AC-10686: [PCI] SRI enabled on payment pages

Author: dvoskoboinikov

app/code/Magento/Csp/Block/Sri/Hashes.php

@@ -7,14 +7,13 @@
 
 use Magento\Framework\App\ObjectManager;
 use Magento\Framework\View\Element\Template;
-use Magento\Framework\Exception\FileSystemException;
-use Magento\Framework\Exception\RuntimeException;
 use Magento\Framework\Serialize\SerializerInterface;
 use Magento\Framework\View\Element\Template\Context;
-use Magento\Csp\Model\SubresourceIntegrityRepository;
+use Magento\Csp\Model\SubresourceIntegrityRepositoryPool;
 
 /**
  * Block for Subresource Integrity hashes rendering.
+ *
  * @api
  */
 class Hashes extends Template
@@ -25,26 +24,26 @@ class Hashes extends Template
     private SerializerInterface $serializer;
 
     /**
-     * @var SubresourceIntegrityRepository
+     * @var SubresourceIntegrityRepositoryPool
      */
-    private SubresourceIntegrityRepository $integrityRepository;
+    private SubresourceIntegrityRepositoryPool $integrityRepositoryPool;
 
     /**
      * @param Context $context
      * @param array $data
-     * @param SubresourceIntegrityRepository|null $integrityRepository
+     * @param SubresourceIntegrityRepositoryPool|null $integrityRepositoryPool
      * @param SerializerInterface|null $serializer
      */
     public function __construct(
         Context $context,
         array $data = [],
-        ?SubresourceIntegrityRepository $integrityRepository = null,
+        ?SubresourceIntegrityRepositoryPool $integrityRepositoryPool = null,
         ?SerializerInterface $serializer = null
     ) {
         parent::__construct($context, $data);
 
-        $this->integrityRepository = $integrityRepository ?: ObjectManager::getInstance()
-            ->get(SubresourceIntegrityRepository::class);
+        $this->integrityRepositoryPool = $integrityRepositoryPool ?: ObjectManager::getInstance()
+            ->get(SubresourceIntegrityRepositoryPool::class);
 
         $this->serializer = $serializer ?: ObjectManager::getInstance()
             ->get(SerializerInterface::class);
@@ -54,16 +53,16 @@ public function __construct(
      * Retrieve serialized integrity hashes.
      *
      * @return string
-     *
-     * @throws FileSystemException
-     * @throws RuntimeException
      */
     public function getSerialized(): string
     {
         $result = [];
-        $assetIntegrity = $this->integrityRepository->getAll();
 
-        foreach ($assetIntegrity as $integrity) {
+        $integrityRepository = $this->integrityRepositoryPool->get(
+            $this->getRequest()->getFullActionName()
+        );
+
+        foreach ($integrityRepository->getAll() as $integrity) {
             $result[$integrity->getUrl()] = $integrity->getHash();
         }
 

app/code/Magento/Csp/Model/Collector/SubresourceIntegrityCollector.php

@@ -7,27 +7,36 @@
 
 namespace Magento\Csp\Model\Collector;
 
+use Magento\Framework\App\Request\Http;
 use Magento\Csp\Model\Policy\FetchPolicy;
 use Magento\Csp\Api\PolicyCollectorInterface;
-use Magento\Csp\Model\SubresourceIntegrityRepository;
+use Magento\Csp\Model\SubresourceIntegrityRepositoryPool;
 
 /**
  * Collects policies auto-defined by Subresource Integrity.
  */
 class SubresourceIntegrityCollector implements PolicyCollectorInterface
 {
     /**
-     * @var SubresourceIntegrityRepository
+     * @var Http
      */
-    private SubresourceIntegrityRepository $integrityRepository;
+    private Http $request;
 
     /**
-     * @param SubresourceIntegrityRepository $integrityRepository
+     * @var SubresourceIntegrityRepositoryPool
+     */
+    private SubresourceIntegrityRepositoryPool $integrityRepositoryPool;
+
+    /**
+     * @param Http $request
+     * @param SubresourceIntegrityRepositoryPool $integrityRepositoryPool
      */
     public function __construct(
-        SubresourceIntegrityRepository $integrityRepository
+        Http $request,
+        SubresourceIntegrityRepositoryPool $integrityRepositoryPool
     ) {
-        $this->integrityRepository = $integrityRepository;
+        $this->request = $request;
+        $this->integrityRepositoryPool = $integrityRepositoryPool;
     }
 
     /**
@@ -36,9 +45,12 @@ public function __construct(
     public function collect(array $defaultPolicies = []): array
     {
         $integrityHashes = [];
-        $assetIntegrity = $this->integrityRepository->getAll();
 
-        foreach ($assetIntegrity as $integrity) {
+        $integrityRepository = $this->integrityRepositoryPool->get(
+            $this->request->getFullActionName()
+        );
+
+        foreach ($integrityRepository->getAll() as $integrity) {
             $hashParts = explode("-", $integrity->getHash());
 
             if (is_array($hashParts) && count($hashParts) > 1) {

app/code/Magento/Csp/Model/SubresourceIntegrity.php

@@ -12,13 +12,6 @@
  */
 class SubresourceIntegrity extends \Magento\Framework\DataObject
 {
-    /**
-     * Expected asset content type.
-     *
-     * @var string
-     */
-    public const CONTENT_TYPE = 'js';
-
     /**
      * Gets an integrity URL.
      *

app/code/Magento/Csp/Model/SubresourceIntegrity/File.php

@@ -27,6 +27,11 @@ class SubresourceIntegrityRepository
      */
     private ?array $data = null;
 
+    /**
+     * @var string|null
+     */
+    private ?string $context;
+
     /**
      * @var CacheInterface
      */
@@ -46,15 +51,18 @@ class SubresourceIntegrityRepository
      * @param CacheInterface $cache
      * @param SerializerInterface $serializer
      * @param SubresourceIntegrityFactory $integrityFactory
+     * @param string|null $context
      */
     public function __construct(
         CacheInterface $cache,
         SerializerInterface $serializer,
-        SubresourceIntegrityFactory $integrityFactory
+        SubresourceIntegrityFactory $integrityFactory,
+        ?string $context = null
     ) {
         $this->cache = $cache;
         $this->serializer = $serializer;
         $this->integrityFactory = $integrityFactory;
+        $this->context = $context;
     }
 
     /**
@@ -117,7 +125,7 @@ public function save(SubresourceIntegrity $integrity): bool
 
         return $this->cache->save(
             $this->serializer->serialize($this->data),
-            self::CACHE_PREFIX,
+            $this->getCacheKey(),
             [self::CACHE_PREFIX]
         );
     }
@@ -130,11 +138,27 @@ public function save(SubresourceIntegrity $integrity): bool
     private function getData(): array
     {
         if ($this->data === null) {
-            $cache = $this->cache->load(self::CACHE_PREFIX);
+            $cache = $this->cache->load($this->getCacheKey());
 
             $this->data = $cache ? $this->serializer->unserialize($cache) : [];
         }
 
         return $this->data;
     }
+
+    /**
+     * Gets a cache key based on current context.
+     *
+     * @return string
+     */
+    private function getCacheKey(): string
+    {
+        $cacheKey = self::CACHE_PREFIX;
+
+        if ($this->context) {
+            $cacheKey .= "_" . $this->context;
+        }
+
+        return $cacheKey;
+    }
 }

app/code/Magento/Csp/Model/SubresourceIntegrityRepository.php

@@ -0,0 +1,53 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Csp\Model;
+
+/**
+ * Pool of subresource integrity repositories.
+ */
+class SubresourceIntegrityRepositoryPool
+{
+    /**
+     * @var array
+     */
+    private array $repositories = [];
+
+    /**
+     * @var SubresourceIntegrityRepositoryFactory
+     */
+    private SubresourceIntegrityRepositoryFactory $integrityRepositoryFactory;
+
+    /**
+     * @param SubresourceIntegrityRepositoryFactory $integrityRepositoryFactory
+     */
+    public function __construct(
+        SubresourceIntegrityRepositoryFactory $integrityRepositoryFactory
+    ) {
+        $this->integrityRepositoryFactory = $integrityRepositoryFactory;
+    }
+
+    /**
+     * Gets subresource integrity repository by given context.
+     *
+     * @param string $context
+     *
+     * @return SubresourceIntegrityRepository
+     */
+    public function get(string $context): SubresourceIntegrityRepository
+    {
+        if (!isset($this->repositories[$context])) {
+            $this->repositories[$context] = $this->integrityRepositoryFactory->create(
+                [
+                    "context" => $context
+                ]
+            );
+        }
+
+        return $this->repositories[$context];
+    }
+}