/**
* check an app's integrity
* @param array $data
* @param string $extractDir
* @param string $path
* @param bool $isShipped
* @return array
* @throws \Exception
*/
public static function checkAppsIntegrity($data, $extractDir, $path, $isShipped = false)
{
$l = \OC::$server->getL10N('lib');
//load the info.xml file of the app
if (!is_file($extractDir . '/appinfo/info.xml')) {
//try to find it in a subdir
$dh = opendir($extractDir);
if (is_resource($dh)) {
while (($folder = readdir($dh)) !== false) {
if ($folder[0] != '.' and is_dir($extractDir . '/' . $folder)) {
if (is_file($extractDir . '/' . $folder . '/appinfo/info.xml')) {
$extractDir .= '/' . $folder;
}
}
}
}
}
if (!is_file($extractDir . '/appinfo/info.xml')) {
OC_Helper::rmdirr($extractDir);
if ($data['source'] === 'http') {
unlink($path);
}
throw new \Exception($l->t("App does not provide an info.xml file"));
}
$info = OC_App::getAppInfo($extractDir . '/appinfo/info.xml', true);
// We can't trust the parsed info.xml file as it may have been tampered
// with by an attacker and thus we need to use the local data to check
// whether the application needs to be signed.
$appId = OC_App::cleanAppId($data['appdata']['id']);
$appBelongingToId = OC_App::getInternalAppIdByOcs($appId);
if (is_string($appBelongingToId)) {
$previouslySigned = \OC::$server->getConfig()->getAppValue($appBelongingToId, 'signed', 'false');
} else {
$appBelongingToId = $info['id'];
$previouslySigned = 'false';
}
if ($data['appdata']['level'] === OC_App::officialApp || $previouslySigned === 'true') {
\OC::$server->getConfig()->setAppValue($appBelongingToId, 'signed', 'true');
$integrityResult = \OC::$server->getIntegrityCodeChecker()->verifyAppSignature($appBelongingToId, $extractDir);
if ($integrityResult !== []) {
$e = new \Exception($l->t('Signature could not get checked. Please contact the app developer and check your admin screen.'));
throw $e;
}
}
// check the code for not allowed calls
if (!$isShipped && !OC_Installer::checkCode($extractDir)) {
OC_Helper::rmdirr($extractDir);
throw new \Exception($l->t("App can't be installed because of not allowed code in the App"));
}
// check if the app is compatible with this version of ownCloud
if (!OC_App::isAppCompatible(\OCP\Util::getVersion(), $info)) {
OC_Helper::rmdirr($extractDir);
throw new \Exception($l->t("App can't be installed because it is not compatible with this version of ownCloud"));
}
// check if shipped tag is set which is only allowed for apps that are shipped with ownCloud
if (!$isShipped && isset($info['shipped']) && $info['shipped'] == 'true') {
OC_Helper::rmdirr($extractDir);
throw new \Exception($l->t("App can't be installed because it contains the <shipped>true</shipped> tag which is not allowed for non shipped apps"));
}
// check if the ocs version is the same as the version in info.xml/version
$version = trim($info['version']);
if (isset($data['appdata']['version']) && $version != trim($data['appdata']['version'])) {
OC_Helper::rmdirr($extractDir);
throw new \Exception($l->t("App can't be installed because the version in info.xml is not the same as the version reported from the app store"));
}
return $info;
}