/**
* Returns a check-specific help page.
*
* @param $namespace
* The namespace of the check.
* @param $title
* The name of the check.
*
* @return array
*
* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
*/
private function checkHelp($namespace, $title)
{
// Get the requested check.
$check = Checklist::getCheck($namespace, $title);
// If the check doesn't exist, throw 404.
if ($check == NULL) {
throw new NotFoundHttpException();
}
// Print the help page.
$output = array();
$output[] = array('#type' => 'markup', '#markup' => '<h3>' . t($check->getTitle()) . '</h3>');
$output[] = $check->help();
// If the check is skipped print the skip message, else print the
// evaluation.
if ($check->isSkipped()) {
if ($check->skippedBy() != NULL) {
$user = Drupal::l($check->skippedBy()->getUsername(), $check->skippedBy()->urlInfo());
} else {
$user = '******';
}
$skipMessage = t('Check marked for skipping on !date by !user', array('!date' => format_date($check->skippedOn()), '!user' => $user));
$output[] = array('#type' => 'markup', '#markup' => "<p>{$skipMessage}</p>");
} else {
// Evaluate last result, if any.
$lastResult = $check->lastResult();
if ($lastResult instanceof CheckResult) {
// Separator.
$output[] = array('#type' => 'markup', '#markup' => '<div />');
// Evaluation page.
$output[] = $check->evaluate($lastResult);
}
}
// Return the completed page.
return $output;
}
public function index($check_id)
{
// Determine access type.
$ajax = Drupal::request()->query->get('js') == 1;
// Validate token.
$token = Drupal::request()->query->get('token');
if (Drupal::csrfToken()->validate($token, $check_id)) {
$check = Checklist::getCheckByIdentifier($check_id);
if ($check != NULL) {
if ($check->isSkipped()) {
$check->enable();
} else {
$check->skip();
}
}
// Output.
if ($ajax) {
return new JsonResponse(array('skipped' => $check->isSkipped(), 'toggle_text' => $check->isSkipped() ? 'Enable' : 'Skip', 'toggle_href' => Url::fromRoute('security_review.toggle', array('check_id' => $check->id()), array('query' => array('token' => Drupal::csrfToken()->get($check->id()), 'js' => 1)))));
} else {
// Set message.
if ($check->isSkipped()) {
drupal_set_message(t($check->getTitle() . ' check skipped.'));
} else {
drupal_set_message(t($check->getTitle() . ' check no longer skipped.'));
}
// Redirect back to Run & Review.
return $this->redirect('security_review');
}
}
// Go back to Run & Review if the access was wrong.
return $this->redirect('security_review');
}
/**
* Creates the results' table.
*
* @return array
* The render array for the result table.
*/
public function results()
{
// If there are no results return.
if (SecurityReview::getLastRun() <= 0) {
return array();
}
$checks = array();
foreach (Checklist::getChecks() as $check) {
// Initialize with defaults.
$checkInfo = array('result' => CheckResult::SKIPPED, 'message' => 'The check hasn\'t been run yet.', 'skipped' => $check->isSkipped());
// Get last result.
$lastResult = $check->lastResult();
if ($lastResult != NULL) {
$checkInfo['result'] = $lastResult->result();
$checkInfo['message'] = $lastResult->resultMessage();
}
// Determine help link.
$checkInfo['help_link'] = Drupal::l('Details', Url::fromRoute('security_review.help', array('namespace' => $check->getMachineNamespace(), 'title' => $check->getMachineTitle())));
// Add toggle button.
$toggle_text = $check->isSkipped() ? 'Enable' : 'Skip';
$checkInfo['toggle_link'] = Drupal::l($toggle_text, Url::fromRoute('security_review.toggle', array('check_id' => $check->id()), array('query' => array('token' => Drupal::csrfToken()->get($check->id())))));
// Add to array of completed checks.
$checks[] = $checkInfo;
}
return array('#theme' => 'run_and_review', '#date' => SecurityReview::getLastRun(), '#checks' => $checks, '#attached' => array('library' => array('security_review/run_and_review')));
}
/**
* Sets up the testing environment.
*/
protected function setUp()
{
parent::setUp();
// Login.
$this->user = $this->drupalCreateUser(array('run security checks', 'access security review list', 'access administration pages', 'administer site configuration'));
$this->drupalLogin($this->user);
// Populate $checks.
$this->checks = security_review_security_review_checks();
// Clear cache.
Checklist::clearCache();
}
/**
* Tests the search functions of Checklist:
* getCheck().
* getCheckByIdentifier().
*/
public function testCheckSearch()
{
foreach (Checklist::getChecks() as $check) {
// getCheck().
$found = Checklist::getCheck($check->getMachineNamespace(), $check->getMachineTitle());
$this->assertNotNull($found, 'Found a check.');
$this->assertEqual($check->id(), $found->id(), 'Found ' . $check->getTitle() . '.');
// getCheckByIdentifier().
$found = Checklist::getCheckByIdentifier($check->id());
$this->assertNotNull($found, 'Found a check.');
$this->assertEqual($check->id(), $found->id(), 'Found ' . $check->getTitle() . '.');
}
}
/**
* Deletes orphaned check data.
*/
public static function cleanStorage()
{
// Get list of check configuration names.
$orphaned = Drupal::configFactory()->listAll('security_review.check.');
// Remove items that are used by the checks.
foreach (Checklist::getChecks() as $check) {
$key = array_search('security_review.check.' . $check->id(), $orphaned);
if ($key !== FALSE) {
unset($orphaned[$key]);
}
}
// Delete orphaned configuration data.
foreach ($orphaned as $configName) {
$config = Drupal::configFactory()->getEditable($configName);
$config->delete();
}
}
/**
* {@inheritdoc}
*/
public function submitForm(array &$form, FormStateInterface $form_state)
{
// Frequently used configuration items.
$check_settings = $this->config('security_review.checks');
// Save that the module has been configured.
SecurityReview::setConfigured(TRUE);
// Save the new untrusted roles.
$untrusted_roles = array_keys(array_filter($form_state->getValue('untrusted_roles')));
SecurityReview::setUntrustedRoles($untrusted_roles);
// Save the new logging setting.
$logging = $form_state->getValue('logging') == 1;
SecurityReview::setLogging($logging);
// Skip selected checks.
$skipped = array_keys(array_filter($form_state->getValue('skip')));
foreach (Checklist::getChecks() as $check) {
if (in_array($check->id(), $skipped)) {
$check->skip();
} else {
$check->enable();
}
}
// Save the check-specific settings.
if (isset($form['advanced']['check_specific'])) {
$checkSpecificValues = $form_state->getValue('check_specific');
foreach ($checkSpecificValues as $checkIdentifier => $values) {
// Get corresponding Check.
$check = Checklist::getCheckByIdentifier($checkIdentifier);
// Submit parameters.
$checkForm =& $form['advanced']['check_specific'][$checkIdentifier]['form'];
$checkFormValues = $checkSpecificValues[$checkIdentifier]['form'];
// Submit.
$check->settings()->submitForm($checkForm, $checkFormValues);
}
}
// Commit the settings.
$check_settings->save();
// Finish submitting the form.
parent::submitForm($form, $form_state);
}
