Closed (fixed)
Project:
Security Review
Version:
3.0.2
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
15 Jul 2024 at 17:49 UTC
Updated:
4 Nov 2024 at 21:54 UTC
Jump to comment: Most recent
With 2.0.2, we had something like this:
------------------------------------------------------------------ ---------
Message Status
------------------------------------------------------------------ ---------
Only safe extensions are allowed for uploaded files and images. success
Dangerous tags were not found in any submitted content (fields). success
Untrusted roles do not have administrative or trusted Drupal success
permissions.
Error reporting set to log only. success
PHP files in the Drupal files directory cannot be executed. success
Drupal installation files and directories (except required) are success
not writable by the server.
Cron has ran within the last 3 days. success
Private files directory is outside the web server root. success
No sensitive temporary files were found. success
Untrusted users are not allowed to input dangerous HTML tags. success
Trusted hosts are set. success
No users, with matching username and password, found. success
Vendor directory is outside webroot. success
Views are access controlled. success
------------------------------------------------------------------ ---------
With 3.0.2, we now have this:
--------- --------
Message Status
--------- --------
drush security:review --results --store
$results seems to never be filled when $last_run is false.
It looks like $this->securityReviewService->runChecks() used to return results and now it does not.
Also Check::lastResult() now returns an array and not a CheckResult object so SecurityReviewCommands::formatResults() will need to be rewritten.
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #3
prudloff commentedComment #4
programeta commentedIt works smoothly
Comment #6
smustgrave commented