nikosdion
commented
1 year ago We are automatically generating the checksum and make them available in an API: https://getpanopticon.com/checksums/ This is much better than having each installation download Joomla's ZIP files by itself.
We need to write a connector feature to walk through the filesystem and return the checksums.
We would need to check if the Joomla version is listed in the download.joomla.org site.
Download the ZIP file and create SHA-1 checksums of the files as-is and with all their newlines converted to LF (i.e. convert CRLF to LF, and CR to LF).
The same needs to happen server-side, e.g. make an API call which allows us to retrieve a list of the checksums of a bunch of files we send in a POST request.
If any checksums differ, notify the user.
This is auxiliary to the PHP File Change Scanner. It cannot detect added files in core folders; that's something the PHP File Change Scanner can do, though.