public function FilePermissions::run in Security Review 8
The actual procedure of carrying out the check.
Return value
\Drupal\security_review\CheckResult The result of running the check.
Overrides Check::run
1 call to FilePermissions::run()
- FilePermissions::runCli in src/
Checks/ FilePermissions.php - Same as run(), but used in CLI context such as Drush.
File
- src/
Checks/ FilePermissions.php, line 48
Class
- FilePermissions
- Check that files aren't writeable by the server.
Namespace
Drupal\security_review\ChecksCode
public function run($cli = FALSE) {
$result = CheckResult::SUCCESS;
$file_list = $this
->getFileList('.');
$writable = $this
->security()
->findWritableFiles($file_list, $cli);
// Try creating or appending files.
// Assume it doesn't work.
$create_status = FALSE;
$append_status = FALSE;
if (!$cli) {
$append_message = $this
->t("Your web server should not be able to write to your modules directory. This is a security vulnerable. Consult the Security Review file permissions check help for mitigation steps.");
$directory = $this
->moduleHandler()
->getModule('security_review')
->getPath();
// Write a file with the timestamp.
$file = './' . $directory . '/file_write_test.' . date('Ymdhis');
if ($file_create = @fopen($file, 'w')) {
$create_status = fwrite($file_create, date('Ymdhis') . ' - ' . $append_message . "\n");
fclose($file_create);
}
// Try to append to our IGNOREME file.
$file = './' . $directory . '/IGNOREME.txt';
if ($file_append = @fopen($file, 'a')) {
$append_status = fwrite($file_append, date('Ymdhis') . ' - ' . $append_message . "\n");
fclose($file_append);
}
}
if (!empty($writable) || $create_status || $append_status) {
$result = CheckResult::FAIL;
}
return $this
->createResult($result, $writable);
}