You are here

public function SitesDirectoryHardeningTest::testSitesDirectoryHardeningConfig in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/system/tests/src/Functional/System/SitesDirectoryHardeningTest.php \Drupal\Tests\system\Functional\System\SitesDirectoryHardeningTest::testSitesDirectoryHardeningConfig()

Tests writable files remain writable when directory hardening is disabled.

File

core/modules/system/tests/src/Functional/System/SitesDirectoryHardeningTest.php, line 49

Class

SitesDirectoryHardeningTest
Tests Drupal permissions hardening of /sites subdirectories.

Namespace

Drupal\Tests\system\Functional\System

Code

public function testSitesDirectoryHardeningConfig() {
  $site_path = $this->kernel
    ->getSitePath();
  $settings_file = $this
    ->settingsFile($site_path);

  // Disable permissions enforcement.
  $settings = Settings::getAll();
  $settings['skip_permissions_hardening'] = TRUE;
  new Settings($settings);
  $this
    ->assertTrue(Settings::get('skip_permissions_hardening'), 'Able to set skip permissions hardening to true.');
  $this
    ->makeWritable($site_path);

  // Manually trigger the requirements check.
  $requirements = $this
    ->checkSystemRequirements();
  $this
    ->assertEquals(REQUIREMENT_WARNING, $requirements['configuration_files']['severity'], 'Warning severity is properly set.');
  $this
    ->assertEquals('Protection disabled', (string) $requirements['configuration_files']['value']);
  $description = strip_tags(\Drupal::service('renderer')
    ->renderPlain($requirements['configuration_files']['description']));
  $this
    ->assertStringContainsString('settings.php is not protected from modifications and poses a security risk.', $description);
  $this
    ->assertStringContainsString('services.yml is not protected from modifications and poses a security risk.', $description);

  // Verify that site directory and the settings.php remain writable when
  // automatically enforcing file permissions is disabled.
  $this
    ->assertDirectoryIsWritable($site_path);
  $this
    ->assertFileIsWritable($settings_file);

  // Re-enable permissions enforcement.
  $settings = Settings::getAll();
  $settings['skip_permissions_hardening'] = FALSE;
  new Settings($settings);

  // Manually trigger the requirements check.
  $requirements = $this
    ->checkSystemRequirements();
  $this
    ->assertEquals('Protected', (string) $requirements['configuration_files']['value']);

  // Verify that site directory and the settings.php remain protected when
  // automatically enforcing file permissions is enabled.
  $this
    ->assertDirectoryIsNotWritable($site_path);
  $this
    ->assertFileIsNotWritable($settings_file);
}