AC-10686: [PCI] SRI enabled on payment pages

Author: dvoskoboinikov

app/code/Magento/Csp/Model/SubresourceIntegrity.php

@@ -12,7 +12,6 @@
  */
 class SubresourceIntegrity extends \Magento\Framework\DataObject
 {
-
     /**
      * Expected asset content type.
      *
@@ -25,7 +24,7 @@ class SubresourceIntegrity extends \Magento\Framework\DataObject
      *
      * @return string|null
      */
-    public function getUrl(): string|null
+    public function getUrl(): ?string
     {
         return $this->getData("url");
     }
@@ -35,7 +34,7 @@ public function getUrl(): string|null
      *
      * @return string|null
      */
-    public function getHash(): string|null
+    public function getHash(): ?string
     {
         return $this->getData("hash");
     }

app/code/Magento/Csp/Model/SubresourceIntegrity/File.php

@@ -20,7 +20,6 @@
  */
 class File
 {
-
     /**
      * @var Filesystem
      */

app/code/Magento/Csp/Model/SubresourceIntegrityRepository.php

@@ -7,15 +7,11 @@
 
 namespace Magento\Csp\Model;
 
-use Psr\Log\LoggerInterface;
 use Magento\Framework\App\CacheInterface;
-use Magento\Framework\App\DeploymentConfig;
-use Magento\Framework\Exception\FileSystemException;
-use Magento\Framework\Exception\RuntimeException;
 use Magento\Framework\Serialize\SerializerInterface;
 
 /**
- * Class contains methods equivalent to repository design to manage SRI hashes in cache
+ * Class contains methods equivalent to repository design to manage SRI hashes in cache.
  */
 class SubresourceIntegrityRepository
 {
@@ -24,22 +20,17 @@ class SubresourceIntegrityRepository
      *
      * @var string
      */
-    private const CACHE_PREFIX = 'INTEGRITY_HASH';
+    private const CACHE_PREFIX = 'INTEGRITY';
 
     /**
-     * @var CacheInterface
-     */
-    private CacheInterface $cache;
-
-    /**
-     * @var LoggerInterface
+     * @var array|null
      */
-    private LoggerInterface $logger;
+    private ?array $data = null;
 
     /**
-     * @var DeploymentConfig
+     * @var CacheInterface
      */
-    private DeploymentConfig $config;
+    private CacheInterface $cache;
 
     /**
      * @var SerializerInterface
@@ -52,24 +43,16 @@ class SubresourceIntegrityRepository
     private SubresourceIntegrityFactory $integrityFactory;
 
     /**
-     * constructor
-     *
      * @param CacheInterface $cache
-     * @param LoggerInterface $logger
-     * @param DeploymentConfig $config
      * @param SerializerInterface $serializer
      * @param SubresourceIntegrityFactory $integrityFactory
      */
     public function __construct(
         CacheInterface $cache,
-        LoggerInterface $logger,
-        DeploymentConfig $config,
         SerializerInterface $serializer,
         SubresourceIntegrityFactory $integrityFactory
     ) {
         $this->cache = $cache;
-        $this->logger = $logger;
-        $this->config = $config;
         $this->serializer = $serializer;
         $this->integrityFactory = $integrityFactory;
     }
@@ -83,17 +66,15 @@ public function __construct(
      */
     public function getByUrl(string $url): ?SubresourceIntegrity
     {
-        $integrity = $this->cache->load(
-            self::CACHE_PREFIX . $url
-        );
+        $data = $this->getData();
 
-        if (!$integrity) {
-            return null;
+        if (isset($data[$url])) {
+            return $this->integrityFactory->create(
+                ["data" => $data[$url]]
+            );
         }
 
-        return $this->integrityFactory->create(
-            ["data" => $this->serializer->unserialize($integrity)]
-        );
+        return null;
     }
 
     /**
@@ -105,29 +86,12 @@ public function getAll(): array
     {
         $result = [];
 
-        try {
-            $defaultCachePrefix = $this->config->get(
-                "cache/frontend/default/id_prefix"
+        foreach ($this->getData() as $integrity) {
+            $result[] = $this->integrityFactory->create(
+                [
+                    "data" => $integrity
+                ]
             );
-
-            $cacheIds = $this->cache->getFrontend()->getLowLevelFrontend()
-                ->getIdsMatchingAnyTags(
-                    [$defaultCachePrefix . self::CACHE_PREFIX]
-                );
-
-            foreach ($cacheIds as $id) {
-                $integrity = $this->cache->load($id);
-
-                if ($integrity) {
-                    $result[] = $this->integrityFactory->create(
-                        [
-                            "data" => $this->serializer->unserialize($integrity)
-                        ]
-                    );
-                }
-            }
-        } catch (\Exception $e) {
-            $this->logger->critical($e);
         }
 
         return $result;
@@ -142,24 +106,35 @@ public function getAll(): array
      */
     public function save(SubresourceIntegrity $integrity): bool
     {
+        $data = $this->getData();
+
+        $data[$integrity->getUrl()] = [
+            "url" => $integrity->getUrl(),
+            "hash" => $integrity->getHash()
+        ];
+
+        $this->data = $data;
+
         return $this->cache->save(
-            $this->serializer->serialize($integrity->getData()),
-            self::CACHE_PREFIX . $integrity->getUrl(),
+            $this->serializer->serialize($this->data),
+            self::CACHE_PREFIX,
             [self::CACHE_PREFIX]
         );
     }
 
     /**
-     * Clear contents of cache
-     *
-     * @param string $url
+     * Loads integrity data from a storage.
      *
-     * @return bool
+     * @return array
      */
-    public function deleteByUrl(string $url): bool
+    private function getData(): array
     {
-        return $this->cache->clean(
-            [self::CACHE_PREFIX . $url]
-        );
+        if ($this->data === null) {
+            $cache = $this->cache->load(self::CACHE_PREFIX);
+
+            $this->data = $cache ? $this->serializer->unserialize($cache) : [];
+        }
+
+        return $this->data;
     }
 }

app/code/Magento/Csp/etc/di.xml

@@ -33,6 +33,7 @@
                 <item name="whitelist" xsi:type="object" sortOrder="2">Magento\Csp\Model\Collector\CspWhitelistXmlCollector\Proxy</item>
                 <item name="controller" xsi:type="object" sortOrder="100">Magento\Csp\Model\Collector\ControllerCollector\Proxy</item>
                 <item name="dynamic" xsi:type="object" sortOrder="3">Magento\Csp\Model\Collector\DynamicCollector\Proxy</item>
+                <item name="sri" xsi:type="object" sortOrder="2">Magento\Csp\Model\Collector\SubresourceIntegrityCollector\Proxy</item>
             </argument>
             <argument name="mergers" xsi:type="array">
                 <item name="composite" xsi:type="object">Magento\Csp\Model\Collector\MergerInterface</item>