Not sure how complete this is but it works well on my local, so I'd like to at least propose it as a starting point. Here's a screenshot of the output:

Screen Shot 2013-08-14 at 4.58.56 PM.png

FYI, we're deliberately running a couple of patches to contrib, but I think the core changes may be Pantheon specific stuff. At any rate, it appears to work, but I'd like to figure out how to get that percentage set to an accurate number. Patch is attached.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

FluxSauce’s picture

Way cool!

I won't get a chance to test it this week, but will definitely exercise it next week.

I don't like automatically downloading and enabling hacked, that won't work on Pantheon (site_audit is installed in the system-wide drush installation and does not require enabling on site). Is there a way to run hacked without enabling it on a site?

Brainstorming - drush has an internal file-based cache... that could be used instead of the database.

I would add a separate check before the actual hacked run to see if hacked is enabled and abort with an info message if it isn't (similar to views).

While it's using the hacked module, I think it'd be better for the user facing message to be less... scary.

The following extension(s) have been modified:
Audit the codebase to check for modified extensions

will have a much different impact than the implication that someone has broken into the system and changed code.

Again, way cool, I'd like to get this running - especially if we can do it without having to enable hacked.

seanr’s picture

FileSize
5.92 KB

The updated patch (attached) now checks to see if the hacked module is available, if not and the vendor is Pantheon, it fails. If not, and the vendor is not pantheon, it attempts to install it. Otherwise it proceeds directly into the test. Honestly have no idea how to do this without the hacked module available. The warning message has also been updated.

FluxSauce’s picture

I feel strongly about not automatically installing a module, Pantheon or no. So far, every check makes no modifications to the Drupal installation, and to keep user trust, it should stay that way. Additionally, it's going to be very disconcerting and that downloads and enables a module.

Honestly have no idea how to do this without the hacked module available.

Doesn't hacked have drush support? Does that require the module to be installed, or can hacked be placed with other drush commands like /opt/drush/commands/ or ~/.drush/commands? If it requires that the module be installed, what would it take to remove that requirement?

If it is a current requirement of Hacked that the module is enabled, I'm not beyond... hacking hacked, I guess, and putting a patch that allows the checks to be run without the module being enabled in their issue queue so it goes through their channels. That's why I mentioned using drush's cache instead of the database.

To be clear - this will be a great addition. However, this check should also depend on the hacked module... but shouldn't require that hacked be installed. If it's not available to drush, it should just gracefully abort, not make modifications to the site structure, code and database.

FluxSauce’s picture

seanr’s picture

Status: Needs work » Needs review
FileSize
5.06 KB

Updated patch per our chat.

seanr’s picture

Arg, that's stale, reroll coming.

seanr’s picture

FileSize
5.06 KB

And here's the correct one.

FluxSauce’s picture

Waiting on #2066371: Integrate hacked with site_audit & allow hacked to be installed globally as I'd rather not deploy with a patched version of Hacked! as a dependency. I might bug them about taking over maintenance, like I don't have enough going on.

codi’s picture

I've updated the patch a bit with things that seem to work better for us. Hiding the unchanged's and adding a deleted column alongside the changed column. Also updated the patch in #2066371: Integrate hacked with site_audit & allow hacked to be installed globally as it wasn't working for me. Also got a co-worker applying for maintainer of the hacked module so hopefully we can see a resolution to both of these.

FluxSauce’s picture

That last patch is 0 bytes. I'm going to review the hacked changes and see if we can poke it along. The maintainer is there and listening...

FluxSauce’s picture

FluxSauce’s picture

Assigned: Unassigned » FluxSauce
Status: Needs review » Postponed (maintainer needs more info)

Treating this as a meta issue now, #2066371: Integrate hacked with site_audit & allow hacked to be installed globally now that site_audit can be extended. Once that patch is included and the issue is closed, this one can be too!

FluxSauce’s picture

FluxSauce’s picture

Status: Postponed (maintainer needs more info) » Closed (fixed)

Coordinating in other issue.