-
Notifications
You must be signed in to change notification settings - Fork 4
/
security_review.module
227 lines (202 loc) · 5.96 KB
/
security_review.module
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
<?php
/**
* @file
* Site security review and reporting Drupal module.
*/
use Drupal\Core\Logger\RfcLogLevel;
use Drupal\Core\Url;
use Drupal\security_review\Check;
use Drupal\security_review\CheckResult;
use Drupal\security_review\Checks\AdminPermissions;
use Drupal\security_review\Checks\ErrorReporting;
use Drupal\security_review\Checks\ExecutablePhp;
use Drupal\security_review\Checks\FailedLogins;
use Drupal\security_review\Checks\Field;
use Drupal\security_review\Checks\FilePermissions;
use Drupal\security_review\Checks\InputFormats;
use Drupal\security_review\Checks\PrivateFiles;
use Drupal\security_review\Checks\QueryErrors;
use Drupal\security_review\Checks\TemporaryFiles;
use Drupal\security_review\Checks\TrustedHosts;
use Drupal\security_review\Checks\UploadExtensions;
use Drupal\security_review\Checks\ViewsAccess;
/**
* Implements hook_security_review_checks().
*/
function security_review_security_review_checks() {
return [
new AdminPermissions(),
new ErrorReporting(),
new ExecutablePhp(),
new FailedLogins(),
new Field(),
new FilePermissions(),
new InputFormats(),
new PrivateFiles(),
new QueryErrors(),
new TemporaryFiles(),
new TrustedHosts(),
new UploadExtensions(),
new ViewsAccess(),
];
}
/**
* Implements hook_security_review_log().
*/
function security_review_security_review_log(Check $check, $message, array $context, $level) {
Drupal::logger('security_review')->log($level, $message, $context);
}
/**
* Implements hook_modules_uninstalled().
*/
function security_review_modules_uninstalled($modules) {
/** @var \Drupal\security_review\SecurityReview $security_review */
$security_review = Drupal::service('security_review');
// Clean orphaned checks.
$security_review->cleanStorage();
}
/**
* Implements hook_modules_installed().
*/
function security_review_modules_installed($modules) {
// Post-install hook.
if (in_array('security_review', $modules)) {
/** @var \Drupal\security_review\SecurityReview $security_review */
$security_review = Drupal::service('security_review');
// Clean orphaned checks.
$security_review->cleanStorage();
// Store the web server's user.
$security_review->setServerData();
}
}
/**
* Implements hook_theme().
*/
function security_review_theme($existing, $type, $theme, $path) {
return [
'check_evaluation' => [
'template' => 'check_evaluation',
'variables' => [
'paragraphs' => [],
'items' => [],
],
],
'check_help' => [
'template' => 'check_help',
'variables' => [
'title' => [],
'paragraphs' => [],
],
],
'general_help' => [
'template' => 'general_help',
'variables' => [
'paragraphs' => [],
'checks' => [],
],
],
'run_and_review' => [
'template' => 'run_and_review',
'variables' => [
'date' => [],
'checks' => [],
],
],
];
}
/**
* Preprocesses variables for template 'run_and_review'.
*/
function template_preprocess_run_and_review(&$variables) {
// Get icon list.
$icons_root = '/core/misc/icons/';
$variables['icons'] = [
'success' => $icons_root . '73b355/check.svg',
'warning' => $icons_root . 'e29700/warning.svg',
'fail' => $icons_root . 'ea2800/error.svg',
];
// Generate full URLs.
foreach ($variables['icons'] as $icon => $path) {
$variables['icons'][$icon] = Url::fromUserInput($path)->setAbsolute()
->toString();
}
// Format date.
$variables['date'] = format_date($variables['date']);
// Convert check result integers to strings.
foreach ($variables['checks'] as &$check) {
switch ($check['result']) {
case CheckResult::SUCCESS:
$check['result'] = 'success';
break;
case CheckResult::FAIL:
$check['result'] = 'fail';
break;
case CheckResult::WARN:
$check['result'] = 'warning';
break;
case CheckResult::INFO:
$check['result'] = 'info';
break;
}
}
}
/**
* Implements hook_cron().
*/
function security_review_cron() {
// Store the web server's user.
Drupal::service('security_review')->setServerData();
}
/**
* Batch operation: runs a single check.
*
* @param \Drupal\security_review\Check $check
* The check to run.
* @param array $context
* The Batch context.
*/
function _security_review_batch_run_op(Check $check, array &$context) {
// Inform the user about the progress.
$context['message'] = $check->getTitle();
// Run the check.
$results = Drupal::service('security_review.checklist')
->runChecks([$check]);
// Store the results.
$context['results'] = array_merge($context['results'], $results);
}
/**
* Callback for finishing the batch job of running the checklist.
*
* @param bool $success
* Whether the batch job was successful.
* @param \Drupal\security_review\CheckResult[] $results
* The results of the batch job.
* @param array $operations
* The array of batch operations.
*/
function _security_review_batch_run_finished($success, array $results, array $operations) {
/** @var \Drupal\security_review\SecurityReview $security_review */
$security_review = Drupal::service('security_review');
/** @var \Drupal\security_review\Checklist $checklist */
$checklist = Drupal::service('security_review.checklist');
$security_review->setLastRun(time());
if ($success) {
if (!empty($results)) {
$checklist->storeResults($results);
}
drupal_set_message(t('Review complete'));
}
else {
// Show error information.
$error_operation = reset($operations);
$message = t(
'An error occurred while processing %error_operation with arguments: @arguments',
[
'%error_operation' => $error_operation[0],
'@arguments' => print_r($error_operation[1], TRUE),
]
);
$security_review->log(NULL, $message, [], RfcLogLevel::ERROR);
drupal_set_message(t('The review did not store all results, please run again or check the logs for details.'));
}
}