Add scheduled task to cleanup old CSP data #90

classes/task/cleanup_csp_task.php

@@ -0,0 +1,52 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+namespace local_csp\task;
+
+use core\task\scheduled_task;
+
+/**
+ * Scheduled task to cleanup old CSP records.
+ *
+ * @package    local_csp
+ * @author     Benjamin Walker <benjaminwalker@catalyst-au.net>
+ * @copyright  2024 Catalyst IT
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class cleanup_csp_task extends scheduled_task {
+    /**
+     * Get task name.
+     */
+    public function get_name(): string {
+        return get_string('cleanup_csp_task', 'local_csp');
+    }
+
+    /**
+     * Execute the task.
+     */
+    public function execute() {
+        global $DB;
+
+        // Clean up all CSP records that haven't had any recent violations.
+        $duration = get_config('local_csp', 'cleanup_duration');
+        if (is_numeric($duration)) {
+            $params = [
+                'timeexpired' => time() - $duration,
+            ];
+            $DB->delete_records_select('local_csp', 'COALESCE(timeupdated, timecreated) < :timeexpired', $params);
+        }
+    }
+}

collector.php

@@ -64,6 +64,7 @@
             }
             $blockeddomain = $parsedurl->get_host();
             $blockedurlpath = $parsedurl->get_path();
+            $timestamp = time();
 
             // Insert a new record.
             // Truncate URIs of extreme length.
@@ -73,7 +74,8 @@
             $dataobject->blockeddomain = $blockeddomain;
             $dataobject->blockedurlpath = $blockedurlpath;
             $dataobject->violateddirective = strtok($cspreport['violated-directive'], ' ');
-            $dataobject->timecreated = time();
+            $dataobject->timecreated = $timestamp;
+            $dataobject->timeupdated = $timestamp;
             $dataobject->sha1hash = $hash;
             $dataobject->failcounter = 1;
             $DB->insert_record('local_csp', $dataobject);

db/tasks.php

@@ -0,0 +1,38 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Schedule tasks definition.
+ *
+ * @package    local_csp
+ * @author     Benjamin Walker <benjaminwalker@catalyst-au.net>
+ * @copyright  2024 Catalyst IT
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+
+$tasks = [
+    [
+        'classname' => 'local_csp\task\cleanup_csp_task',
+        'blocking'  => 0,
+        'minute' => '0',
+        'hour' => '0',
+        'day' => '*',
+        'month' => '*',
+        'dayofweek' => '*',
+    ],
+];

lang/en/local_csp.php

@@ -31,6 +31,9 @@
 $string['blockeddomain'] = 'Domain';
 $string['blockeduri'] = 'Blocked URI';
 $string['blockedurlpaths'] = 'Blocked paths';
+$string['cleanupduration'] = 'CSP cleanup duration';
+$string['cleanupdurationdescription'] = 'Removes CSP records that have not had any violations during the selected time period. The counts of records that have had violations will not be reset. Setting the expiry to 0 will remove all records.';
+$string['cleanup_csp_task'] = 'Cleanup old CSP data task';
 $string['configurecspheader'] = 'Configure CSP header';
 $string['cspdirectives'] = 'CSP directives';
 $string['cspdirectivesinfo'] = '<p>Example of CSP directives (please refer to the above link for exact syntax):<br /><span style="color:#00acdf">script-src https:; style-src cdn.example.com; default-src \'self\';</span></p>';

settings.php

@@ -96,4 +96,12 @@
         '',
         PARAM_TEXT
     ));
+
+    $settings->add(new admin_setting_configduration(
+        'local_csp/cleanup_duration',
+        get_string('cleanupduration', 'local_csp'),
+        get_string('cleanupdurationdescription', 'local_csp'),
+        26 * WEEKSECS,
+        WEEKSECS
+    ));
 }

version.php

@@ -25,8 +25,8 @@
 
 defined('MOODLE_INTERNAL') || die;
 
-$plugin->version = 2024052400;
-$plugin->release = 2024052400;
+$plugin->version = 2025010200;
+$plugin->release = 2025010200;
 $plugin->requires = 2015051100;
 $plugin->maturity = MATURITY_STABLE;
 $plugin->component = 'local_csp';