You are here

public function SitesDirectoryHardeningTest::testSitesDirectoryHardening in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/system/tests/src/Functional/System/SitesDirectoryHardeningTest.php \Drupal\Tests\system\Functional\System\SitesDirectoryHardeningTest::testSitesDirectoryHardening()
  2. 9 core/modules/system/tests/src/Functional/System/SitesDirectoryHardeningTest.php \Drupal\Tests\system\Functional\System\SitesDirectoryHardeningTest::testSitesDirectoryHardening()

Tests the default behavior to restrict directory permissions is enforced.

Checks both the current sites directory and settings.php.

File

core/modules/system/tests/src/Functional/System/SitesDirectoryHardeningTest.php, line 28

Class

SitesDirectoryHardeningTest
Tests Drupal permissions hardening of /sites subdirectories.

Namespace

Drupal\Tests\system\Functional\System

Code

public function testSitesDirectoryHardening() {
  $site_path = $this->kernel
    ->getSitePath();
  $settings_file = $this
    ->settingsFile($site_path);

  // First, we check based on what the initial install has set.
  $this
    ->assertTrue(drupal_verify_install_file($site_path, FILE_NOT_WRITABLE, 'dir'), new FormattableMarkup('Verified permissions for @file.', [
    '@file' => $site_path,
  ]));

  // We intentionally don't check for settings.local.php as that file is
  // not created by Drupal.
  $this
    ->assertTrue(drupal_verify_install_file($settings_file, FILE_EXIST | FILE_READABLE | FILE_NOT_WRITABLE), new FormattableMarkup('Verified permissions for @file.', [
    '@file' => $settings_file,
  ]));
  $this
    ->makeWritable($site_path);
  $this
    ->checkSystemRequirements();
  $this
    ->assertTrue(drupal_verify_install_file($site_path, FILE_NOT_WRITABLE, 'dir'), new FormattableMarkup('Verified permissions for @file after manual permissions change.', [
    '@file' => $site_path,
  ]));
  $this
    ->assertTrue(drupal_verify_install_file($settings_file, FILE_EXIST | FILE_READABLE | FILE_NOT_WRITABLE), new FormattableMarkup('Verified permissions for @file after manual permissions change.', [
    '@file' => $settings_file,
  ]));
}