/**
* Returns the general help page.
*
* @return array
* The general help page's content.
*/
private function generalHelp()
{
$paragraphs = array();
$paragraphs[] = t('You should take the security of your site very seriously.
Fortunately, Drupal is fairly secure by default.
The Security Review module automates many of the easy-to-make mistakes that render your site insecure, however it does not automatically make your site impenetrable.
You should give care to what modules you install and how you configure your site and server.
Be mindful of who visits your site and what features you expose for their use.');
$paragraphs[] = t('You can read more about securing your site in the !drupal_org and on !cracking_drupal.
There are also additional modules you can install to secure or protect your site. Be aware though that the more modules you have running on your site the greater (usually) attack area you expose.', array('!drupal_org' => Drupal::l('drupal.org handbooks', Url::fromUri('http://drupal.org/security/secure-configuration')), '!cracking_drupal' => Drupal::l('CrackingDrupal.com', Url::fromUri('http://crackingdrupal.com'))));
$paragraphs[] = Drupal::l(t('Drupal.org Handbook: Introduction to security-related contrib modules'), Url::fromUri('http://drupal.org/node/382752'));
$checks = array();
foreach (Checklist::getChecks() as $check) {
// Get the namespace array's reference.
$check_namespace =& $checks[$check->getMachineNamespace()];
// Set up the namespace array if not set.
if (!isset($check_namespace)) {
$check_namespace['namespace'] = $check->getNamespace();
$check_namespace['check_links'] = array();
}
// Add the link pointing to the check-specific help.
$check_namespace['check_links'][] = Drupal::l(t($check->getTitle()), Url::fromRoute('security_review.help', array('namespace' => $check->getMachineNamespace(), 'title' => $check->getMachineTitle())));
}
return array('#theme' => 'general_help', '#paragraphs' => $paragraphs, '#checks' => $checks);
}
/**
* Creates the results' table.
*
* @return array
* The render array for the result table.
*/
public function results()
{
// If there are no results return.
if (SecurityReview::getLastRun() <= 0) {
return array();
}
$checks = array();
foreach (Checklist::getChecks() as $check) {
// Initialize with defaults.
$checkInfo = array('result' => CheckResult::SKIPPED, 'message' => 'The check hasn\'t been run yet.', 'skipped' => $check->isSkipped());
// Get last result.
$lastResult = $check->lastResult();
if ($lastResult != NULL) {
$checkInfo['result'] = $lastResult->result();
$checkInfo['message'] = $lastResult->resultMessage();
}
// Determine help link.
$checkInfo['help_link'] = Drupal::l('Details', Url::fromRoute('security_review.help', array('namespace' => $check->getMachineNamespace(), 'title' => $check->getMachineTitle())));
// Add toggle button.
$toggle_text = $check->isSkipped() ? 'Enable' : 'Skip';
$checkInfo['toggle_link'] = Drupal::l($toggle_text, Url::fromRoute('security_review.toggle', array('check_id' => $check->id()), array('query' => array('token' => Drupal::csrfToken()->get($check->id())))));
// Add to array of completed checks.
$checks[] = $checkInfo;
}
return array('#theme' => 'run_and_review', '#date' => SecurityReview::getLastRun(), '#checks' => $checks, '#attached' => array('library' => array('security_review/run_and_review')));
}
/**
* Tests the search functions of Checklist:
* getCheck().
* getCheckByIdentifier().
*/
public function testCheckSearch()
{
foreach (Checklist::getChecks() as $check) {
// getCheck().
$found = Checklist::getCheck($check->getMachineNamespace(), $check->getMachineTitle());
$this->assertNotNull($found, 'Found a check.');
$this->assertEqual($check->id(), $found->id(), 'Found ' . $check->getTitle() . '.');
// getCheckByIdentifier().
$found = Checklist::getCheckByIdentifier($check->id());
$this->assertNotNull($found, 'Found a check.');
$this->assertEqual($check->id(), $found->id(), 'Found ' . $check->getTitle() . '.');
}
}
/**
* Deletes orphaned check data.
*/
public static function cleanStorage()
{
// Get list of check configuration names.
$orphaned = Drupal::configFactory()->listAll('security_review.check.');
// Remove items that are used by the checks.
foreach (Checklist::getChecks() as $check) {
$key = array_search('security_review.check.' . $check->id(), $orphaned);
if ($key !== FALSE) {
unset($orphaned[$key]);
}
}
// Delete orphaned configuration data.
foreach ($orphaned as $configName) {
$config = Drupal::configFactory()->getEditable($configName);
$config->delete();
}
}
/**
* {@inheritdoc}
*/
public function submitForm(array &$form, FormStateInterface $form_state)
{
// Frequently used configuration items.
$check_settings = $this->config('security_review.checks');
// Save that the module has been configured.
SecurityReview::setConfigured(TRUE);
// Save the new untrusted roles.
$untrusted_roles = array_keys(array_filter($form_state->getValue('untrusted_roles')));
SecurityReview::setUntrustedRoles($untrusted_roles);
// Save the new logging setting.
$logging = $form_state->getValue('logging') == 1;
SecurityReview::setLogging($logging);
// Skip selected checks.
$skipped = array_keys(array_filter($form_state->getValue('skip')));
foreach (Checklist::getChecks() as $check) {
if (in_array($check->id(), $skipped)) {
$check->skip();
} else {
$check->enable();
}
}
// Save the check-specific settings.
if (isset($form['advanced']['check_specific'])) {
$checkSpecificValues = $form_state->getValue('check_specific');
foreach ($checkSpecificValues as $checkIdentifier => $values) {
// Get corresponding Check.
$check = Checklist::getCheckByIdentifier($checkIdentifier);
// Submit parameters.
$checkForm =& $form['advanced']['check_specific'][$checkIdentifier]['form'];
$checkFormValues = $checkSpecificValues[$checkIdentifier]['form'];
// Submit.
$check->settings()->submitForm($checkForm, $checkFormValues);
}
}
// Commit the settings.
$check_settings->save();
// Finish submitting the form.
parent::submitForm($form, $form_state);
}
