			// \OC::$server->getLogger()->debug('==== Richdocuments Application registerProvider lambda. OpenDocument::class=' . OpenDocument::class);
			return $container->query(OpenDocument::class);
		});

		$previewManager->registerProvider('/application\/pdf/', function() use ($container) {
			return $container->query(Pdf::class);
		});

	}

	public function updateCSP() {
		$container = $this->getContainer();

		$publicWopiUrl = $container->getServer()->getConfig()->getAppValue('richdocuments', 'public_wopi_url', '');
		$publicWopiUrl = $publicWopiUrl === '' ? \OC::$server->getConfig()->getAppValue('richdocuments', 'wopi_url') : $publicWopiUrl;
		$cspManager = $container->getServer()->getContentSecurityPolicyManager();
		$policy = new ContentSecurityPolicy();
		if ($publicWopiUrl !== '') {
			$policy->addAllowedFrameDomain('\'self\'');
			$policy->addAllowedFrameDomain($this->domainOnly($publicWopiUrl));
			if (method_exists($policy, 'addAllowedFormActionDomain')) {
				$policy->addAllowedFormActionDomain($this->domainOnly($publicWopiUrl));
			}
		}

		/**
		 * Dynamically add CSP for federated editing
		 */
		$path = '';
		try {
			$path = $container->getServer()->getRequest()->getPathInfo();
		} catch (\Exception $e) {}

		if (strpos($path, '/apps/files') === 0 && $container->getServer()->getAppManager()->isEnabledForUser('federation')) {
			/** @var FederationService $federationService */
			$federationService = \OC::$server->query(FederationService::class);

			// Always add trusted servers on global scale
			/** @var IConfig $globalScale */
			$globalScale = $container->query(IConfig::class);
			if ($globalScale->isGlobalScaleEnabled()) {
				$trustedList = \OC::$server->getConfig()->getSystemValue('gs.trustedHosts', []);
				foreach ($trustedList as $server) {
					if (strpos($server, 'http://') !== 0 && strpos($server, 'https://') !== 0) {
						$server = \OC::$server->getRequest()->getServerProtocol() . '://' . $server;
					}
					$this->addTrustedRemote($policy, $server);
				}
			}
			$remoteAccess = $container->getServer()->getRequest()->getParam('richdocuments_remote_access');

			if ($remoteAccess && $federationService->isTrustedRemote($remoteAccess)) {
				$this->addTrustedRemote($policy, $remoteAccess);
			}
		}

		$cspManager->addDefaultPolicy($policy);
	}

	private function addTrustedRemote($policy, $url) {
		/** @var FederationService $federationService */
		$federationService = \OC::$server->query(FederationService::class);
		try {
			$remoteCollabora = $federationService->getRemoteCollaboraURL($url);
			$policy->addAllowedFrameDomain($url);
			$policy->addAllowedFrameDomain($remoteCollabora);
		} catch (\Exception $e) {
			// We can ignore this exception for adding predefined domains to the CSP as it it would then just
			// reload the page to set a proper allowed frame domain if we don't have a fixed list of trusted
			// remotes in a global scale scenario
		}
	}

	public function checkAndEnableCODEServer() {
		// Supported only on Linux OS, and x86_64 & ARM64 platforms
		$supportedArchs = array('x86_64', 'aarch64');
		$osFamily = PHP_VERSION_ID >= 70200 ? PHP_OS_FAMILY : PHP_OS;
		if ($osFamily !== 'Linux' || !in_array(php_uname('m'), $supportedArchs))
			return;

		$CODEAppID = (php_uname('m') === 'x86_64') ? 'richdocumentscode' : 'richdocumentscode_arm64';

		if ($this->getContainer()->getServer()->getAppManager()->isEnabledForUser($CODEAppID)) {
			$appConfig = $this->getContainer()->query(AppConfig::class);
			$wopi_url = $appConfig->getAppValue('wopi_url');
			$isCODEEnabled = strpos($wopi_url, 'proxy.php?req=') !== false;

			// Check if we have the wopi_url set to custom currently
			if ($wopi_url !== null && $wopi_url !== '' && $isCODEEnabled === false) {
				return;
			}

			$urlGenerator = \OC::$server->getURLGenerator();
			$relativeUrl = $urlGenerator->linkTo($CODEAppID, '') . 'proxy.php';
			$absoluteUrl = $urlGenerator->getAbsoluteURL($relativeUrl);
			$new_wopi_url = $absoluteUrl . '?req=';

			// Check if the wopi url needs to be updated
			if ($isCODEEnabled && $wopi_url === $new_wopi_url) {
				return;
			}

			$appConfig->setAppValue('wopi_url', $new_wopi_url);
			$appConfig->setAppValue('disable_certificate_verification', 'yes');

			$discoveryManager = $this->getContainer()->query(DiscoveryManager::class);
			$capabilitiesService = $this->getContainer()->query(CapabilitiesService::class);

			$discoveryManager->refetch();
			$capabilitiesService->clear();
			$capabilitiesService->refetch();
		}
	}
}


1			<?php
2			/**
3			* @copyright Copyright (c) 2016 Lukas Reschke <[email protected]>
4			*
5			* @author Lukas Reschke <[email protected]>
6			* @author Roeland Jago Douma <[email protected]>
7			*
8			* @license GNU AGPL version 3 or any later version
9			*
10			* This program is free software: you can redistribute it and/or modify
11			* it under the terms of the GNU Affero General Public License as
12			* published by the Free Software Foundation, either version 3 of the
13			* License, or (at your option) any later version.
14			*
15			* This program is distributed in the hope that it will be useful,
16			* but WITHOUT ANY WARRANTY; without even the implied warranty of
17			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18			* GNU Affero General Public License for more details.
19			*
20			* You should have received a copy of the GNU Affero General Public License
21			* along with this program. If not, see <http://www.gnu.org/licenses/>.
22			*
23			*/
24
25			namespace OCA\Richdocuments\AppInfo;
26
27			use OC\Files\Type\Detection;
28			use OC\Security\CSP\ContentSecurityPolicy;
29			use OCA\Federation\TrustedServers;
30			use OCA\Richdocuments\AppConfig;
31			use OCA\Richdocuments\Capabilities;
32			use OCA\Richdocuments\Preview\MSExcel;
33			use OCA\Richdocuments\Preview\MSWord;
34			use OCA\Richdocuments\Preview\OOXML;
35			use OCA\Richdocuments\Preview\OpenDocument;
36			use OCA\Richdocuments\Preview\Pdf;
37			use OCA\Richdocuments\Service\CapabilitiesService;
38			use OCA\Richdocuments\Service\FederationService;
39			use OCA\Richdocuments\WOPI\DiscoveryManager;
40			use OCA\Viewer\Event\LoadViewer;
41			use OCP\AppFramework\App;
42			use OCP\AppFramework\QueryException;
43			use OCP\EventDispatcher\IEventDispatcher;
44			use OCP\GlobalScale\IConfig;
45			use OCP\IPreview;
46
47			class Application extends App {
48
49			const APPNAME = 'richdocuments';
50
51			/**
52			* Strips the path and query parameters from the URL.
53			*
54			* @param string $url
55			* @return string
56			*/
57			private function domainOnly($url) {
58			$parsed_url = parse_url($url);
59			$scheme = isset($parsed_url['scheme']) ? $parsed_url['scheme'] . '://' : '';
60			$host = isset($parsed_url['host']) ? $parsed_url['host'] : '';
61			$port = isset($parsed_url['port']) ? ':' . $parsed_url['port'] : '';
62			return "$scheme$host$port";
63			}
64
65			public function __construct(array $urlParams = array()) {
66			parent::__construct(self::APPNAME, $urlParams);
67
68			try {
69			/** @var IEventDispatcher $eventDispatcher */
70			$eventDispatcher = $this->getContainer()->getServer()->query(IEventDispatcher::class);
71			if (class_exists(LoadViewer::class)) {
72			$eventDispatcher->addListener(LoadViewer::class, function () {
73			\OCP\Util::addScript('richdocuments', 'viewer');
74			});
75			}
76			} catch (QueryException $e) {
			0 ignored issues – show Coding Style Comprehensibility introduced 2020-11-23 11:10 UTC by Report Bug Copy Issue Report Consider adding a comment why this CATCH block is empty. Loading history...
77			}
78
79			$this->getContainer()->registerCapability(Capabilities::class);
80			}
81
82			public function registerProvider() {
83			$container = $this->getContainer();
84
85			// Register mimetypes
86			/** @var Detection $detector */
87			$detector = $container->query(\OCP\Files\IMimeTypeDetector::class);
88			$detector->getAllMappings();
89			$detector->registerType('ott','application/vnd.oasis.opendocument.text-template');
90			$detector->registerType('ots', 'application/vnd.oasis.opendocument.spreadsheet-template');
91			$detector->registerType('otp', 'application/vnd.oasis.opendocument.presentation-template');
92
93			/** @var IPreview $previewManager */
94			$previewManager = $container->query(IPreview::class);
95
96			$previewManager->registerProvider('/application\/vnd.ms-excel/', function() use ($container) {
97			return $container->query(MSExcel::class);
98			});
99
100			$previewManager->registerProvider('/application\/msword/', function() use ($container) {
101			return $container->query(MSWord::class);
102			});
103
104			$previewManager->registerProvider('/application\/vnd.openxmlformats-officedocument.*/', function() use ($container) {
105			return $container->query(OOXML::class);
106			});
107
108			// \OC::$server->getLogger()->debug('==== Richdocuments Application registerProvider: calling manager registerProvider:');
109			$previewManager->registerProvider('/application\/vnd.oasis.opendocument.*/', function() use ($container) {
110			// \OC::$server->getLogger()->debug('==== Richdocuments Application registerProvider lambda. OpenDocument::class=' . OpenDocument::class);
111			return $container->query(OpenDocument::class);
112			});
113
114			$previewManager->registerProvider('/application\/pdf/', function() use ($container) {
115			return $container->query(Pdf::class);
116			});
117
118			}
119
120			public function updateCSP() {
121			$container = $this->getContainer();
122
123			$publicWopiUrl = $container->getServer()->getConfig()->getAppValue('richdocuments', 'public_wopi_url', '');
124			$publicWopiUrl = $publicWopiUrl === '' ? \OC::$server->getConfig()->getAppValue('richdocuments', 'wopi_url') : $publicWopiUrl;
125			$cspManager = $container->getServer()->getContentSecurityPolicyManager();
126			$policy = new ContentSecurityPolicy();
127			if ($publicWopiUrl !== '') {
128			$policy->addAllowedFrameDomain('\'self\'');
129			$policy->addAllowedFrameDomain($this->domainOnly($publicWopiUrl));
130			if (method_exists($policy, 'addAllowedFormActionDomain')) {
131			$policy->addAllowedFormActionDomain($this->domainOnly($publicWopiUrl));
132			}
133			}
134
135			/**
136			* Dynamically add CSP for federated editing
137			*/
138			$path = '';
139			try {
140			$path = $container->getServer()->getRequest()->getPathInfo();
141			} catch (\Exception $e) {}
			0 ignored issues – show Coding Style Comprehensibility introduced 2020-05-22 06:51 UTC by Report Bug Copy Issue Report Consider adding a comment why this CATCH block is empty. Loading history...
142			if (strpos($path, '/apps/files') === 0 && $container->getServer()->getAppManager()->isEnabledForUser('federation')) {
143			/** @var FederationService $federationService */
144			$federationService = \OC::$server->query(FederationService::class);
145
146			// Always add trusted servers on global scale
147			/** @var IConfig $globalScale */
148			$globalScale = $container->query(IConfig::class);
149			if ($globalScale->isGlobalScaleEnabled()) {
150			$trustedList = \OC::$server->getConfig()->getSystemValue('gs.trustedHosts', []);
151			foreach ($trustedList as $server) {
152			if (strpos($server, 'http://') !== 0 && strpos($server, 'https://') !== 0) {
153			$server = \OC::$server->getRequest()->getServerProtocol() . '://' . $server;
154			}
155			$this->addTrustedRemote($policy, $server);
156			}
157			}
158			$remoteAccess = $container->getServer()->getRequest()->getParam('richdocuments_remote_access');
159
160			if ($remoteAccess && $federationService->isTrustedRemote($remoteAccess)) {
161			$this->addTrustedRemote($policy, $remoteAccess);
162			}
163			}
164
165			$cspManager->addDefaultPolicy($policy);
166			}
167
168			private function addTrustedRemote($policy, $url) {
169			/** @var FederationService $federationService */
170			$federationService = \OC::$server->query(FederationService::class);
171			try {
172			$remoteCollabora = $federationService->getRemoteCollaboraURL($url);
173			$policy->addAllowedFrameDomain($url);
174			$policy->addAllowedFrameDomain($remoteCollabora);
175			} catch (\Exception $e) {
176			// We can ignore this exception for adding predefined domains to the CSP as it it would then just
177			// reload the page to set a proper allowed frame domain if we don't have a fixed list of trusted
178			// remotes in a global scale scenario
179			}
180			}
181
182			public function checkAndEnableCODEServer() {
183			// Supported only on Linux OS, and x86_64 & ARM64 platforms
184			$supportedArchs = array('x86_64', 'aarch64');
185			$osFamily = PHP_VERSION_ID >= 70200 ? PHP_OS_FAMILY : PHP_OS;
186			if ($osFamily !== 'Linux' \|\| !in_array(php_uname('m'), $supportedArchs))
187			return;
188
189			$CODEAppID = (php_uname('m') === 'x86_64') ? 'richdocumentscode' : 'richdocumentscode_arm64';
190
191			if ($this->getContainer()->getServer()->getAppManager()->isEnabledForUser($CODEAppID)) {
192			$appConfig = $this->getContainer()->query(AppConfig::class);
193			$wopi_url = $appConfig->getAppValue('wopi_url');
194			$isCODEEnabled = strpos($wopi_url, 'proxy.php?req=') !== false;
195
196			// Check if we have the wopi_url set to custom currently
197			if ($wopi_url !== null && $wopi_url !== '' && $isCODEEnabled === false) {
198			return;
199			}
200
201			$urlGenerator = \OC::$server->getURLGenerator();
202			$relativeUrl = $urlGenerator->linkTo($CODEAppID, '') . 'proxy.php';
203			$absoluteUrl = $urlGenerator->getAbsoluteURL($relativeUrl);
204			$new_wopi_url = $absoluteUrl . '?req=';
205
206			// Check if the wopi url needs to be updated
207			if ($isCODEEnabled && $wopi_url === $new_wopi_url) {
208			return;
209			}
210
211			$appConfig->setAppValue('wopi_url', $new_wopi_url);
212			$appConfig->setAppValue('disable_certificate_verification', 'yes');
213
214			$discoveryManager = $this->getContainer()->query(DiscoveryManager::class);
215			$capabilitiesService = $this->getContainer()->query(CapabilitiesService::class);
216
217			$discoveryManager->refetch();
218			$capabilitiesService->clear();
219			$capabilitiesService->refetch();
220			}
221			}
222			}
223

nextcloud / richdocuments

Pull Request — master (#1328)

Application::updateCSP() C

Complexity

Size

Duplication

Code Coverage

Importance

How to fix Complexity

Long Method

Duplication Side-by-Side

Filter issues like