public function SitesDirectoryHardeningTest::testSitesDirectoryHardeningConfig in Drupal 10
Same name and namespace in other branches
- 8 core/modules/system/tests/src/Functional/System/SitesDirectoryHardeningTest.php \Drupal\Tests\system\Functional\System\SitesDirectoryHardeningTest::testSitesDirectoryHardeningConfig()
- 9 core/modules/system/tests/src/Functional/System/SitesDirectoryHardeningTest.php \Drupal\Tests\system\Functional\System\SitesDirectoryHardeningTest::testSitesDirectoryHardeningConfig()
Tests writable files remain writable when directory hardening is disabled.
File
- core/
modules/ system/ tests/ src/ Functional/ System/ SitesDirectoryHardeningTest.php, line 49
Class
- SitesDirectoryHardeningTest
- Tests Drupal permissions hardening of /sites subdirectories.
Namespace
Drupal\Tests\system\Functional\SystemCode
public function testSitesDirectoryHardeningConfig() {
$site_path = $this->kernel
->getSitePath();
$settings_file = $this
->settingsFile($site_path);
// Disable permissions enforcement.
$settings = Settings::getAll();
$settings['skip_permissions_hardening'] = TRUE;
new Settings($settings);
$this
->assertTrue(Settings::get('skip_permissions_hardening'), 'Able to set skip permissions hardening to true.');
$this
->makeWritable($site_path);
// Manually trigger the requirements check.
$requirements = $this
->checkSystemRequirements();
$this
->assertEquals(REQUIREMENT_WARNING, $requirements['configuration_files']['severity'], 'Warning severity is properly set.');
$this
->assertEquals('Protection disabled', (string) $requirements['configuration_files']['value']);
$description = strip_tags(\Drupal::service('renderer')
->renderPlain($requirements['configuration_files']['description']));
$this
->assertStringContainsString('settings.php is not protected from modifications and poses a security risk.', $description);
$this
->assertStringContainsString('services.yml is not protected from modifications and poses a security risk.', $description);
// Verify that site directory and the settings.php remain writable when
// automatically enforcing file permissions is disabled.
$this
->assertDirectoryIsWritable($site_path);
$this
->assertFileIsWritable($settings_file);
// Re-enable permissions enforcement.
$settings = Settings::getAll();
$settings['skip_permissions_hardening'] = FALSE;
new Settings($settings);
// Manually trigger the requirements check.
$requirements = $this
->checkSystemRequirements();
$this
->assertEquals('Protected', (string) $requirements['configuration_files']['value']);
// Verify that site directory and the settings.php remain protected when
// automatically enforcing file permissions is enabled.
$this
->assertDirectoryIsNotWritable($site_path);
$this
->assertFileIsNotWritable($settings_file);
}