AC-13833: Refactor SRI mechanism to use filesystem for storage.

Author: dvoskoboinikov

app/code/Magento/Csp/Model/SubresourceIntegrity/Storage/File.php

@@ -1,36 +1,27 @@
 <?php
-/************************************************************************
- *
- * Copyright 2024 Adobe
+/**
+ * Copyright 2025 Adobe
  * All Rights Reserved.
- *
- * NOTICE: All information contained herein is, and remains
- * the property of Adobe and its suppliers, if any. The intellectual
- * and technical concepts contained herein are proprietary to Adobe
- * and its suppliers and are protected by all applicable intellectual
- * property laws, including trade secret and copyright laws.
- * Dissemination of this information or reproduction of this material
- * is strictly forbidden unless prior written permission is obtained
- * from Adobe.
- * ************************************************************************
  */
 declare(strict_types=1);
 
 namespace Magento\Csp\Model\SubresourceIntegrity\Storage;
 
-use Magento\Deploy\Package\Package;
-use Magento\Framework\App\Area;
+use Psr\Log\LoggerInterface;
+use Magento\Framework\Filesystem;
 use Magento\Framework\App\Filesystem\DirectoryList;
 use Magento\Framework\Exception\FileSystemException;
-use Magento\Framework\Filesystem;
+use Magento\Csp\Model\SubresourceIntegrity\StorageInterface;
 
 /**
- * Persistence of sri hashes in the local file system
+ * Filesystem based SRI hashed storage.
  */
-class File
+class File implements StorageInterface
 {
     /**
-     * Constant for sri hashes filename
+     * Name of a storage file.
+     *
+     * @var string
      */
     private const FILENAME = 'sri-hashes.json';
 
@@ -40,71 +31,95 @@ class File
     private Filesystem $filesystem;
 
     /**
-     * Constructor
-     *
+     * @var LoggerInterface
+     */
+    private LoggerInterface $logger;
+
+    /**
      * @param Filesystem $filesystem
+     * @param LoggerInterface $logger
      */
     public function __construct(
-        Filesystem $filesystem
+        Filesystem $filesystem,
+        LoggerInterface $logger
     ) {
         $this->filesystem = $filesystem;
+        $this->logger = $logger;
     }
 
     /**
-     * Load data from filesystem
-     *
-     * @param string|null $area
-     * @return string|bool
-     * @throws FileSystemException
+     * @inheritDoc
      */
-    public function load(?string $area = null): string|bool
+    public function load(?string $context): ?string
     {
-        $staticDir = $this->filesystem->getDirectoryRead(DirectoryList::STATIC_VIEW);
+        try {
+            $staticDir = $this->filesystem->getDirectoryRead(
+                DirectoryList::STATIC_VIEW
+            );
 
-        if ($area) {
-            $path = $area . DIRECTORY_SEPARATOR . self::FILENAME;
-            if ($staticDir->isFile($path)) {
-                return $staticDir->readFile($path);
+            $path = $this->resolveFilePath($context);
+
+            if (!$staticDir->isFile($path)) {
+                return null;
             }
+
+            return $staticDir->readFile($path);
+        } catch (FileSystemException $exception) {
+            $this->logger->critical($exception);
+
+            return null;
         }
-        return false;
     }
 
     /**
-     * Save File to Local Storage by area
-     *
-     * @param string $data
-     * @param string|null $area
-     * @return bool
-     * @throws FileSystemException
+     * @inheritDoc
      */
-    public function save(string $data, ?string $area = null): bool
+    public function save(string $data, ?string $context): bool
     {
-        $staticDir = $this->filesystem->getDirectoryWrite(DirectoryList::STATIC_VIEW);
+        try {
+            $staticDir = $this->filesystem->getDirectoryWrite(
+                DirectoryList::STATIC_VIEW
+            );
+
+            return (bool) $staticDir->writeFile(
+                $this->resolveFilePath($context),
+                $data,
+                'w'
+            );
+        } catch (FileSystemException $exception) {
+            $this->logger->critical($exception);
 
-        if ($area) {
-            $path = $area . DIRECTORY_SEPARATOR . self::FILENAME;
-            return (bool)$staticDir->writeFile($path, $data, 'w');
+            return false;
         }
-        return false;
     }
 
     /**
-     * Delete all Sri Hashes files
-     *
-     * @throws FileSystemException
+     * @inheritDoc
      */
-    public function remove():bool
+    public function remove(?string $context): bool
     {
-        $staticDir = $this->filesystem->getDirectoryWrite(DirectoryList::STATIC_VIEW);
+        try {
+            $staticDir = $this->filesystem->getDirectoryWrite(
+                DirectoryList::STATIC_VIEW
+            );
 
-        //delete all json files from all areas
-        foreach ([Package::BASE_AREA, Area::AREA_FRONTEND, Area::AREA_ADMINHTML] as $area) {
-            $path = $area . DIRECTORY_SEPARATOR . self::FILENAME;
-            if ($staticDir->isFile($path)) {
-               $staticDir->delete($path);
-            }
+            return $staticDir->delete($this->resolveFilePath($context));
+        } catch (FileSystemException $exception) {
+            $this->logger->critical($exception);
+
+            return false;
         }
-        return true;
+    }
+
+    /**
+     * Resolves a storage file path for a given context.
+     *
+     * @param string|null $context
+     *
+     * @return string
+     */
+    private function resolveFilePath(?string $context): string
+    {
+        return ($context ? $context . DIRECTORY_SEPARATOR : '') . self::FILENAME;
     }
 }

app/code/Magento/Csp/Model/SubresourceIntegrity/StorageInterface.php

@@ -0,0 +1,42 @@
+<?php
+/**
+ * Copyright 2025 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\Csp\Model\SubresourceIntegrity;
+
+/**
+ * Interface for an SRI hashes storage.
+ */
+interface StorageInterface
+{
+    /**
+     * Loads SRI hashes from a storage.
+     *
+     * @param string|null $context
+     *
+     * @return string|null
+     */
+    public function load(?string $context): ?string;
+
+    /**
+     * Saves SRI hashes to a storage.
+     *
+     * @param string $data
+     * @param string|null $context
+     *
+     * @return bool
+     */
+    public function save(string $data, ?string $context): bool;
+
+    /**
+     * Deletes all SRI hashes from a storage.
+     *
+     * @param string|null $context
+     *
+     * @return bool
+     */
+    public function remove(?string $context): bool;
+}