diff --git a/security_review.drush.inc b/security_review.drush.inc index 9665f16..3265074 100644 --- a/security_review.drush.inc +++ b/security_review.drush.inc @@ -1,5 +1,4 @@ 'Output the stored results from the last run of the checklist' ), ); + $items['password-check-setup'] = array( 'callback' => 'security_review_drush_hash_setup', 'aliases' => array('passset'), @@ -290,3 +290,30 @@ function security_review_drush_hash_setup() { drush_die('File not found'); } } + +/** + * Implements hook_drush_command_alter(). + */ +function security_review_drush_command_alter(&$command) { + // Adds security_review checks to existing security report. + if ($command['command'] == 'audit_security') { + $security_review_checks = array( + 'FilePerms', + 'InputFormats', + 'Field', + 'ErrorReporting', + 'PrivateFiles', + 'UploadExtensions', + 'AdminPermissions', + 'ExecutablePhp', + 'BaseUrlSet', + 'TemporaryFiles', + ); + foreach ($security_review_checks as $name) { + $command['checks'][] = array( + 'name' => $name, + 'location' => __DIR__ . '/security_review.site_audit.inc', + ); + } + } +} diff --git a/security_review.site_audit.inc b/security_review.site_audit.inc new file mode 100644 index 0000000..4c99221 --- /dev/null +++ b/security_review.site_audit.inc @@ -0,0 +1,155 @@ +module][$this->check]['title']; + } + + /** + * Implements \SiteAudit\Check\Abstract\getDescription(). + */ + public function getDescription() { + $checks = security_review_get_checklist(); + return dt('Security Check of @title', array( + '@title' => $checks[$this->module][$this->check]['title'], + )); + } + + /** + * Implements \SiteAudit\Check\Abstract\getResultFail(). + */ + public function getResultFail() { + $ret_val = $this->registry[$this->module][$this->check]['failure']; + if (isset($this->registry[$this->module][$this->check]['value'])) { + if (is_array($this->registry[$this->module][$this->check]['value'])) { + $ret_val .= $this->generateUL($this->registry[$this->module][$this->check]['value'], drush_get_option('html')); + } + elseif ($this->registry[$this->module][$this->check]['value']) { + $ret_val .= ' Additional: "' . $this->registry[$this->module][$this->check]['value'] . '"'; + } + } + return $ret_val; + } + + /** + * Given a nested array, generate a unordered list, or text-only equivalent. + * + * @param $array + * @param bool $html + * @param int $indentation + * @return string + */ + private function generateUL($array, $html = TRUE, $indentation = 6) { + $result = $html ? '' : ''; + return $result; + } + + /** + * Implements \SiteAudit\Check\Abstract\getResultInfo(). + */ + public function getResultInfo() {} + + /** + * Implements \SiteAudit\Check\Abstract\getResultPass(). + */ + public function getResultPass() { + return $this->registry[$this->module][$this->check]['success']; + } + + /** + * Implements \SiteAudit\Check\Abstract\getResultWarn(). + */ + public function getResultWarn() {} + + /** + * Implements \SiteAudit\Check\Abstract\getAction(). + */ + public function getAction() {} + + /** + * Implements \SiteAudit\Check\Abstract\calculateScore(). + */ + public function calculateScore() { + $checks = security_review_get_checklist(); + $checklist_results = security_review_run(array( + $this->module => array($checks[$this->module][$this->check]), + )); + + $this->registry[$this->module][$this->check] = $checklist_results['security_review'][0]; + if (!$this->registry[$this->module][$this->check]['result']) { + return SiteAuditCheckAbstract::AUDIT_CHECK_SCORE_FAIL; + } + else { + return SiteAuditCheckAbstract::AUDIT_CHECK_SCORE_PASS; + } + } +} + +class SiteAuditCheckSecurityFilePerms extends SecurityReviewSiteAuditCheckAbstract { + protected $check = 'file_perms'; + + public function getResultFail() { + if (drush_get_option('detail')) { + return parent::getResultFail(); + } + return $this->registry[$this->module][$this->check]['failure']; + } +} + +class SiteAuditCheckSecurityInputFormats extends SecurityReviewSiteAuditCheckAbstract { + protected $check = 'input_formats'; +} + +class SiteAuditCheckSecurityField extends SecurityReviewSiteAuditCheckAbstract { + protected $check = 'field'; +} + +class SiteAuditCheckSecurityErrorReporting extends SecurityReviewSiteAuditCheckAbstract { + protected $check = 'error_reporting'; +} + +class SiteAuditCheckSecurityPrivateFiles extends SecurityReviewSiteAuditCheckAbstract { + protected $check = 'private_files'; +} + +class SiteAuditCheckSecurityUploadExtensions extends SecurityReviewSiteAuditCheckAbstract { + protected $check = 'upload_extensions'; +} + +class SiteAuditCheckSecurityAdminPermissions extends SecurityReviewSiteAuditCheckAbstract { + protected $check = 'admin_permissions'; +} + +class SiteAuditCheckSecurityExecutablePhp extends SecurityReviewSiteAuditCheckAbstract { + protected $check = 'executable_php'; +} + +class SiteAuditCheckSecurityBaseUrlSet extends SecurityReviewSiteAuditCheckAbstract { + protected $check = 'base_url_set'; +} + +class SiteAuditCheckSecurityTemporaryFiles extends SecurityReviewSiteAuditCheckAbstract { + protected $check = 'temporary_files'; +}