public function Security::findWritableFiles in Security Review 8
Finds files and directories that are writable by the web server.
Parameters
string[] $files: The files to iterate through.
bool $cli: Whether it is being invoked in CLI context.
Return value
string[] The files that are writable.
File
- src/
Security.php, line 338
Class
- Security
- Provides frequently used security-related data.
Namespace
Drupal\security_reviewCode
public function findWritableFiles(array $files, $cli = FALSE) {
$writable = [];
if (!$cli) {
// Running from UI.
foreach ($files as $file) {
if (is_writable($file)) {
$writable[] = $file;
}
}
}
else {
// Get the web server's user data.
$uid = $this->securityReview
->getServerUid();
$gids = $this->securityReview
->getServerGids();
foreach ($files as $file) {
$perms = 0777 & fileperms($file);
// Check write permissions for others.
$ow = $perms >> 1 & 1;
if ($ow === 1) {
$writable[] = $file;
continue;
}
// Check write permissions for owner.
$uw = $perms >> 7 & 1;
if ($uw === 1 && fileowner($file) == $uid) {
$writable[] = $file;
continue;
}
// Check write permissions for group.
$gw = $perms >> 4 & 1;
if ($gw === 1 && in_array(filegroup($file), $gids)) {
$writable[] = $file;
}
}
}
return $writable;
}