[MediaWiki-commits] [Gerrit] mediawiki...BlueSpiceFoundation[master]: Adding BSFileHashCheck maintenance script

[Mglaser (Code Review)]

Mglaser has submitted this change and it was merged.

Change subject: Adding BSFileHashCheck maintenance script
......................................................................


Adding BSFileHashCheck maintenance script

This script allows a code base integrity check. It aims to provide a
simple tool to check for core hacks on installations without proper source
control tools like git.

Change-Id: Iff1c3be842cdef8354b52f5677f78842d1739933
---
A maintenance/BSFileHashCheck.php
1 file changed, 105 insertions(+), 0 deletions(-)

Approvals:
  Mglaser: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/maintenance/BSFileHashCheck.php b/maintenance/BSFileHashCheck.php
new file mode 100644
index 0000000..18ae47a
--- /dev/null
+++ b/maintenance/BSFileHashCheck.php
@@ -0,0 +1,105 @@
+<?php
+
+require_once( 'BSMaintenance.php' );
+
+class BSFileHashCheck extends BSMaintenance {
+       public function __construct() {
+               $this->addOption( 'dir', 'The path to the directory to 
process', true, true );
+               $this->addOption( 'hashes', 'The JSON file with the CRC 
checksums to check against', true, true );
+               $this->addOption( 'mode', 'check|create - whether to check 
against the directory contents or to create the JSON file', false, false );
+
+               parent::__construct();
+       }
+
+       public function execute() {
+               $sMode = $this->getOption( 'mode', 'check' );
+               $sDir = $this->getOption( 'dir' );
+               $sHashes = $this->getOption( 'hashes' );
+
+               if( 'check' === $sMode ) {
+                       $this->checkDirectoryContents( $sHashes, $sDir );
+               } else if( 'create' === $sMode ) {
+                       $this->createHashFile( $sHashes, $sDir );
+               }
+       }
+
+       /**
+        *
+        * @param SplFileInfo $oFileInfo
+        * @return string The hash
+        */
+       public function getFileHash( $oFileInfo ) {
+               return sha1_file( $oFileInfo->getPathname() );
+       }
+
+       /**
+        *
+        * @param SplFileInfo $oFileInfo
+        * @param string $sDir
+        * @return string The normalized relative filepath
+        */
+       public function getFilePath( $oFileInfo, $sDir ) {
+               $sPathName = $oFileInfo->getPathname();
+               $sPathName = str_replace( array( '\\\\','\\' ), '/', $sPathName 
);
+               $sDir = str_replace( array( '\\\\','\\' ), '/', $sDir );
+               $sPathName = preg_replace( '#^'.preg_quote( $sDir ).'#', '', 
$sPathName );
+
+               return trim( $sPathName, '/' );
+       }
+
+       protected function checkDirectoryContents( $sHashes, $sDir ) {
+               $aFileHashMap = FormatJson::decode(
+                       file_get_contents( $sHashes ),
+                       true
+               );
+
+               $aErrors = array();
+               foreach( $aFileHashMap as $sRelPath => $sExpectedHash ) {
+                       $oFileInfo = new SplFileInfo( $sDir . '/' . $sRelPath );
+                       $sActualHash = $this->getFileHash( $oFileInfo );
+                       if( $sActualHash !== $sExpectedHash ) {
+                               $aErrors[] = $sRelPath;
+                       }
+               }
+
+               if( empty( $aErrors ) ) {
+                       $this->output( 'Code base check OK!' );
+               }
+               else {
+                       $this->output( 'Code base check FAILED! There are 
changes in the following files:' );
+                       $this->output( implode( "\n* ", $aErrors ) );
+               }
+       }
+
+       protected function createHashFile( $sHashes, $sDir ) {
+               $oIterator = new RecursiveIteratorIterator(
+                       new RecursiveDirectoryIterator( $sDir )
+               );
+
+               $aFileHashMap = array();
+               foreach( $oIterator as $name => $oFileInfo ) {
+                       if( $oFileInfo->isDir() ) {
+                               continue;
+                       }
+
+                       $sFilePath = $this->getFilePath( $oFileInfo, $sDir );
+                       if( substr( $sFilePath, 0, 1 ) === '.' ) {
+                               continue;
+                       }
+                       $sHash = $this->getFileHash( $oFileInfo );
+
+                       $aFileHashMap[$sFilePath] = $sHash;
+               }
+
+               $this->output( "Saving to $sHashes");
+               file_put_contents( $sHashes, FormatJson::encode( $aFileHashMap, 
true ) );
+       }
+
+}
+
+$maintClass = 'BSFileHashCheck';
+if (defined('RUN_MAINTENANCE_IF_MAIN')) {
+       require_once( RUN_MAINTENANCE_IF_MAIN );
+} else {
+       require_once( DO_MAINTENANCE ); # Make this work on versions before 1.17
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/290645
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Iff1c3be842cdef8354b52f5677f78842d1739933
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/BlueSpiceFoundation
Gerrit-Branch: master
Gerrit-Owner: Robert Vogel <vo...@hallowelt.biz>
Gerrit-Reviewer: Dvogel hallowelt <daniel.vo...@hallowelt.com>
Gerrit-Reviewer: Ljonka <l.verhovs...@gmail.com>
Gerrit-Reviewer: Mglaser <gla...@hallowelt.biz>
Gerrit-Reviewer: Pwirth <wi...@hallowelt.biz>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits