seckit.install in Security Kit 7
Same filename and directory in other branches
Install/update/uninstall actions for SecKit.
File
seckit.installView source
<?php
/**
* @file
* Install/update/uninstall actions for SecKit.
*/
/**
* Implements hook_install().
*/
function seckit_install() {
// Unlimited CSP reports are likely to be necessary during the initial
// development of a content security policy, but this should be treated as
// an override of the default value of zero.
variable_set('seckit_advanced', array(
'unlimited_csp_reports' => 1,
));
}
/**
* Implements hook_uninstall().
*/
function seckit_uninstall() {
variable_del('seckit_xss');
variable_del('seckit_csrf');
variable_del('seckit_clickjacking');
variable_del('seckit_ssl');
variable_del('seckit_ct');
variable_del('seckit_various');
variable_del('seckit_advanced');
variable_del('seckit_fp');
}
/**
* Implements hook_requirements().
*/
function seckit_requirements($phase) {
$requirements = array();
// Ensure translations don't break during installation.
$t = get_t();
if ($phase == 'runtime') {
$options = _seckit_get_options();
$csp_options = $options['seckit_xss']['csp'];
if ($csp_options['report-only']) {
$requirements['seckit'] = array(
'title' => $t('Security Kit'),
'value' => $t("Content Security Policy (CSP) is in 'report only' mode. Policy violations will <em>not</em> be blocked. !configure.", array(
'!configure' => l('Configure Security Kit', 'admin/config/system/seckit'),
)),
'severity' => REQUIREMENT_WARNING,
);
}
}
return $requirements;
}
/**
* Changes Content-Security-Policy "allow" directive to "default-src".
*/
function seckit_update_7101() {
// update CSP directives
// default-src is used instead of allow
$options = variable_get('seckit_xss');
if (isset($options['csp']['allow'])) {
$directive = $options['csp']['allow'];
if ($directive) {
// remove allow
unset($options['csp']['allow']);
// add default-src
$options['csp']['default-src'] = $directive;
// delete and set new version of variable
variable_del('seckit_xss');
variable_set('seckit_xss', $options);
}
}
}
/**
* Removes "Override style for frames" options.
*
* http://drupal.org/node/1243032
*/
function seckit_update_7102() {
// removes override style variable
$options = variable_get('seckit_clickjacking');
// remove override style
unset($options['override_style']);
// delete and set new version
variable_del('seckit_clickjacking');
variable_set('seckit_clickjacking', $options);
}
/**
* Changes Content-Security-Policy "xhr-src" directive to "connect-src".
*
* http://drupal.org/node/1241226#comment-5125336
*/
function seckit_update_7103() {
// update CSP directives
// connect-src is used instead of xhr-src
$options = variable_get('seckit_xss');
// add connect-src
$options['csp']['connect-src'] = $options['csp']['xhr-src'];
// remove xhr-src
unset($options['csp']['xhr-src']);
// delete and set new version of variable
variable_del('seckit_xss');
variable_set('seckit_xss', $options);
}
/**
* Removes Content-Security-Policy "frame-ancestors" directive and "options".
*
* They are removed from stable version of specification http://www.w3.org/TR/CSP.
*/
function seckit_update_7104() {
// update CSP directives
$options = variable_get('seckit_xss');
// frame-ancestors is removed
unset($options['csp']['frame-ancestors']);
// options is removed
unset($options['csp']['options']);
// delete and set new version of variable
variable_del('seckit_xss');
variable_set('seckit_xss', $options);
}
/**
* Update saved instances of the old (deprecated) CSP report URI.
*/
function seckit_update_7105() {
// We only care about variable values which are saved in the database.
$variables = variable_initialize(array());
if (!empty($variables['seckit_xss']['csp']['report-uri'])) {
$seckit_xss = $variables['seckit_xss'];
$deprecated = 'admin/config/system/seckit/csp-report';
if ($seckit_xss['csp']['report-uri'] === $deprecated) {
$seckit_xss['csp']['report-uri'] = SECKIT_CSP_REPORT_URL;
variable_set('seckit_xss', $seckit_xss);
return t("Changed CSP violation report path from '@old' to '@new'.", array(
'@old' => $deprecated,
'@new' => SECKIT_CSP_REPORT_URL,
));
}
}
}
/**
* If no CSP has been configured, enable unlimited_csp_reports by default.
*/
function seckit_update_7106() {
// Unlimited CSP reports are likely to be necessary during the initial
// development of a content security policy, but this should be treated as
// an override of the default value of zero.
// As per seckit_install(), but catching the case when SecKit is already
// enabled but no CSP policy has yet been configured.
$options = _seckit_get_options();
$defaults = _seckit_get_options_defaults();
if ($options['seckit_xss']['csp'] == $defaults['seckit_xss']['csp']) {
$seckit_advanced = variable_get('seckit_advanced', array());
$seckit_advanced['unlimited_csp_reports'] = 1;
variable_set('seckit_advanced', $seckit_advanced);
}
}
/**
* Remove x_content_type from seckit_xss variable.
*/
function seckit_update_7107() {
// Load variables directly from the db without any $conf overrides.
$variables = variable_initialize(array());
if (isset($variables['seckit_xss']['x_content_type'])) {
$seckit_xss = $variables['seckit_xss'];
unset($seckit_xss['x_content_type']);
variable_set('seckit_xss', $seckit_xss);
return t('Removed x_content_type from the seckit_xss variable.');
}
}Functions
Name |
Description |
|---|---|
| seckit_install | Implements hook_install(). |
| seckit_requirements | Implements hook_requirements(). |
| seckit_uninstall | Implements hook_uninstall(). |
| seckit_update_7101 | Changes Content-Security-Policy "allow" directive to "default-src". |
| seckit_update_7102 | Removes "Override style for frames" options. |
| seckit_update_7103 | Changes Content-Security-Policy "xhr-src" directive to "connect-src". |
| seckit_update_7104 | Removes Content-Security-Policy "frame-ancestors" directive and "options". |
| seckit_update_7105 | Update saved instances of the old (deprecated) CSP report URI. |
| seckit_update_7106 | If no CSP has been configured, enable unlimited_csp_reports by default. |
| seckit_update_7107 | Remove x_content_type from seckit_xss variable. |