You are here

class SecurityReview in Security Review 8

A class containing static methods regarding the module's configuration.

Hierarchy

Expanded class hierarchy of SecurityReview

4 files declare their use of SecurityReview
ChecklistController.php in src/Controller/ChecklistController.php
HelpController.php in src/Controller/HelpController.php
SecurityReviewCommands.php in src/Commands/SecurityReviewCommands.php
SettingsForm.php in src/Form/SettingsForm.php
1 string reference to 'SecurityReview'
security_review.services.yml in ./security_review.services.yml
security_review.services.yml
1 service uses SecurityReview
security_review in ./security_review.services.yml
Drupal\security_review\SecurityReview

File

src/SecurityReview.php, line 15

Namespace

Drupal\security_review
View source
class SecurityReview {
  use DependencySerializationTrait;

  /**
   * Temporary logging setting.
   *
   * @var null|bool
   */
  protected static $temporaryLogging = NULL;

  /**
   * The config factory.
   *
   * @var \Drupal\Core\Config\ConfigFactoryInterface
   */
  protected $configFactory;

  /**
   * The config storage.
   *
   * @var \Drupal\Core\Config\Config
   */
  protected $config;

  /**
   * The state storage.
   *
   * @var \Drupal\Core\State\StateInterface
   */
  protected $state;

  /**
   * The module handler.
   *
   * @var \Drupal\Core\Extension\ModuleHandlerInterface
   */
  protected $moduleHandler;

  /**
   * The current user.
   *
   * @var \Drupal\Core\Session\AccountProxyInterface
   */
  protected $currentUser;

  /**
   * Constructs a SecurityReview instance.
   *
   * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
   *   The config factory.
   * @param \Drupal\Core\State\StateInterface $state
   *   The state storage.
   * @param \Drupal\Core\Extension\ModuleHandlerInterface $module_handler
   *   The module handler.
   * @param \Drupal\Core\Session\AccountProxyInterface $current_user
   *   The current user.
   */
  public function __construct(ConfigFactoryInterface $config_factory, StateInterface $state, ModuleHandlerInterface $module_handler, AccountProxyInterface $current_user) {

    // Store the dependencies.
    $this->configFactory = $config_factory;
    $this->config = $config_factory
      ->getEditable('security_review.settings');
    $this->state = $state;
    $this->moduleHandler = $module_handler;
    $this->currentUser = $current_user;
  }

  /**
   * Returns whether the module has been configured.
   *
   * If the module has been configured on the settings page this function
   * returns true. Otherwise it returns false.
   *
   * @return bool
   *   A boolean indicating whether the module has been configured.
   */
  public function isConfigured() {
    return $this->config
      ->get('configured') === TRUE;
  }

  /**
   * Returns true if logging is enabled, otherwise returns false.
   *
   * @return bool
   *   A boolean indicating whether logging is enabled.
   */
  public function isLogging() {

    // Check for temporary logging.
    if (static::$temporaryLogging !== NULL) {
      return static::$temporaryLogging;
    }
    return $this->config
      ->get('log') === TRUE;
  }

  /**
   * Returns the last time Security Review has been run.
   *
   * @return int
   *   The last time Security Review has been run.
   */
  public function getLastRun() {
    return $this->state
      ->get('last_run', 0);
  }

  /**
   * Returns the IDs of the stored untrusted roles.
   *
   * @return string[]
   *   Stored untrusted roles' IDs.
   */
  public function getUntrustedRoles() {
    return $this->config
      ->get('untrusted_roles');
  }

  /**
   * Sets the 'configured' flag.
   *
   * @param bool $configured
   *   The new value of the 'configured' setting.
   */
  public function setConfigured($configured) {
    $this->config
      ->set('configured', $configured);
    $this->config
      ->save();
  }

  /**
   * Sets the 'logging' flag.
   *
   * @param bool $logging
   *   The new value of the 'logging' setting.
   * @param bool $temporary
   *   Whether to set only temporarily.
   */
  public function setLogging($logging, $temporary = FALSE) {
    if (!$temporary) {
      $this->config
        ->set('log', $logging);
      $this->config
        ->save();
    }
    else {
      static::$temporaryLogging = $logging == TRUE;
    }
  }

  /**
   * Sets the 'last_run' value.
   *
   * @param int $last_run
   *   The new value for 'last_run'.
   */
  public function setLastRun($last_run) {
    $this->state
      ->set('last_run', $last_run);
  }

  /**
   * Stores the given 'untrusted_roles' setting.
   *
   * @param string[] $untrusted_roles
   *   The new untrusted roles' IDs.
   */
  public function setUntrustedRoles(array $untrusted_roles) {
    $this->config
      ->set('untrusted_roles', $untrusted_roles);
    $this->config
      ->save();
  }

  /**
   * Logs an event.
   *
   * @param \Drupal\security_review\Check $check
   *   The Check the message is about.
   * @param string $message
   *   The message.
   * @param array $context
   *   The context of the message.
   * @param int $level
   *   Severity (RfcLogLevel).
   */
  public function log(Check $check, $message, array $context, $level) {
    if (static::isLogging()) {
      $this->moduleHandler
        ->invokeAll('security_review_log', [
        'check' => $check,
        'message' => $message,
        'context' => $context,
        'level' => $level,
      ]);
    }
  }

  /**
   * Logs a check result.
   *
   * @param \Drupal\security_review\CheckResult $result
   *   The result to log.
   */
  public function logCheckResult(CheckResult $result = NULL) {
    if ($this
      ->isLogging()) {
      if ($result == NULL) {
        $check = $result
          ->check();
        $context = [
          '@check' => $check
            ->getTitle(),
          '@namespace' => $check
            ->getNamespace(),
        ];
        $this
          ->log($check, '@check of @namespace produced a null result', $context, RfcLogLevel::CRITICAL);
        return;
      }
      $check = $result
        ->check();

      // Fallback log message.
      $level = RfcLogLevel::NOTICE;
      $message = '@name check invalid result';

      // Set log message and level according to result.
      switch ($result
        ->result()) {
        case CheckResult::SUCCESS:
          $level = RfcLogLevel::INFO;
          $message = '@name check succeeded';
          break;
        case CheckResult::FAIL:
          $level = RfcLogLevel::ERROR;
          $message = '@name check failed';
          break;
        case CheckResult::WARN:
          $level = RfcLogLevel::WARNING;
          $message = '@name check raised a warning';
          break;
        case CheckResult::INFO:
          $level = RfcLogLevel::INFO;
          $message = '@name check returned info';
          break;
      }
      $context = [
        '@name' => $check
          ->getTitle(),
      ];
      $this
        ->log($check, $message, $context, $level);
    }
  }

  /**
   * Deletes orphaned check data.
   */
  public function cleanStorage() {

    /** @var \Drupal\security_review\Checklist $checklist */
    $checklist = \Drupal::service('security_review.checklist');

    // Get list of check configuration names.
    $orphaned = $this->configFactory
      ->listAll('security_review.check.');

    // Remove items that are used by the checks.
    foreach ($checklist
      ->getChecks() as $check) {
      $key = array_search('security_review.check.' . $check
        ->id(), $orphaned);
      if ($key !== FALSE) {
        unset($orphaned[$key]);
      }
    }

    // Delete orphaned configuration data.
    foreach ($orphaned as $config_name) {
      $config = $this->configFactory
        ->getEditable($config_name);
      $config
        ->delete();
    }
  }

  /**
   * Stores information about the server into the State system.
   */
  public function setServerData() {
    if (!static::isServerPosix() || PHP_SAPI === 'cli') {
      return;
    }

    // Determine web server's uid and groups.
    $uid = posix_getuid();
    $groups = posix_getgroups();

    // Store the data in the State system.
    $this->state
      ->set('security_review.server.uid', $uid);
    $this->state
      ->set('security_review.server.groups', $groups);
  }

  /**
   * Returns whether the server is POSIX.
   *
   * @return bool
   *   Whether the web server is POSIX based.
   */
  public function isServerPosix() {
    return function_exists('posix_getuid');
  }

  /**
   * Returns the UID of the web server.
   *
   * @return int
   *   UID of the web server's user.
   */
  public function getServerUid() {
    return $this->state
      ->get('security_review.server.uid');
  }

  /**
   * Returns the GIDs of the web server.
   *
   * @return int[]
   *   GIDs of the web server's user.
   */
  public function getServerGids() {
    return $this->state
      ->get('security_review.server.groups');
  }

}

Members

Namesort descending Modifiers Type Description Overrides
DependencySerializationTrait::$_entityStorages protected property An array of entity type IDs keyed by the property name of their storages.
DependencySerializationTrait::$_serviceIds protected property An array of service IDs keyed by property name used for serialization.
DependencySerializationTrait::__sleep public function 1
DependencySerializationTrait::__wakeup public function 2
SecurityReview::$config protected property The config storage.
SecurityReview::$configFactory protected property The config factory.
SecurityReview::$currentUser protected property The current user.
SecurityReview::$moduleHandler protected property The module handler.
SecurityReview::$state protected property The state storage.
SecurityReview::$temporaryLogging protected static property Temporary logging setting.
SecurityReview::cleanStorage public function Deletes orphaned check data.
SecurityReview::getLastRun public function Returns the last time Security Review has been run.
SecurityReview::getServerGids public function Returns the GIDs of the web server.
SecurityReview::getServerUid public function Returns the UID of the web server.
SecurityReview::getUntrustedRoles public function Returns the IDs of the stored untrusted roles.
SecurityReview::isConfigured public function Returns whether the module has been configured.
SecurityReview::isLogging public function Returns true if logging is enabled, otherwise returns false.
SecurityReview::isServerPosix public function Returns whether the server is POSIX.
SecurityReview::log public function Logs an event.
SecurityReview::logCheckResult public function Logs a check result.
SecurityReview::setConfigured public function Sets the 'configured' flag.
SecurityReview::setLastRun public function Sets the 'last_run' value.
SecurityReview::setLogging public function Sets the 'logging' flag.
SecurityReview::setServerData public function Stores information about the server into the State system.
SecurityReview::setUntrustedRoles public function Stores the given 'untrusted_roles' setting.
SecurityReview::__construct public function Constructs a SecurityReview instance.