AC-13833: Refactor SRI mechanism to use filesystem for storage.

admanesachin · admanesachin · commit 5e57b6621071 · 2025-01-29T14:15:59.000-06:00
diff --git a/app/code/Magento/Csp/Model/SubresourceIntegrity/Storage/File.php b/app/code/Magento/Csp/Model/SubresourceIntegrity/Storage/File.php
@@ -0,0 +1,110 @@
+<?php
+/************************************************************************
+ *
+ * Copyright 2024 Adobe
+ * All Rights Reserved.
+ *
+ * NOTICE: All information contained herein is, and remains
+ * the property of Adobe and its suppliers, if any. The intellectual
+ * and technical concepts contained herein are proprietary to Adobe
+ * and its suppliers and are protected by all applicable intellectual
+ * property laws, including trade secret and copyright laws.
+ * Dissemination of this information or reproduction of this material
+ * is strictly forbidden unless prior written permission is obtained
+ * from Adobe.
+ * ************************************************************************
+ */
+declare(strict_types=1);
+
+namespace Magento\Csp\Model\SubresourceIntegrity\Storage;
+
+use Magento\Deploy\Package\Package;
+use Magento\Framework\App\Area;
+use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\Exception\FileSystemException;
+use Magento\Framework\Filesystem;
+
+/**
+ * Persistence of sri hashes in the local file system
+ */
+class File
+{
+    /**
+     * Constant for sri hashes filename
+     */
+    private const FILENAME = 'sri-hashes.json';
+
+    /**
+     * @var Filesystem
+     */
+    private Filesystem $filesystem;
+
+    /**
+     * Constructor
+     *
+     * @param Filesystem $filesystem
+     */
+    public function __construct(
+        Filesystem $filesystem
+    ) {
+        $this->filesystem = $filesystem;
+    }
+
+    /**
+     * Load data from filesystem
+     *
+     * @param string|null $area
+     * @return string|bool
+     * @throws FileSystemException
+     */
+    public function load(?string $area = null): string|bool
+    {
+        $staticDir = $this->filesystem->getDirectoryRead(DirectoryList::STATIC_VIEW);
+
+        if ($area) {
+            $path = $area . DIRECTORY_SEPARATOR . self::FILENAME;
+            if ($staticDir->isFile($path)) {
+                return $staticDir->readFile($path);
+            }
+        }
+        return false;
+    }
+
+    /**
+     * Save File to Local Storage by area
+     *
+     * @param string $data
+     * @param string|null $area
+     * @return bool
+     * @throws FileSystemException
+     */
+    public function save(string $data, ?string $area = null): bool
+    {
+        $staticDir = $this->filesystem->getDirectoryWrite(DirectoryList::STATIC_VIEW);
+
+        if ($area) {
+            $path = $area . DIRECTORY_SEPARATOR . self::FILENAME;
+            return (bool)$staticDir->writeFile($path, $data, 'w');
+        }
+        return false;
+    }
+
+    /**
+     * Delete all Sri Hashes files
+     *
+     * @throws FileSystemException
+     */
+    public function remove():bool
+    {
+        $staticDir = $this->filesystem->getDirectoryWrite(DirectoryList::STATIC_VIEW);
+
+        //delete all json files from all areas
+        foreach ([Package::BASE_AREA, Area::AREA_FRONTEND, Area::AREA_ADMINHTML] as $area) {
+            $path = $area . DIRECTORY_SEPARATOR . self::FILENAME;
+            if ($staticDir->isFile($path)) {
+               $staticDir->delete($path);
+            }
+        }
+        return true;
+    }
+}
diff --git a/app/code/Magento/Csp/Model/SubresourceIntegrityRepository.php b/app/code/Magento/Csp/Model/SubresourceIntegrityRepository.php
@@ -8,7 +8,10 @@
 namespace Magento\Csp\Model;
 
 use Magento\Framework\App\CacheInterface;
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\Exception\FileSystemException;
 use Magento\Framework\Serialize\SerializerInterface;
+use Magento\Csp\Model\SubresourceIntegrity\Storage\File;
 
 /**
  * Class contains methods equivalent to repository design to manage SRI hashes in cache.
@@ -47,22 +50,27 @@ class SubresourceIntegrityRepository
      */
     private SubresourceIntegrityFactory $integrityFactory;
 
+    private File $sriStorage;
+
     /**
      * @param CacheInterface $cache
      * @param SerializerInterface $serializer
      * @param SubresourceIntegrityFactory $integrityFactory
      * @param string|null $context
+     * @param File|null $sriStorage
      */
     public function __construct(
         CacheInterface $cache,
         SerializerInterface $serializer,
         SubresourceIntegrityFactory $integrityFactory,
-        ?string $context = null
+        ?string $context = null,
+        ? File $sriStorage = null
     ) {
         $this->cache = $cache;
         $this->serializer = $serializer;
         $this->integrityFactory = $integrityFactory;
         $this->context = $context;
+        $this->sriStorage = $sriStorage ?? ObjectManager::getInstance()->get(File::class);
     }
 
     /**
@@ -94,6 +102,7 @@ public function getByPath(string $path): ?SubresourceIntegrity
      * Gets all available Integrity objects.
      *
      * @return SubresourceIntegrity[]
+     * @throws FileSystemException
      */
     public function getAll(): array
     {
@@ -119,6 +128,7 @@ public function getAll(): array
      * @param SubresourceIntegrity $integrity
      *
      * @return bool
+     * @throws FileSystemException
      */
     public function save(SubresourceIntegrity $integrity): bool
     {
@@ -128,10 +138,9 @@ public function save(SubresourceIntegrity $integrity): bool
 
         $this->data = $data;
 
-        return $this->cache->save(
+        return $this->sriStorage->save(
             $this->serializer->serialize($this->data),
-            $this->getCacheKey(),
-            [self::CACHE_PREFIX]
+            $this->context
         );
     }
 
@@ -152,36 +161,35 @@ public function saveBunch(array $bunch): bool
 
         $this->data = $data;
 
-        return $this->cache->save(
+        return $this->sriStorage->save(
             $this->serializer->serialize($this->data),
-            $this->getCacheKey(),
-            [self::CACHE_PREFIX]
+           $this->context
         );
     }
 
     /**
      * Deletes all Integrity objects.
      *
      * @return bool
+     * @throws FileSystemException
      */
     public function deleteAll(): bool
     {
         $this->data = null;
 
-        return $this->cache->remove(
-            $this->getCacheKey()
-        );
+        return $this->sriStorage->remove();
     }
 
     /**
      * Loads integrity data from a storage.
      *
      * @return array
+     * @throws FileSystemException
      */
     private function getData(): array
     {
         if ($this->data === null) {
-            $cache = $this->cache->load($this->getCacheKey());
+            $cache = $this->sriStorage->load($this->context);
 
             $this->data = $cache ? $this->serializer->unserialize($cache) : [];
         }
@@ -193,6 +201,7 @@ private function getData(): array
      * Gets a cache key based on current context.
      *
      * @return string
+     * @deprecated Filesystem storage used instead of a cache
      */
     private function getCacheKey(): string
     {
