Add scheduled task to cleanup old CSP data #90

catalyst · Jan 2, 2025 · c3398cc · c3398cc
1 parent a1eb7ef
commit c3398cc
Show file tree

Hide file tree

Showing 5 changed files with 103 additions and 2 deletions.
diff --git a/classes/task/cleanup_csp_task.php b/classes/task/cleanup_csp_task.php
@@ -0,0 +1,52 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+namespace local_csp\task;
+
+use core\task\scheduled_task;
+
+/**
+ * Scheduled task to cleanup old CSP records.
+ *
+ * @package    local_csp
+ * @author     Benjamin Walker <[email protected]>
+ * @copyright  2024 Catalyst IT
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class cleanup_csp_task extends scheduled_task {
+    /**
+     * Get task name.
+     */
+    public function get_name(): string {
+        return get_string('cleanup_csp_task', 'local_csp');
+    }
+
+    /**
+     * Execute the task.
+     */
+    public function execute() {
+        global $DB;
+
+        // Clean up all CSP records that haven't had any recent violations.
+        $duration = get_config('local_csp', 'cleanup_duration');
+        if (is_numeric($duration)) {
+            $params = [
+                'timeexpired' => time() - $duration,
+            ];
+            $DB->delete_records_select('local_csp', 'COALESCE(timeupdated, timecreated) < :timeexpired', $params);
+        }
+    }
+}
diff --git a/db/tasks.php b/db/tasks.php
@@ -0,0 +1,38 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Schedule tasks definition.
+ *
+ * @package    local_csp
+ * @author     Benjamin Walker <[email protected]>
+ * @copyright  2024 Catalyst IT
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+
+$tasks = [
+    [
+        'classname' => 'local_csp\task\cleanup_csp_task',
+        'blocking'  => 0,
+        'minute' => '0',
+        'hour' => '0',
+        'day' => '*',
+        'month' => '*',
+        'dayofweek' => '*',
+    ],
+];
diff --git a/lang/en/local_csp.php b/lang/en/local_csp.php
@@ -31,6 +31,9 @@
 $string['blockeddomain'] = 'Domain';
 $string['blockeduri'] = 'Blocked URI';
 $string['blockedurlpaths'] = 'Blocked paths';
+$string['cleanupduration'] = 'CSP cleanup duration';
+$string['cleanupdurationdescription'] = 'Removes CSP records that have not had any violations during the selected time period. The counts of records that have had violations will not be reset. Setting the expiry to 0 will remove all records.';
+$string['cleanup_csp_task'] = 'Cleanup old CSP data task';
 $string['configurecspheader'] = 'Configure CSP header';
 $string['cspdirectives'] = 'CSP directives';
 $string['cspdirectivesinfo'] = '<p>Example of CSP directives (please refer to the above link for exact syntax):<br /><span style="color:#00acdf">script-src https:; style-src cdn.example.com; default-src \'self\';</span></p>';

diff --git a/settings.php b/settings.php
@@ -96,4 +96,12 @@
         '',
         PARAM_TEXT
     ));
+
+    $settings->add(new admin_setting_configduration(
+        'local_csp/cleanup_duration',
+        get_string('cleanupduration', 'local_csp'),
+        get_string('cleanupdurationdescription', 'local_csp'),
+        26 * WEEKSECS,
+        WEEKSECS
+    ));
 }
diff --git a/version.php b/version.php
@@ -25,8 +25,8 @@
 
 defined('MOODLE_INTERNAL') || die;
 
-$plugin->version = 2024052400;
-$plugin->release = 2024052400;
+$plugin->version = 2025010200;
+$plugin->release = 2025010200;
 $plugin->requires = 2015051100;
 $plugin->maturity = MATURITY_STABLE;
 $plugin->component = 'local_csp';