diff --git a/classes/task/cleanup_csp_task.php b/classes/task/cleanup_csp_task.php new file mode 100644 index 0000000..f028127 --- /dev/null +++ b/classes/task/cleanup_csp_task.php @@ -0,0 +1,52 @@ +. + +namespace local_csp\task; + +use core\task\scheduled_task; + +/** + * Scheduled task to cleanup old CSP records. + * + * @package local_csp + * @author Benjamin Walker + * @copyright 2024 Catalyst IT + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ +class cleanup_csp_task extends scheduled_task { + /** + * Get task name. + */ + public function get_name(): string { + return get_string('cleanup_csp_task', 'local_csp'); + } + + /** + * Execute the task. + */ + public function execute() { + global $DB; + + // Clean up all CSP records that haven't had any recent violations. + $duration = get_config('local_csp', 'cleanup_duration'); + if (is_numeric($duration)) { + $params = [ + 'timeexpired' => time() - $duration, + ]; + $DB->delete_records_select('local_csp', 'COALESCE(timeupdated, timecreated) < :timeexpired', $params); + } + } +} diff --git a/collector.php b/collector.php index dec4d8e..c96bb03 100644 --- a/collector.php +++ b/collector.php @@ -64,6 +64,7 @@ } $blockeddomain = $parsedurl->get_host(); $blockedurlpath = $parsedurl->get_path(); + $timestamp = time(); // Insert a new record. // Truncate URIs of extreme length. @@ -73,7 +74,8 @@ $dataobject->blockeddomain = $blockeddomain; $dataobject->blockedurlpath = $blockedurlpath; $dataobject->violateddirective = strtok($cspreport['violated-directive'], ' '); - $dataobject->timecreated = time(); + $dataobject->timecreated = $timestamp; + $dataobject->timeupdated = $timestamp; $dataobject->sha1hash = $hash; $dataobject->failcounter = 1; $DB->insert_record('local_csp', $dataobject); diff --git a/db/tasks.php b/db/tasks.php new file mode 100644 index 0000000..a754320 --- /dev/null +++ b/db/tasks.php @@ -0,0 +1,38 @@ +. + +/** + * Schedule tasks definition. + * + * @package local_csp + * @author Benjamin Walker + * @copyright 2024 Catalyst IT + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ + +defined('MOODLE_INTERNAL') || die(); + +$tasks = [ + [ + 'classname' => 'local_csp\task\cleanup_csp_task', + 'blocking' => 0, + 'minute' => '0', + 'hour' => '0', + 'day' => '*', + 'month' => '*', + 'dayofweek' => '*', + ], +]; diff --git a/lang/en/local_csp.php b/lang/en/local_csp.php index 7105692..3350a37 100644 --- a/lang/en/local_csp.php +++ b/lang/en/local_csp.php @@ -31,6 +31,9 @@ $string['blockeddomain'] = 'Domain'; $string['blockeduri'] = 'Blocked URI'; $string['blockedurlpaths'] = 'Blocked paths'; +$string['cleanupduration'] = 'CSP cleanup duration'; +$string['cleanupdurationdescription'] = 'Removes CSP records that have not had any violations during the selected time period. The counts of records that have had violations will not be reset. Setting the expiry to 0 will remove all records.'; +$string['cleanup_csp_task'] = 'Cleanup old CSP data task'; $string['configurecspheader'] = 'Configure CSP header'; $string['cspdirectives'] = 'CSP directives'; $string['cspdirectivesinfo'] = '

Example of CSP directives (please refer to the above link for exact syntax):
script-src https:; style-src cdn.example.com; default-src \'self\';

'; diff --git a/settings.php b/settings.php index d6dd66a..ee1caf2 100644 --- a/settings.php +++ b/settings.php @@ -96,4 +96,12 @@ '', PARAM_TEXT )); + + $settings->add(new admin_setting_configduration( + 'local_csp/cleanup_duration', + get_string('cleanupduration', 'local_csp'), + get_string('cleanupdurationdescription', 'local_csp'), + 26 * WEEKSECS, + WEEKSECS + )); } diff --git a/version.php b/version.php index e390ed1..dafaf3f 100644 --- a/version.php +++ b/version.php @@ -25,8 +25,8 @@ defined('MOODLE_INTERNAL') || die; -$plugin->version = 2024052400; -$plugin->release = 2024052400; +$plugin->version = 2025010200; +$plugin->release = 2025010200; $plugin->requires = 2015051100; $plugin->maturity = MATURITY_STABLE; $plugin->component = 'local_csp';