AC-10686: [PCI] enabled on payment pages.

Added Integration test.
Added scenario to skip graphql static test for scenarios not requiring graphql side change.

Author: admanesachin

app/code/Magento/Csp/Test/Unit/Model/SubresourceIntegrityRepositoryTest.php

@@ -114,14 +114,15 @@ public function testSaveBunch(): void
 
         $bunches = [$bunch1, $bunch2];
 
-         $expected = [];
+        $expected = [];
 
-         foreach($bunches as $bunch){
-             $expected[$bunch->getPath()] = $bunch->getHash();
-         }
+        foreach ($bunches as $bunch) {
+            $expected[$bunch->getPath()] = $bunch->getHash();
+        }
         $serializedBunch = json_encode($expected);
         $this->cacheMock->expects($this->once())->method('load')->willReturn(false);
-        $this->serializerMock->expects($this->once())->method('serialize')->with($expected)->willReturn($serializedBunch);
+        $this->serializerMock->expects($this->once())->method('serialize')
+            ->with($expected)->willReturn($serializedBunch);
         $this->cacheMock->expects($this->once())->method('save')->willReturn(true);
         $this->assertTrue($this->subresourceIntegrityRepository->saveBunch($bunches));
     }

app/code/Magento/Csp/Test/Unit/Plugin/AddDefaultPropertiesToGroupPluginTest.php

@@ -106,7 +106,8 @@ public function testBeforeGetFilteredProperties(): void
         $this->assertEquals(
             $expected,
             $this->plugin->beforeGetFilteredProperties(
-                $groupedCollectionMock, $this->assetInterfaceMock
+                $groupedCollectionMock,
+                $this->assetInterfaceMock
             )
         );
     }

app/code/Magento/Csp/Test/Unit/Plugin/StoreAssetIntegrityHashesTest.php

@@ -42,21 +42,21 @@ class StoreAssetIntegrityHashesTest extends TestCase
      * @return void
      */
     protected function setUp(): void
-   {
-       parent::setUp();
-       $this->integrityRepositoryPoolMock = $this->getMockBuilder(SubresourceIntegrityRepositoryPool::class)
-           ->disableOriginalConstructor()
-           ->onlyMethods(['get'])
-           ->getMock();
-       $this->integrityCollectorMock = $this->getMockBuilder(SubresourceIntegrityCollector::class)
-           ->disableOriginalConstructor()
-           ->onlyMethods(['release'])
-           ->getMock();
-       $this->plugin = new StoreAssetIntegrityHashes(
-           $this->integrityCollectorMock,
-           $this->integrityRepositoryPoolMock,
-       );
-   }
+    {
+        parent::setUp();
+        $this->integrityRepositoryPoolMock = $this->getMockBuilder(SubresourceIntegrityRepositoryPool::class)
+            ->disableOriginalConstructor()
+            ->onlyMethods(['get'])
+            ->getMock();
+        $this->integrityCollectorMock = $this->getMockBuilder(SubresourceIntegrityCollector::class)
+            ->disableOriginalConstructor()
+            ->onlyMethods(['release'])
+            ->getMock();
+        $this->plugin = new StoreAssetIntegrityHashes(
+            $this->integrityCollectorMock,
+            $this->integrityRepositoryPoolMock,
+        );
+    }
 
     /**
      * Test After Deploy method of plugin
@@ -65,34 +65,32 @@ protected function setUp(): void
      * @doesNotPerformAssertions
      */
     public function testAfterDeploy(): void
-   {
-       $bunch1 = new SubresourceIntegrity(
-           [
-               'hash' => 'testhash',
-               'path' => 'adminhtml/js/jquery.js'
-           ]
-       );
+    {
+        $bunch1 = new SubresourceIntegrity(
+            [
+                'hash' => 'testhash',
+                'path' => 'adminhtml/js/jquery.js'
+            ]
+        );
 
-       $bunch2 = new SubresourceIntegrity(
-           [
-               'hash' => 'testhash2',
-               'path' => 'frontend/js/test.js'
-           ]
-       );
+        $bunch2 = new SubresourceIntegrity(
+            [
+                'hash' => 'testhash2',
+                'path' => 'frontend/js/test.js'
+            ]
+        );
 
-       $bunches = [$bunch1, $bunch2];
-       $deployStaticContentMock = $this->getMockBuilder(DeployStaticContent::class)
-           ->disableOriginalConstructor()
-           ->getMock();
-       $subResourceIntegrityMock = $this->getMockBuilder(SubresourceIntegrityRepository::class)
-           ->disableOriginalConstructor()
-           ->onlyMethods(['saveBunch'])
-           ->getMock();
-       $this->integrityCollectorMock->expects($this->once())->method('release')->willReturn($bunches);
-       $this->integrityRepositoryPoolMock->expects($this->any())->method('get')->willReturn($subResourceIntegrityMock);
-       $subResourceIntegrityMock->expects($this->any())->method('saveBunch')->willReturn(true);
-       $this->plugin->afterDeploy($deployStaticContentMock, null, []);
-   }
+        $bunches = [$bunch1, $bunch2];
+        $deployStaticContentMock = $this->getMockBuilder(DeployStaticContent::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $subResourceIntegrityMock = $this->getMockBuilder(SubresourceIntegrityRepository::class)
+            ->disableOriginalConstructor()
+            ->onlyMethods(['saveBunch'])
+            ->getMock();
+        $this->integrityCollectorMock->expects($this->once())->method('release')->willReturn($bunches);
+        $this->integrityRepositoryPoolMock->expects($this->any())->method('get')->willReturn($subResourceIntegrityMock);
+        $subResourceIntegrityMock->expects($this->any())->method('saveBunch')->willReturn(true);
+        $this->plugin->afterDeploy($deployStaticContentMock, null, []);
+    }
 }
-
-

app/code/Magento/Csp/view/base/templates/sri/hashes.phtml

@@ -6,15 +6,12 @@
 
 /** @var \Magento\Csp\Block\Sri\Hashes $block */
 /** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
-//phpcs:ignore Magento2.GraphQL
 ?>
 
 <?php $sriHashes = /* @noEscape */ $block->getSerialized();
-//@codingStandardsIgnoreStart
 $scriptString = <<<script
         window.sriHashes = {$sriHashes};
 script;
-//@codingStandardsIgnoreStart
 ?>
 
 <?= /* @noEscape */ $secureRenderer->renderTag('script', [], $scriptString, false) ?>

dev/tests/integration/testsuite/Magento/Csp/Model/SubresourceIntegrity/SubresourceIntegrityRepositoryTest.php

@@ -0,0 +1,131 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Csp\Model\SubresourceIntegrity;
+
+use Magento\Csp\Model\SubresourceIntegrityRepositoryPool;
+use Magento\Deploy\Service\DeployStaticContent;
+use Magento\Deploy\Strategy\DeployStrategyFactory;
+use Magento\Framework\Exception\FileSystemException;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\TestFramework\Helper\Bootstrap;
+use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\Filesystem;
+use Magento\Deploy\Console\DeployStaticOptions as Options;
+use Magento\Framework\Filesystem\Directory\WriteInterface;
+use Magento\Csp\Model\SubresourceIntegrityRepository;
+use Magento\Csp\Model\SubresourceIntegrity\HashGenerator;
+
+/**
+ * Integration test to cover end to end SRI Generation
+ */
+class SubresourceIntegrityRepositoryTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * @var Filesystem|null
+     */
+    private ?Filesystem $filesystem = null;
+
+    /**
+     * @var WriteInterface|null
+     */
+    private ?WriteInterface $staticDir = null;
+
+    /**
+     * @var DeployStaticContent|null
+     */
+    private ?DeployStaticContent $deployService = null;
+
+    /**
+     * @var HashGenerator|null
+     */
+    private ?HashGenerator $hashGenerator = null;
+
+    /**
+     * @var array
+     */
+    private $options = [
+        Options::NO_JAVASCRIPT => false,
+        Options::NO_JS_BUNDLE => false,
+        Options::NO_CSS => false,
+        Options::NO_IMAGES => false,
+        Options::NO_FONTS => false,
+        Options::NO_HTML => false,
+        Options::NO_MISC => false,
+        Options::NO_HTML_MINIFY => false,
+        Options::AREA => ['frontend'],
+        Options::EXCLUDE_AREA => ['none'],
+        Options::THEME => ['Magento/zoom1', 'Magento/zoom2', 'Magento/zoom3'],
+        Options::EXCLUDE_THEME => ['Magento/backend', 'Magento/luma'],
+        Options::LANGUAGE => ['en_US'],
+        Options::EXCLUDE_LANGUAGE => ['none'],
+        Options::JOBS_AMOUNT => 0,
+        Options::SYMLINK_LOCALE => false,
+        Options::NO_PARENT => false,
+        Options::STRATEGY => DeployStrategyFactory::DEPLOY_STRATEGY_QUICK,
+    ];
+
+    /**
+     * @var SubresourceIntegrityRepository|null
+     */
+    private ?SubresourceIntegrityRepository $integrityRepository = null;
+
+    /**
+     * @var SubresourceIntegrityRepositoryPool|null
+     */
+    private ?SubresourceIntegrityRepositoryPool $integrityRepositoryPool = null;
+
+    /**
+     * Initialize Dependencies
+     *
+     * @return void
+     * @throws FileSystemException
+     */
+    protected function setUp(): void
+    {
+        $objectManager = Bootstrap::getObjectManager();
+
+        $this->filesystem = $objectManager->get(Filesystem::class);
+        $this->staticDir = $this->filesystem->getDirectoryWrite(DirectoryList::STATIC_VIEW);
+        $this->integrityRepository = $objectManager->get(SubresourceIntegrityRepository::class);
+        $this->integrityRepositoryPool = $objectManager->get(SubresourceIntegrityRepositoryPool::class);
+        $this->hashGenerator = $objectManager->get(HashGenerator::class);
+
+        $logger = $objectManager->get(\Psr\Log\LoggerInterface::class);
+        $this->deployService = $objectManager->create(
+            DeployStaticContent::class,
+            ['logger' => $logger]
+        );
+        $this->filesystem->getDirectoryWrite(DirectoryList::PUB)->delete(DirectoryList::STATIC_VIEW);
+        $this->filesystem->getDirectoryWrite(DirectoryList::VAR_DIR)->delete(DirectoryList::TMP_MATERIALIZATION_DIR);
+    }
+
+    /**
+     * Integration test to check caches save hash value after static content deploy
+     *
+     * @magentoDataFixture Magento/Deploy/_files/theme.php
+     * @covers \Magento\Csp\Model\SubresourceIntegrityRepositoryPool::get
+     * @covers \Magento\Csp\Model\SubresourceIntegrityRepository::getAll
+     * @covers \Magento\Csp\Model\SubresourceIntegrityRepository::getByPath
+     * @covers \Magento\Csp\Model\SubresourceIntegrity\HashGenerator::generate
+     * @return void
+     * @throws LocalizedException
+     */
+    public function testDeploy(): void
+    {
+        $this->assertEmpty($this->integrityRepository->getAll());
+        $this->deployService->deploy($this->options);
+        $repository = $this->integrityRepositoryPool->get('frontend');
+        $this->assertNotEmpty($repository->getAll());
+        $integrity = $repository->getByPath('frontend/Magento/zoom3/en_US/js/file3.js');
+        $filePath = $this->staticDir->getAbsolutePath('frontend/Magento/zoom3/en_US/js/file3.js');
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
+        $fileContents = file_get_contents($filePath);
+        $hash = $this->hashGenerator->generate($fileContents);
+        $this->assertEquals($hash, $integrity->getHash());
+    }
+}

dev/tests/static/testsuite/Magento/Test/GraphQl/LiveCodeTest.php

@@ -7,6 +7,8 @@
 
 namespace Magento\Test\GraphQl;
 
+use Exception;
+use Magento\Framework\App\Utility\Files;
 use Magento\TestFramework\CodingStandard\Tool\CodeSniffer;
 use Magento\TestFramework\CodingStandard\Tool\CodeSniffer\Wrapper;
 use Magento\Test\Php\LiveCodeTest as PHPCodeTest;
@@ -86,6 +88,7 @@ public function testModulesRequireGraphQLChange(): void
      * returns a array with the list of graphql modules which require changes
      *
      * @return array
+     * @throws Exception
      */
     private static function getModulesRequiringGraphQLChange(): array
     {
@@ -95,10 +98,11 @@ private static function getModulesRequiringGraphQLChange(): array
             '',
             '/_files/whitelist/graphql.txt'
         );
+        $fileList = self::filterFiles($whitelistFiles);
 
         $updatedGraphQlModules = [];
         $requireGraphQLChanges = [];
-        foreach ($whitelistFiles as $whitelistFile) {
+        foreach ($fileList as $whitelistFile) {
             $moduleName = self::getModuleName($whitelistFile);
 
             if (!$moduleName) {
@@ -209,4 +213,22 @@ private static function filterUiComponents(array $uIComponentClasses, string $mo
         }
         return $frontendUIComponent;
     }
+
+    /**
+     * Skip files not requiring graphql side changes
+     *
+     * @param array $fileList
+     * @return array
+     * @throws Exception
+     */
+    private static function filterFiles(array $fileList): array
+    {
+        $denyListFiles = Files::init()->readLists(__DIR__ . '/_files/denylist/*.txt');
+
+        $filter = function ($value) use ($denyListFiles) {
+            return !in_array($value, $denyListFiles);
+        };
+
+        return array_filter($fileList, $filter);
+    }
 }

dev/tests/static/testsuite/Magento/Test/GraphQl/_files/denylist/magento.txt

@@ -0,0 +1 @@
+app/code/Magento/Csp/Block/Sri/Hashes.php