MC-19926: Implement CSP

Oleksandr Gorkun · Oleksandr Gorkun · commit 83d62dc78cf1 · 2019-11-19T13:05:31.000-06:00
diff --git a/app/code/Magento/Csp/Model/Collector/ConfigCollector.php b/app/code/Magento/Csp/Model/Collector/ConfigCollector.php
@@ -12,8 +12,8 @@
 use Magento\Framework\App\Area;
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Framework\App\State;
+use Magento\Store\Model\StoreManagerInterface;
 use Magento\Store\Model\ScopeInterface;
-use Magento\Store\Model\Store;
 
 /**
  * Reads Magento config.
@@ -36,26 +36,26 @@ class ConfigCollector implements PolicyCollectorInterface
     private $state;
 
     /**
-     * @var Store
+     * @var StoreManagerInterface
      */
-    private $storeModel;
+    private $storeManager;
 
     /**
      * @param ScopeConfigInterface $config
      * @param PolicyReaderPool $readersPool
      * @param State $state
-     * @param Store $storeModel
+     * @param StoreManagerInterface $storeManager
      */
     public function __construct(
         ScopeConfigInterface $config,
         PolicyReaderPool $readersPool,
         State $state,
-        Store $storeModel
+        StoreManagerInterface $storeManager
     ) {
         $this->config = $config;
         $this->readersPool = $readersPool;
         $this->state = $state;
-        $this->storeModel = $storeModel;
+        $this->storeManager = $storeManager;
     }
 
     /**
@@ -77,7 +77,7 @@ public function collect(array $defaultPolicies = []): array
             $policiesConfig = $this->config->getValue(
                 'csp/policies/' . $configArea,
                 ScopeInterface::SCOPE_STORE,
-                $this->storeModel->getStore()
+                $this->storeManager->getStore()
             );
             if (is_array($policiesConfig) && $policiesConfig) {
                 foreach ($policiesConfig as $policyConfig) {
diff --git a/app/code/Magento/Csp/etc/csp_whitelist.xsd b/app/code/Magento/Csp/etc/csp_whitelist.xsd
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 /**
- * Structure description for webapi.xml configuration files.
+ * Structure description for csp_whitelist.xml configuration files.
  *
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
diff --git a/dev/tests/integration/testsuite/Magento/Csp/Model/Collector/ConfigCollectorTest.php b/dev/tests/integration/testsuite/Magento/Csp/Model/Collector/ConfigCollectorTest.php
@@ -160,11 +160,17 @@ private function getExpectedPolicies(): array
      */
     public function testCollecting(): void
     {
-        $policies = $this->collector->collect([]);
+        $policies = $this->collector->collect([new FlagPolicy('upgrade-insecure-requests')]);
         $checked = [];
         $expectedPolicies = $this->getExpectedPolicies();
 
+        //Policies were collected
         $this->assertNotEmpty($policies);
+        //Default policies are being kept
+        /** @var PolicyInterface $defaultPolicy */
+        $defaultPolicy = array_shift($policies);
+        $this->assertEquals('upgrade-insecure-requests', $defaultPolicy->getId());
+        //Comparing collected with configured
         /** @var PolicyInterface $policy */
         foreach ($policies as $policy) {
             $id = $policy->getId();

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`<?xml version="1.0" encoding="UTF-8"?>`
`2`	`2`	`<!--`
`3`	`3`	`/**`
`4`		`- * Structure description for webapi.xml configuration files.`
	`4`	`+ * Structure description for csp_whitelist.xml configuration files.`
`5`	`5`	`*`
`6`	`6`	`* Copyright © Magento, Inc. All rights reserved.`
`7`	`7`	`* See COPYING.txt for license details.`