Problem/Motivation
Add the security check for Anonymous/Authenticated role permission.
Steps to reproduce
Proposed resolution
Proposed Resolution
Create FitCheck Plugin: AnonymousAuthenticatedPermissions
• Group: Security
• Purpose: Detect and flag dangerous permissions assigned to Anonymous and Authenticated roles.
Checks to Implement
• Identify high-risk permissions assigned to the roles, including but not limited to:
• Any “administer *” permissions (e.g., administer users, administer permissions, administer site configuration).
• “delete any *” or “delete own *” content permissions granted to anonymous users.
• Permissions that allow bypassing normal access controls, such as “bypass node access”.
• Access to admin pages or toolbar permissions (e.g., “access administration pages”, “access toolbar”).
• Permissions related to code execution such as “execute php code”.
• Other critical permissions that pose similar high risks.
Plugin Behavior and Output
• When dangerous permissions are found:
• Return a FitResult with a high or critical weight indicating the severity.
• Provide a detailed message listing all problematic permissions discovered.
• Include a help message describing remediation steps, such as removing unnecessary permissions or restricting them to trusted roles only.
Remaining tasks
User interface changes
API changes
Data model changes
| Comment | File | Size | Author |
|---|---|---|---|
| #6 | 3558248-6.patch | 14.51 KB | shubham.prakash |
Comments
Comment #2
anmolgoyal74 commentedComment #3
harivansh commentedComment #4
harivansh commentedComment #5
shubham.prakash commentedComment #6
shubham.prakash commentedComment #7
shubham.prakash commentedComment #8
harivansh commentedComment #10
harivansh commented