private function SecurityReviewController::securityReviewSecurityChecks in Acquia Connector 8.2
Same name and namespace in other branches
- 8 src/Controller/SecurityReviewController.php \Drupal\acquia_connector\Controller\SecurityReviewController::securityReviewSecurityChecks()
- 3.x src/Controller/SecurityReviewController.php \Drupal\acquia_connector\Controller\SecurityReviewController::securityReviewSecurityChecks()
Checks for acquia_spi_security_review_get_checks().
Return value
array Result.
1 call to SecurityReviewController::securityReviewSecurityChecks()
- SecurityReviewController::securityReviewGetChecks in src/
Controller/ SecurityReviewController.php - Helper function allows for collection of this file's security checks.
File
- src/
Controller/ SecurityReviewController.php, line 189
Class
- SecurityReviewController
- Acquia Security Review page.
Namespace
Drupal\acquia_connector\ControllerCode
private function securityReviewSecurityChecks() {
$checks['input_formats'] = [
'title' => $this
->t('Text formats'),
'callback' => 'checkInputFormats',
'success' => $this
->t('Untrusted users are not allowed to input dangerous HTML tags.'),
'failure' => $this
->t('Untrusted users are allowed to input dangerous HTML tags.'),
];
$checks['upload_extensions'] = [
'title' => $this
->t('Allowed upload extensions'),
'callback' => 'checkUploadExtensions',
'success' => $this
->t('Only safe extensions are allowed for uploaded files and images.'),
'failure' => $this
->t('Unsafe file extensions are allowed in uploads.'),
];
$checks['admin_permissions'] = [
'title' => $this
->t('Drupal permissions'),
'callback' => 'checkAdminPermissions',
'success' => $this
->t('Untrusted roles do not have administrative or trusted Drupal permissions.'),
'failure' => $this
->t('Untrusted roles have been granted administrative or trusted Drupal permissions.'),
];
// Check dependent on PHP filter being enabled.
if ($this
->moduleHandler()
->moduleExists('php')) {
$checks['untrusted_php'] = [
'title' => $this
->t('PHP access'),
'callback' => 'checkPhpFilter',
'success' => $this
->t('Untrusted users do not have access to use the PHP input format.'),
'failure' => $this
->t('Untrusted users have access to use the PHP input format.'),
];
}
$checks['executable_php'] = [
'title' => $this
->t('Executable PHP'),
'callback' => 'checkExecutablePhp',
'success' => $this
->t('PHP files in the Drupal files directory cannot be executed.'),
'failure' => $this
->t('PHP files in the Drupal files directory can be executed.'),
];
$checks['temporary_files'] = [
'title' => $this
->t('Temporary files'),
'callback' => 'checkTemporaryFiles',
'success' => $this
->t('No sensitive temporary files were found.'),
'failure' => $this
->t('Sensitive temporary files were found on your files system.'),
];
if ($this
->moduleHandler()
->moduleExists('views')) {
$checks['views_access'] = [
'title' => $this
->t('Views access'),
'callback' => 'checkViewsAccess',
'success' => $this
->t('Views are access controlled.'),
'failure' => $this
->t('There are Views that do not provide any access checks.'),
];
}
return [
'security_review' => $checks,
];
}