feat: add functionality for plugin checksums (#344)

* feat: add functionality for plugin checksums

* fix: improve checks and use compatible function calls

* fix: improve plugin directory handling and use native file hashing

* fix: improve hashing and error messages

* fix: improve hash service path handling, extension handling

* fix: Improve messages if checksum file not found

* fix: Improve error handling for plugin not found

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* fix: fix previous commit

* fix: Make context creation compatible with old Shopware 6 versions

* fix: fix context creation and improve exception handling for administration

* fix: indentation to 4 spaces

* fix: code style fix

* fix: remove file extensions

* feat: improve checksum checks and paths

* chore: Rename plugin to extension

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Shyim <[email protected]>

Author: 3 people

src/Command/ExtensionChecksumCheckCommand.php

@@ -0,0 +1,132 @@
+<?php declare(strict_types=1);
+
+namespace Frosh\Tools\Command;
+
+use Frosh\Tools\Components\ExtensionChecksum\ExtensionFileHashService;
+use Shopware\Core\Framework\Adapter\Console\ShopwareStyle;
+use Shopware\Core\Framework\Context;
+use Shopware\Core\Framework\DataAbstractionLayer\EntityRepository;
+use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
+use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
+use Shopware\Core\Framework\Plugin\PluginCollection;
+use Shopware\Core\Framework\Plugin\PluginEntity;
+use Symfony\Component\Console\Attribute\AsCommand;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+#[AsCommand(
+    name: 'frosh:extension:checksum:check',
+    description: 'Checks the integrity of extension files',
+)]
+class ExtensionChecksumCheckCommand extends Command
+{
+    /**
+     * @param EntityRepository<PluginCollection> $pluginRepository
+     */
+    public function __construct(
+        private readonly EntityRepository $pluginRepository,
+        private readonly ExtensionFileHashService $extensionFileHashService,
+    ) {
+        parent::__construct();
+    }
+
+    protected function configure(): void
+    {
+        $this->addArgument('extension', InputArgument::OPTIONAL, 'Extension name');
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function execute(InputInterface $input, OutputInterface $output): int
+    {
+        $io = new ShopwareStyle($input, $output);
+
+        $extensions = $this->getExtension((string) $input->getArgument('extension'), $io);
+        if ($extensions->count() < 1) {
+            $io->error('No extensions found');
+
+            return self::FAILURE;
+        }
+
+        $io->info(\sprintf('Found %d extensions to check', $extensions->count()));
+
+        $success = true;
+        foreach ($extensions as $extension) {
+            $io->info('Checking extension: ' . $extension->getName());
+
+            $extensionChecksumCheckResult = $this->extensionFileHashService->checkExtensionForChanges($extension);
+            if ($extensionChecksumCheckResult->isFileMissing()) {
+                $io->warning(\sprintf('Checksum file for extension "%s" not found - integrity check skipped', $extension->getName()));
+
+                // Not setting $success to false because the creation of the checksum file is optional
+                continue;
+            }
+
+            // If the checksum file format changes: Add a check for $extensionChecksumResult->isWrongVersion() here
+            // Right now the version is always 1.0.0
+
+            if ($extensionChecksumCheckResult->isWrongExtensionVersion()) {
+                $io->error(\sprintf('Checksum file for extension "%s" was generated for a different extension version', $extension->getName()));
+                $success = false;
+                continue;
+            }
+
+            if ($extensionChecksumCheckResult->isExtensionOk()) {
+                $io->success(\sprintf('Extension "%s" has no detected file-changes.', $extension->getName()));
+
+                continue;
+            }
+
+            $success = false;
+
+            $io->error(\sprintf('Extension "%s" has changed code.', $extension->getName()));
+            $this->outputFileChanges($io, 'New files detected:', $extensionChecksumCheckResult->getNewFiles());
+            $this->outputFileChanges($io, 'Changed files detected:', $extensionChecksumCheckResult->getChangedFiles());
+            $this->outputFileChanges($io, 'Missing files detected:', $extensionChecksumCheckResult->getMissingFiles());
+        }
+
+        return $success ? self::SUCCESS : self::FAILURE;
+    }
+
+    private function getExtension(string $name, ShopwareStyle $io): PluginCollection
+    {
+        // @phpstan-ignore-next-line
+        $context = method_exists(Context::class, 'createCLIContext') ? Context::createCLIContext() : Context::createDefaultContext();
+
+        if (!$name) {
+            $io->info('Checking all extensions');
+
+            /** @var PluginCollection $extensions */
+            $extensions = $this->pluginRepository->search(new Criteria(), $context)->getEntities();
+
+            return $extensions;
+        }
+
+        $extensions = new PluginCollection();
+
+        $criteria = new Criteria();
+        $criteria->addFilter(new EqualsFilter('name', $name));
+        $extension = $this->pluginRepository->search($criteria, $context)->first();
+        if ($extension instanceof PluginEntity) {
+            $extensions->add($extension);
+        } else {
+            $io->error(\sprintf('Extension "%s" not found', $name));
+        }
+
+        return $extensions;
+    }
+
+    /**
+     * @param string[] $files
+     */
+    private function outputFileChanges(ShopwareStyle $io, string $text, array $files): void
+    {
+        if ($files) {
+            $io->warning($text);
+            $io->listing($files);
+        }
+    }
+}

src/Command/ExtensionChecksumCreateCommand.php

@@ -0,0 +1,99 @@
+<?php declare(strict_types=1);
+
+namespace Frosh\Tools\Command;
+
+use Frosh\Tools\Components\ExtensionChecksum\ExtensionFileHashService;
+use Shopware\Core\Framework\Adapter\Console\ShopwareStyle;
+use Shopware\Core\Framework\Context;
+use Shopware\Core\Framework\DataAbstractionLayer\Entity;
+use Shopware\Core\Framework\DataAbstractionLayer\EntityRepository;
+use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
+use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
+use Shopware\Core\Framework\Plugin\PluginCollection;
+use Shopware\Core\Framework\Plugin\PluginEntity;
+use Symfony\Component\Console\Attribute\AsCommand;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+#[AsCommand(
+    name: 'frosh:extension:checksum:create',
+    description: 'Creates a list of files and their checksums for an extension',
+)]
+class ExtensionChecksumCreateCommand extends Command
+{
+    /**
+     * @param EntityRepository<PluginCollection> $pluginRepository
+     */
+    public function __construct(
+        private readonly EntityRepository $pluginRepository,
+        private readonly ExtensionFileHashService $extensionFileHashService,
+    ) {
+        parent::__construct();
+    }
+
+    protected function configure(): void
+    {
+        $this->addArgument('extension', InputArgument::OPTIONAL, 'Extension name');
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function execute(InputInterface $input, OutputInterface $output): int
+    {
+        $io = new ShopwareStyle($input, $output);
+        // @phpstan-ignore-next-line
+        $context = method_exists(Context::class, 'createCLIContext') ? Context::createCLIContext() : Context::createDefaultContext();
+
+        $extensionName = (string) $input->getArgument('extension');
+        $extension = $this->getExtension($extensionName, $context);
+
+        if (!$extension instanceof PluginEntity) {
+            $io->error(\sprintf('Extension "%s" not found', $extensionName));
+
+            return self::FAILURE;
+        }
+
+        $checksumFilePath = $this->extensionFileHashService->getChecksumFilePathForExtension($extension);
+        if (!$checksumFilePath) {
+            $io->error(\sprintf('Extension "%s" checksum file path could not be identified', $extension->getName()));
+
+            return self::FAILURE;
+        }
+
+        $checksumStruct = $this->extensionFileHashService->getChecksumData($extension);
+
+        $io->info(\sprintf('Writing %s checksums for extension "%s" to file %s', \count($checksumStruct->getHashes()), $extension->getName(), $checksumFilePath));
+
+        $directory = \dirname($checksumFilePath);
+        if (!is_dir($directory)) {
+            $io->error(\sprintf('Directory "%s" does not exist or cannot be read', $directory));
+
+            return self::FAILURE;
+        }
+
+        if (!is_writable($directory)) {
+            $io->error(\sprintf('Directory "%s" is not writable', $directory));
+
+            return self::FAILURE;
+        }
+
+        if (file_put_contents($checksumFilePath, \json_encode($checksumStruct->jsonSerialize(), \JSON_THROW_ON_ERROR)) === false) {
+            $io->error(\sprintf('Failed to write to file "%s"', $checksumFilePath));
+
+            return self::FAILURE;
+        }
+
+        return self::SUCCESS;
+    }
+
+    private function getExtension(string $name, Context $context): ?Entity
+    {
+        $criteria = new Criteria();
+        $criteria->addFilter(new EqualsFilter('name', $name));
+
+        return $this->pluginRepository->search($criteria, $context)->first();
+    }
+}

src/Components/ExtensionChecksum/ExtensionFileHashService.php

@@ -0,0 +1,141 @@
+<?php declare(strict_types=1);
+
+namespace Frosh\Tools\Components\ExtensionChecksum;
+
+use Frosh\Tools\Components\ExtensionChecksum\Struct\ExtensionChecksumCheckResult;
+use Frosh\Tools\Components\ExtensionChecksum\Struct\ExtensionChecksumStruct;
+use Shopware\Core\Framework\Plugin\PluginEntity;
+use Symfony\Component\DependencyInjection\Attribute\Autowire;
+use Symfony\Component\Finder\Finder;
+
+class ExtensionFileHashService
+{
+    /**
+     * xxh128 is chosen for its excellent speed and collision resistance,
+     * making it ideal for file integrity verification.
+     */
+    private const HASH_ALGORITHM = 'xxh128';
+
+    private const CHECKSUM_FILE = 'checksum.json';
+
+    public function __construct(
+        #[Autowire('%kernel.project_dir%')]
+        private readonly string $rootDir,
+    ) {
+    }
+
+    public function getChecksumFilePathForExtension(PluginEntity $extension): string
+    {
+        return $this->getExtensionRootPath($extension) . '/' . self::CHECKSUM_FILE;
+    }
+
+    public function getChecksumData(PluginEntity $extension): ExtensionChecksumStruct
+    {
+        return ExtensionChecksumStruct::fromArray([
+            'algorithm' => self::HASH_ALGORITHM,
+            'hashes' => $this->getHashes($extension),
+            'version' => ExtensionChecksumStruct::CURRENT_VERSION,
+            'extensionVersion' => $extension->getVersion(),
+        ]);
+    }
+
+    public function checkExtensionForChanges(PluginEntity $extension): ExtensionChecksumCheckResult
+    {
+        $checksumFilePath = $this->getChecksumFilePathForExtension($extension);
+        if (!is_file($checksumFilePath)) {
+            return new ExtensionChecksumCheckResult(fileMissing: true);
+        }
+
+        if (!is_readable($checksumFilePath)) {
+            throw new \RuntimeException(\sprintf('Checksum file "%s" exists but is not readable', $checksumFilePath));
+        }
+
+        try {
+            $checksumFileContent = json_decode(
+                (string) file_get_contents($checksumFilePath),
+                true,
+                512,
+                \JSON_THROW_ON_ERROR
+            );
+        } catch (\JsonException $exception) {
+            throw new \RuntimeException(\sprintf('Checksum file "%s" is not valid JSON', $checksumFilePath), 0, $exception);
+        }
+
+        $checksumFileData = ExtensionChecksumStruct::fromArray($checksumFileContent);
+
+        // If the checksum file format changes: Add a check for $checksumFileData->getVersion() here
+        // Right now the version is always 1.0.0
+
+        if ($checksumFileData->getExtensionVersion() !== $extension->getVersion()) {
+            return new ExtensionChecksumCheckResult(wrongExtensionVersion: true);
+        }
+
+        $currentHashes = $this->getHashes($extension, $checksumFileData->getAlgorithm());
+        $previouslyHashedFiles = $checksumFileData->getHashes();
+
+        $newFiles = array_diff_key($currentHashes, $previouslyHashedFiles);
+        $missingFiles = array_diff_key($previouslyHashedFiles, $currentHashes);
+        $changedFiles = [];
+        foreach ($previouslyHashedFiles as $file => $oldHash) {
+            if (isset($currentHashes[$file]) && $currentHashes[$file] !== $oldHash) {
+                $changedFiles[] = $file;
+            }
+        }
+
+        return new ExtensionChecksumCheckResult(
+            newFiles: array_keys($newFiles),
+            changedFiles: $changedFiles,
+            missingFiles: array_keys($missingFiles),
+        );
+    }
+
+    /**
+     * @return array<string, string>
+     */
+    private function getHashes(PluginEntity $extension, ?string $algorithm = null): array
+    {
+        $algorithm = $algorithm ?? self::HASH_ALGORITHM;
+
+        $extensionRootPath = $this->getExtensionRootPath($extension);
+
+        $finder = new Finder();
+        $finder->in([$extensionRootPath])
+            ->files()
+            ->ignoreDotFiles(false)
+            ->notPath(self::CHECKSUM_FILE)
+            ->notPath('Resources/public/administration')
+            ->notPath('/vendor/')
+            ->notPath('/node_modules/');
+
+        $hashes = [];
+        foreach ($finder as $file) {
+            $absoluteFilePath = $file->getRealPath();
+            if (!\is_string($absoluteFilePath) || !$absoluteFilePath) {
+                continue;
+            }
+
+            $hash = \hash_file($algorithm, $absoluteFilePath);
+            if ($hash === false) {
+                throw new \RuntimeException(\sprintf(
+                    'Could not generate %s hash for "%s"',
+                    $algorithm,
+                    $absoluteFilePath
+                ));
+            }
+
+            // Make sure the replacement handles Windows and Unix paths
+            $relativePath = \ltrim(str_replace([$extensionRootPath, '\\'], ['', '/'], $absoluteFilePath), '/');
+
+            $hashes[$relativePath] = $hash;
+        }
+
+        ksort($hashes);
+
+        return $hashes;
+    }
+
+    private function getExtensionRootPath(PluginEntity $extension): string
+    {
+        return \rtrim($this->rootDir . '/' . $extension->getPath(), '/\\');
+    }
+}