/**
* {@inheritdoc}
*/
public function buildForm(array $form, FormStateInterface $form_state)
{
// Get the list of checks.
$checks = Checklist::getChecks();
// Get the user roles.
$roles = user_roles();
$options = array();
foreach ($roles as $rid => $role) {
$options[$rid] = SafeMarkup::checkPlain($role->label());
}
// Notify the user if anonymous users can create accounts.
$message = '';
if (in_array(AccountInterface::AUTHENTICATED_ROLE, Security::defaultUntrustedRoles())) {
$message = 'You have allowed anonymous users to create accounts without approval so the authenticated role defaults to untrusted.';
}
// Show the untrusted roles form element.
$form['untrusted_roles'] = array('#type' => 'checkboxes', '#title' => t('Untrusted roles'), '#description' => t('Define which roles are for less trusted users. The anonymous role defaults to untrusted. @message Most Security Review checks look for resources usable by untrusted roles.', array('@message' => $message)), '#options' => $options, '#default_value' => Security::untrustedRoles());
// TODO: Report inactive namespaces. Old: security_review.pages.inc:146-161.
$form['advanced'] = array('#type' => 'details', '#title' => t('Advanced'), '#open' => TRUE);
// Show the logging setting.
$form['advanced']['logging'] = array('#type' => 'checkbox', '#title' => t('Log checklist results and skips'), '#description' => t('The result of each check and skip can be logged to watchdog for tracking.'), '#default_value' => SecurityReview::isLogging());
// Skipped checks.
$values = array();
$options = array();
foreach ($checks as $check) {
// Determine if check is being skipped.
if ($check->isSkipped()) {
$values[] = $check->id();
$label = t('!name <em>skipped by UID !uid on !date</em>', array('!name' => $check->getTitle(), '!uid' => $check->skippedBy()->id(), '!date' => format_date($check->skippedOn())));
} else {
$label = $check->getTitle();
}
$options[$check->id()] = $label;
}
$form['advanced']['skip'] = array('#type' => 'checkboxes', '#title' => t('Checks to skip'), '#description' => t('Skip running certain checks. This can also be set on the <em>Run & review</em> page. It is recommended that you do not skip any checks unless you know the result is wrong or the process times out while running.'), '#options' => $options, '#default_value' => $values);
// Iterate through checklist and get check-specific setting pages.
foreach ($checks as $check) {
// Get the check's setting form.
$checkForm = $check->settings()->buildForm();
// If not empty, add it to the form.
if (!empty($checkForm)) {
// If this is the first non-empty setting page initialize the 'details'
if (!isset($form['advanced']['check_specific'])) {
$form['advanced']['check_specific'] = array('#type' => 'details', '#title' => t('Check-specific settings'), '#open' => FALSE, '#tree' => TRUE);
}
// Add the form.
$subForm =& $form['advanced']['check_specific'][$check->id()];
$title = $check->getTitle();
// If it's an external check, tell the user its namespace.
if ($check->getMachineNamespace() != 'security_review') {
$title .= ' <em>(' . $check->getNamespace() . ')</em>';
}
$subForm = array('#type' => 'details', '#title' => t($title), '#open' => TRUE, '#tree' => TRUE, 'form' => $checkForm);
}
}
// Return the finished form.
return parent::buildForm($form, $form_state);
}
/**
* Logs a check result.
*
* @param \Drupal\security_review\CheckResult $result
* The result to log.
*/
public static function logCheckResult(CheckResult $result = NULL)
{
if (SecurityReview::isLogging()) {
if ($result == NULL) {
$check = $result->check();
$context = array('!reviewcheck' => $check->getTitle(), '!namespace' => $check->getNamespace());
SecurityReview::log($check, '!reviewcheck of !namespace produced a null result', $context, RfcLogLevel::CRITICAL);
return;
}
$check = $result->check();
$level = RfcLogLevel::NOTICE;
$message = '!name check invalid result';
switch ($result->result()) {
case CheckResult::SUCCESS:
$level = RfcLogLevel::INFO;
$message = '!name check success';
break;
case CheckResult::FAIL:
$level = RfcLogLevel::ERROR;
$message = '!name check failure';
break;
case CheckResult::WARN:
$level = RfcLogLevel::WARNING;
$message = '!name check warning';
break;
case CheckResult::INFO:
$level = RfcLogLevel::INFO;
$message = '!name check info';
break;
}
$context = array('!name' => $check->getTitle());
static::log($check, $message, $context, $level);
}
}
/**
* Tests the 'logging' setting.
*/
public function testConfigLogging()
{
$this->assertTrue(SecurityReview::isLogging(), 'Logging enabled by default.');
SecurityReview::setLogging(FALSE);
$this->assertFalse(SecurityReview::isLogging(), 'Logging disabled.');
}
