/** * Creates the results' table. * * @return array * The render array for the result table. */ public function results() { // If there are no results return. if (SecurityReview::getLastRun() <= 0) { return array(); } $checks = array(); foreach (Checklist::getChecks() as $check) { // Initialize with defaults. $checkInfo = array('result' => CheckResult::SKIPPED, 'message' => 'The check hasn\'t been run yet.', 'skipped' => $check->isSkipped()); // Get last result. $lastResult = $check->lastResult(); if ($lastResult != NULL) { $checkInfo['result'] = $lastResult->result(); $checkInfo['message'] = $lastResult->resultMessage(); } // Determine help link. $checkInfo['help_link'] = Drupal::l('Details', Url::fromRoute('security_review.help', array('namespace' => $check->getMachineNamespace(), 'title' => $check->getMachineTitle()))); // Add toggle button. $toggle_text = $check->isSkipped() ? 'Enable' : 'Skip'; $checkInfo['toggle_link'] = Drupal::l($toggle_text, Url::fromRoute('security_review.toggle', array('check_id' => $check->id()), array('query' => array('token' => Drupal::csrfToken()->get($check->id()))))); // Add to array of completed checks. $checks[] = $checkInfo; } return array('#theme' => 'run_and_review', '#date' => SecurityReview::getLastRun(), '#checks' => $checks, '#attached' => array('library' => array('security_review/run_and_review'))); }
/** * Tests the 'last_run' setting. */ public function testConfigLastRun() { $this->assertEqual(0, SecurityReview::getLastRun(), 'last_run is 0 by default.'); $time = time(); SecurityReview::setLastRun($time); $this->assertEqual($time, SecurityReview::getLastRun(), 'last_run set to now.'); }
/** * Skips all checks then runs the checklist. No checks should be ran. */ public function testSkippedRun() { foreach ($this->checks as $check) { $check->skip(); } SecurityReview::runChecklist(); foreach ($this->checks as $check) { $this->assertEqual(0, $check->lastRun(), $check->getTitle() . ' has not been run.'); } }
/** * Returns the IDs of untrusted roles. * * If the module hasn't been configured yet, it returns the default untrusted * roles. * * @return array * Untrusted roles' IDs. */ public static function untrustedRoles() { // If the module hasn't been manually configured yet, return the untrusted // roles depending on Drupal's actual configuration. if (!SecurityReview::isConfigured()) { return static::defaultUntrustedRoles(); } // Else return the stored untrusted roles. return SecurityReview::getUntrustedRoles(); }
/** * Logs a check result. * * @param \Drupal\security_review\CheckResult $result * The result to log. */ public static function logCheckResult(CheckResult $result = NULL) { if (SecurityReview::isLogging()) { if ($result == NULL) { $check = $result->check(); $context = array('!reviewcheck' => $check->getTitle(), '!namespace' => $check->getNamespace()); SecurityReview::log($check, '!reviewcheck of !namespace produced a null result', $context, RfcLogLevel::CRITICAL); return; } $check = $result->check(); $level = RfcLogLevel::NOTICE; $message = '!name check invalid result'; switch ($result->result()) { case CheckResult::SUCCESS: $level = RfcLogLevel::INFO; $message = '!name check success'; break; case CheckResult::FAIL: $level = RfcLogLevel::ERROR; $message = '!name check failure'; break; case CheckResult::WARN: $level = RfcLogLevel::WARNING; $message = '!name check warning'; break; case CheckResult::INFO: $level = RfcLogLevel::INFO; $message = '!name check info'; break; } $context = array('!name' => $check->getTitle()); static::log($check, $message, $context, $level); } }
/** * Stores a result in the state system. * * @param \Drupal\security_review\CheckResult $result * The result to store. */ public function storeResult(CheckResult $result = NULL) { if ($result == NULL) { $context = array('!reviewcheck' => $this->getTitle(), '!namespace' => $this->getNamespace()); SecurityReview::log($this, 'Unable to store check !reviewcheck for !namespace', $context, RfcLogLevel::CRITICAL); return; } $findings = $this->storesFindings() ? $result->findings() : array(); Drupal::state()->setMultiple(array($this->statePrefix . 'last_result.result' => $result->result(), $this->statePrefix . 'last_result.time' => $result->time(), $this->statePrefix . 'last_result.findings' => $findings)); }
/** * {@inheritdoc} */ public function submitForm(array &$form, FormStateInterface $form_state) { SecurityReview::runChecklist(); }
/** * {@inheritdoc} */ public function submitForm(array &$form, FormStateInterface $form_state) { // Frequently used configuration items. $check_settings = $this->config('security_review.checks'); // Save that the module has been configured. SecurityReview::setConfigured(TRUE); // Save the new untrusted roles. $untrusted_roles = array_keys(array_filter($form_state->getValue('untrusted_roles'))); SecurityReview::setUntrustedRoles($untrusted_roles); // Save the new logging setting. $logging = $form_state->getValue('logging') == 1; SecurityReview::setLogging($logging); // Skip selected checks. $skipped = array_keys(array_filter($form_state->getValue('skip'))); foreach (Checklist::getChecks() as $check) { if (in_array($check->id(), $skipped)) { $check->skip(); } else { $check->enable(); } } // Save the check-specific settings. if (isset($form['advanced']['check_specific'])) { $checkSpecificValues = $form_state->getValue('check_specific'); foreach ($checkSpecificValues as $checkIdentifier => $values) { // Get corresponding Check. $check = Checklist::getCheckByIdentifier($checkIdentifier); // Submit parameters. $checkForm =& $form['advanced']['check_specific'][$checkIdentifier]['form']; $checkFormValues = $checkSpecificValues[$checkIdentifier]['form']; // Submit. $check->settings()->submitForm($checkForm, $checkFormValues); } } // Commit the settings. $check_settings->save(); // Finish submitting the form. parent::submitForm($form, $form_state); }
/** * @param \Drupal\security_review\Check[] $checks * The array of Checks to run. * * @return \Drupal\security_review\CheckResult[] * The array of CheckResults generated. */ public static function runChecks(array $checks) { $results = array(); foreach ($checks as $check) { $result = $check->run(); SecurityReview::logCheckResult($result); $results[] = $result; } return $results; }