5 * Site security review and reporting Drupal module.
8 use Drupal\Core\Logger\RfcLogLevel;
10 use Drupal\security_review\Check;
11 use Drupal\security_review\CheckResult;
12 use Drupal\security_review\Checks\AdminPermissions;
13 use Drupal\security_review\Checks\ErrorReporting;
14 use Drupal\security_review\Checks\ExecutablePhp;
15 use Drupal\security_review\Checks\FailedLogins;
16 use Drupal\security_review\Checks\Field;
17 use Drupal\security_review\Checks\FilePermissions;
18 use Drupal\security_review\Checks\InputFormats;
19 use Drupal\security_review\Checks\PrivateFiles;
20 use Drupal\security_review\Checks\QueryErrors;
21 use Drupal\security_review\Checks\TemporaryFiles;
22 use Drupal\security_review\Checks\TrustedHosts;
23 use Drupal\security_review\Checks\UploadExtensions;
24 use Drupal\security_review\Checks\ViewsAccess;
27 * Implements hook_security_review_checks().
29 function security_review_security_review_checks() {
31 new AdminPermissions(),
36 new FilePermissions(),
42 new UploadExtensions(),
48 * Implements hook_security_review_log().
50 function security_review_security_review_log(Check $check, $message, array $context, $level) {
51 Drupal::logger('security_review')->log($level, $message, $context);
55 * Implements hook_modules_uninstalled().
57 function security_review_modules_uninstalled($modules) {
58 /** @var \Drupal\security_review\SecurityReview $security_review */
59 $security_review = Drupal::service('security_review');
61 // Clean orphaned checks.
62 $security_review->cleanStorage();
66 * Implements hook_modules_installed().
68 function security_review_modules_installed($modules) {
70 if (in_array('security_review', $modules)) {
72 /** @var \Drupal\security_review\SecurityReview $security_review */
73 $security_review = Drupal::service('security_review');
75 // Clean orphaned checks.
76 $security_review->cleanStorage();
78 // Store the web server's user.
79 $security_review->setServerData();
84 * Implements hook_theme().
86 function security_review_theme($existing, $type, $theme, $path) {
88 'check_evaluation' => [
89 'template' => 'check_evaluation',
96 'template' => 'check_help',
103 'template' => 'general_help',
109 'run_and_review' => [
110 'template' => 'run_and_review',
120 * Preprocesses variables for template 'run_and_review'.
122 function template_preprocess_run_and_review(&$variables) {
124 $icons_root = '/core/misc/icons/';
125 $variables['icons'] = [
126 'success' => $icons_root . '73b355/check.svg',
127 'warning' => $icons_root . 'e29700/warning.svg',
128 'fail' => $icons_root . 'e32700/error.svg',
131 // Generate full URLs.
132 foreach ($variables['icons'] as $icon => $path) {
133 $variables['icons'][$icon] = Url::fromUserInput($path)->setAbsolute()
138 $variables['date'] = format_date($variables['date']);
140 // Convert check result integers to strings.
141 foreach ($variables['checks'] as &$check) {
142 if (isset($check['result'])) {
143 switch ($check['result']) {
144 case CheckResult::SUCCESS:
145 $check['result'] = 'success';
148 case CheckResult::FAIL:
149 $check['result'] = 'fail';
152 case CheckResult::WARN:
153 $check['result'] = 'warning';
156 case CheckResult::INFO:
157 $check['result'] = 'info';
165 * Implements hook_cron().
167 function security_review_cron() {
168 // Store the web server's user.
169 Drupal::service('security_review')->setServerData();
173 * Batch operation: runs a single check.
175 * @param \Drupal\security_review\Check $check
177 * @param array $context
180 function _security_review_batch_run_op(Check $check, array &$context) {
181 // Inform the user about the progress.
182 $context['message'] = $check->getTitle();
185 $results = Drupal::service('security_review.checklist')
186 ->runChecks([$check]);
188 // Store the results.
189 $context['results'] = array_merge($context['results'], $results);
193 * Callback for finishing the batch job of running the checklist.
195 * @param bool $success
196 * Whether the batch job was successful.
197 * @param \Drupal\security_review\CheckResult[] $results
198 * The results of the batch job.
199 * @param array $operations
200 * The array of batch operations.
202 function _security_review_batch_run_finished($success, array $results, array $operations) {
203 /** @var \Drupal\security_review\SecurityReview $security_review */
204 $security_review = Drupal::service('security_review');
206 /** @var \Drupal\security_review\Checklist $checklist */
207 $checklist = Drupal::service('security_review.checklist');
209 $security_review->setLastRun(time());
211 if (!empty($results)) {
212 $checklist->storeResults($results);
214 drupal_set_message(t('Review complete'));
217 // Show error information.
218 $error_operation = reset($operations);
220 'An error occurred while processing %error_operation with arguments: @arguments',
222 '%error_operation' => $error_operation[0],
223 '@arguments' => print_r($error_operation[1], TRUE),
226 $security_review->log(NULL, $message, [], RfcLogLevel::ERROR);
227 drupal_set_message(t('The review did not store all results, please run again or check the logs for details.'));