vendor/wns/security-compliance-suite/src/Logging/Subscriber/CrudSubscriber.php line 76

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace WnsSecurityComplianceSuite\Logging\Subscriber;
  7. use Psr\Log\LoggerInterface;
  8. use Shopware\Core\Defaults;
  9. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityDeletedEvent;
  10. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityWrittenContainerEvent;
  11. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityWrittenEvent;
  12. use Shopware\Core\Framework\DataAbstractionLayer\Write\EntityExistence;
  13. use Shopware\Core\Framework\Event\NestedEventCollection;
  14. use Shopware\Core\PlatformRequest;
  15. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  16. use Symfony\Component\HttpFoundation\Request;
  17. use Symfony\Component\HttpFoundation\RequestStack;
  18. use Symfony\Component\HttpKernel\Event\RequestEvent;
  19. use Symfony\Component\HttpKernel\KernelEvents;
  20. use Symfony\Contracts\EventDispatcher\Event;
  21. use WnsSecurityComplianceSuite\Logging\DTO\Log;
  22. use WnsSecurityComplianceSuite\Logging\DTO\LogSource;
  23. use WnsSecurityComplianceSuite\Logging\Provider\EntityInformationProvider;
  24. use WnsSecurityComplianceSuite\Logging\Provider\MonitoredEntityProvider;
  25. use WnsSecurityComplianceSuite\Logging\Provider\SourceInfoProvider;
  26. use WnsSecurityComplianceSuite\Logging\Service\ActionLogger;
  27. use WnsSecurityComplianceSuite\Logging\Service\DataSanitizer;
  28. use WnsSecurityComplianceSuite\Logging\Service\RequestInterpreter;
  30. final class CrudSubscriber implements EventSubscriberInterface
  31. {
  32. private RequestStack $requestStack;
  34. private EntityInformationProvider $entityInformationProvider;
  36. private MonitoredEntityProvider $monitoredEntityProvider;
  38. private ActionLogger $actionLogger;
  40. private SourceInfoProvider $sourceInfoProvider;
  42. private DataSanitizer $dataSanitizer;
  44. private LoggerInterface $wscsLogger;
  46. private RequestInterpreter $requestInterpreter;
  48. public function __construct(
  49. RequestStack $requestStack,
  50. EntityInformationProvider $entityInformationProvider,
  51. MonitoredEntityProvider $monitoredEntityProvider,
  52. ActionLogger $actionLogger,
  53. SourceInfoProvider $sourceInfoProvider,
  54. DataSanitizer $dataSanitizer,
  55. LoggerInterface $wscsLogger,
  56. RequestInterpreter $requestInterpreter
  57. ) {
  58. $this->requestStack = $requestStack;
  59. $this->entityInformationProvider = $entityInformationProvider;
  60. $this->monitoredEntityProvider = $monitoredEntityProvider;
  61. $this->actionLogger = $actionLogger;
  62. $this->sourceInfoProvider = $sourceInfoProvider;
  63. $this->dataSanitizer = $dataSanitizer;
  64. $this->wscsLogger = $wscsLogger;
  65. $this->requestInterpreter = $requestInterpreter;
  66. }
  68. public static function getSubscribedEvents()
  69. {
  70. return [
  71. EntityWrittenContainerEvent::class => 'onEntityWritten',
  72. KernelEvents::REQUEST => 'checkForDeleteRequest',
  73. ];
  74. }
  76. public function checkForDeleteRequest(RequestEvent $event): void
  77. {
  78. $request = $event->getRequest();
  79. try {
  80. $entities = $this->requestInterpreter->getRequestedEntityDeletions($request);
  81. if (!empty($entities)) {
  82. $this->entityInformationProvider->preloadEntityData($entities);
  83. }
  84. } catch (\Throwable $e) {
  85. $this->wscsLogger->error('Error getting entity data for request: ' . $e->getMessage(), ['request' => $request->attributes->all()]);
  86. }
  87. }
  89. public function onEntityWritten(EntityWrittenContainerEvent $event): void
  90. {
  91. $salesChannelId = null;
  92. $source = $this->getSource($event);
  93. $eventCollection = $event->getEvents() ?? new NestedEventCollection();
  95. if ($event->getEvents() === null) {
  96. return;
  97. }
  99. /** @var EntityWrittenEvent $innerEvent */
  100. foreach ($eventCollection as $innerEvent) {
  101. $payloads = $innerEvent->getPayloads();
  102. if (empty($payloads) || [[]] === $payloads) {
  103. continue;
  104. }
  105. $entityName = $innerEvent->getEntityName();
  106. if ($this->entityInformationProvider->isTranslationEntity($entityName) === true) {
  107. // Do not log translation deletions
  108. continue;
  109. }
  110. $eventType = $innerEvent->getName();
  111. if (!$this->monitoredEntityProvider->entityMonitored($entityName)) {
  112. if (!$this->monitoredEntityProvider->entityIgnored($entityName)) {
  113. $this->actionLogger->logEntityDebug($entityName, $innerEvent->getPayloads());
  114. }
  116. continue;
  117. }
  119. if ($innerEvent instanceof EntityDeletedEvent) {
  120. // Assume there is only one entity per event. It is not an unreasonable assumption, because Shopware by default creates 1 event per 1 entity deleted, even if many are removed by a single request
  121. $writeResult = $innerEvent->getWriteResults()[0];
  122. $primaryKeys = $writeResult->getExistence() instanceof EntityExistence ? $writeResult->getExistence()->getPrimaryKey() : [];
  123. $entityData = $this->entityInformationProvider->retrieveEntityData($entityName, $primaryKeys);
  125. $detail = [
  126. 'data' => $entityData ?? $writeResult->getPayload(),
  127. ];
  128. } else {
  129. // Regular upsert
  130. $payloads = $this->filterMeaningfulData($entityName, $payloads);
  132. if (empty($payloads)) {
  133. continue;
  134. }
  136. $detail = [
  137. 'data' => $payloads,
  138. ];
  139. }
  141. $log = new Log(
  142. $eventType,
  143. $source,
  144. $this->dataSanitizer->sanitize($detail),
  145. new \DateTimeImmutable()
  146. );
  148. $this->actionLogger->log($log, $salesChannelId);
  149. }
  150. }
  152. /**
  153. * This function filters out data entries that consist only of primary keys and/or createdAt/updatedAt fields
  154. * This is a relatively frequent occurrence, particularly with translations. We do not need to log these if no data is modified.
  155. *
  156. * @param array<mixed> $entities
  157. *
  158. * @return array<mixed>
  159. */
  160. private function filterMeaningfulData(string $entityName, array $entities): array
  161. {
  162. $primaryKeys = $this->entityInformationProvider->getEntityPrimaryKeys($entityName);
  163. $ignoredKeys = array_merge(['createdAt', 'updatedAt'], $primaryKeys);
  164. $filtered = [];
  165. foreach ($entities as $key => $entity) {
  166. if (isset($entity['versionId']) && $entity['versionId'] !== Defaults::LIVE_VERSION) {
  167. // Do not do anything with non-live versions
  168. continue;
  169. }
  170. $entityKeys = array_keys($entity);
  171. $meaningfulKeys = array_diff($entityKeys, $ignoredKeys);
  172. if (\count($meaningfulKeys) > 0) {
  173. $filtered[$key] = $entity;
  174. }
  175. }
  177. return $filtered;
  178. }
  180. private function getSource(EntityWrittenContainerEvent $event): LogSource
  181. {
  182. /** @var Request|null $request */
  183. $request = $this->requestStack->getMainRequest();
  184. try {
  185. $context = isset($request) && $request->get(PlatformRequest::ATTRIBUTE_CONTEXT_OBJECT) !== null ?
  186. $request->get(PlatformRequest::ATTRIBUTE_CONTEXT_OBJECT)
  187. : $event->getContext()
  188. ;
  189. $source = $this->sourceInfoProvider->getSourceDTO($context->getSource());
  190. } catch (\Throwable $e) {
  191. $this->wscsLogger->error('Error getting scope: ' . $e->getMessage(), ['request' => $request]);
  192. throw $e;
  193. }
  195. return $source;
  196. }
  197. }