You are here

Home » API reference » Acquia Connector 7.3 » security_review.inc

function acquia_spi_security_review_check_file_perms in Acquia Connector 7.3

Same name and namespace in other branches
  1. 6.2 acquia_spi/security_review.inc \acquia_spi_security_review_check_file_perms()
  2. 7.2 acquia_spi/security_review.inc \acquia_spi_security_review_check_file_perms()

Check that files aren't writeable by the server.

1 string reference to 'acquia_spi_security_review_check_file_perms'
_acquia_spi_security_review_security_checks in acquia_spi/security_review.inc
Checks for acquia_spi_security_review_get_checks().

File

acquia_spi/security_review.inc, line 189
Stand-alone security checks and review system.

Code

function acquia_spi_security_review_check_file_perms() {
  $result = TRUE;

  // Extract ending folder for file directory path.
  $file_path = './' . rtrim(variable_get('file_public_path', conf_path() . '/files'), '/');

  // Set files to ignore.
  $ignore = array(
    '..',
    'CVS',
    '.git',
    '.svn',
    '.bzr',
    $file_path,
  );

  // Add private files directory if it's set.
  $private_files = variable_get('file_private_path', '');
  if (!empty($private_files)) {
    $private_files = substr($private_files, strrpos($private_files, '/') + 1);
    $ignore[] = $private_files;
  }
  drupal_alter('security_review_file_ignore', $ignore);
  $files = _acquia_spi_security_review_check_file_perms_scan('.', $ignore);

  // Try creating or appending files.
  // Assume it doesn't work.
  $create_status = $append_status = FALSE;
  $directory = drupal_get_path('module', 'security_review');

  // Write a file with the timestamp.
  $file = './' . $directory . '/file_write_test.' . date('Ymdhis');
  if ($file_create = @fopen($file, 'w')) {
    $create_status = fwrite($file_create, t("This is a vulnerable directory.\n"));
    fclose($file_create);
  }

  // Try to append to our IGNOREME file.
  $file = './' . $directory . '/IGNOREME.txt';
  if ($file_append = @fopen($file, 'a')) {
    $append_status = fwrite($file_append, date('Ymdhis') . "\n");
    fclose($file_append);
  }
  if (count($files) || $create_status || $append_status) {
    $result = FALSE;
  }
  return array(
    'result' => $result,
    'value' => $files,
  );
}