/** * {@inheritdoc} */ public function buildForm(array $form, FormStateInterface $form_state) { // Get the list of checks. $checks = Checklist::getChecks(); // Get the user roles. $roles = user_roles(); $options = array(); foreach ($roles as $rid => $role) { $options[$rid] = SafeMarkup::checkPlain($role->label()); } // Notify the user if anonymous users can create accounts. $message = ''; if (in_array(AccountInterface::AUTHENTICATED_ROLE, Security::defaultUntrustedRoles())) { $message = 'You have allowed anonymous users to create accounts without approval so the authenticated role defaults to untrusted.'; } // Show the untrusted roles form element. $form['untrusted_roles'] = array('#type' => 'checkboxes', '#title' => t('Untrusted roles'), '#description' => t('Define which roles are for less trusted users. The anonymous role defaults to untrusted. @message Most Security Review checks look for resources usable by untrusted roles.', array('@message' => $message)), '#options' => $options, '#default_value' => Security::untrustedRoles()); // TODO: Report inactive namespaces. Old: security_review.pages.inc:146-161. $form['advanced'] = array('#type' => 'details', '#title' => t('Advanced'), '#open' => TRUE); // Show the logging setting. $form['advanced']['logging'] = array('#type' => 'checkbox', '#title' => t('Log checklist results and skips'), '#description' => t('The result of each check and skip can be logged to watchdog for tracking.'), '#default_value' => SecurityReview::isLogging()); // Skipped checks. $values = array(); $options = array(); foreach ($checks as $check) { // Determine if check is being skipped. if ($check->isSkipped()) { $values[] = $check->id(); $label = t('!name <em>skipped by UID !uid on !date</em>', array('!name' => $check->getTitle(), '!uid' => $check->skippedBy()->id(), '!date' => format_date($check->skippedOn()))); } else { $label = $check->getTitle(); } $options[$check->id()] = $label; } $form['advanced']['skip'] = array('#type' => 'checkboxes', '#title' => t('Checks to skip'), '#description' => t('Skip running certain checks. This can also be set on the <em>Run & review</em> page. It is recommended that you do not skip any checks unless you know the result is wrong or the process times out while running.'), '#options' => $options, '#default_value' => $values); // Iterate through checklist and get check-specific setting pages. foreach ($checks as $check) { // Get the check's setting form. $checkForm = $check->settings()->buildForm(); // If not empty, add it to the form. if (!empty($checkForm)) { // If this is the first non-empty setting page initialize the 'details' if (!isset($form['advanced']['check_specific'])) { $form['advanced']['check_specific'] = array('#type' => 'details', '#title' => t('Check-specific settings'), '#open' => FALSE, '#tree' => TRUE); } // Add the form. $subForm =& $form['advanced']['check_specific'][$check->id()]; $title = $check->getTitle(); // If it's an external check, tell the user its namespace. if ($check->getMachineNamespace() != 'security_review') { $title .= ' <em>(' . $check->getNamespace() . ')</em>'; } $subForm = array('#type' => 'details', '#title' => t($title), '#open' => TRUE, '#tree' => TRUE, 'form' => $checkForm); } } // Return the finished form. return parent::buildForm($form, $form_state); }
/** * Logs a check result. * * @param \Drupal\security_review\CheckResult $result * The result to log. */ public static function logCheckResult(CheckResult $result = NULL) { if (SecurityReview::isLogging()) { if ($result == NULL) { $check = $result->check(); $context = array('!reviewcheck' => $check->getTitle(), '!namespace' => $check->getNamespace()); SecurityReview::log($check, '!reviewcheck of !namespace produced a null result', $context, RfcLogLevel::CRITICAL); return; } $check = $result->check(); $level = RfcLogLevel::NOTICE; $message = '!name check invalid result'; switch ($result->result()) { case CheckResult::SUCCESS: $level = RfcLogLevel::INFO; $message = '!name check success'; break; case CheckResult::FAIL: $level = RfcLogLevel::ERROR; $message = '!name check failure'; break; case CheckResult::WARN: $level = RfcLogLevel::WARNING; $message = '!name check warning'; break; case CheckResult::INFO: $level = RfcLogLevel::INFO; $message = '!name check info'; break; } $context = array('!name' => $check->getTitle()); static::log($check, $message, $context, $level); } }
/** * Tests the 'logging' setting. */ public function testConfigLogging() { $this->assertTrue(SecurityReview::isLogging(), 'Logging enabled by default.'); SecurityReview::setLogging(FALSE); $this->assertFalse(SecurityReview::isLogging(), 'Logging disabled.'); }