class SecurityReview in Security Review 8
A class containing static methods regarding the module's configuration.
Hierarchy
- class \Drupal\security_review\SecurityReview uses DependencySerializationTrait
Expanded class hierarchy of SecurityReview
4 files declare their use of SecurityReview
- ChecklistController.php in src/
Controller/ ChecklistController.php - HelpController.php in src/
Controller/ HelpController.php - SecurityReviewCommands.php in src/
Commands/ SecurityReviewCommands.php - SettingsForm.php in src/
Form/ SettingsForm.php
1 string reference to 'SecurityReview'
1 service uses SecurityReview
File
- src/
SecurityReview.php, line 15
Namespace
Drupal\security_reviewView source
class SecurityReview {
use DependencySerializationTrait;
/**
* Temporary logging setting.
*
* @var null|bool
*/
protected static $temporaryLogging = NULL;
/**
* The config factory.
*
* @var \Drupal\Core\Config\ConfigFactoryInterface
*/
protected $configFactory;
/**
* The config storage.
*
* @var \Drupal\Core\Config\Config
*/
protected $config;
/**
* The state storage.
*
* @var \Drupal\Core\State\StateInterface
*/
protected $state;
/**
* The module handler.
*
* @var \Drupal\Core\Extension\ModuleHandlerInterface
*/
protected $moduleHandler;
/**
* The current user.
*
* @var \Drupal\Core\Session\AccountProxyInterface
*/
protected $currentUser;
/**
* Constructs a SecurityReview instance.
*
* @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
* The config factory.
* @param \Drupal\Core\State\StateInterface $state
* The state storage.
* @param \Drupal\Core\Extension\ModuleHandlerInterface $module_handler
* The module handler.
* @param \Drupal\Core\Session\AccountProxyInterface $current_user
* The current user.
*/
public function __construct(ConfigFactoryInterface $config_factory, StateInterface $state, ModuleHandlerInterface $module_handler, AccountProxyInterface $current_user) {
// Store the dependencies.
$this->configFactory = $config_factory;
$this->config = $config_factory
->getEditable('security_review.settings');
$this->state = $state;
$this->moduleHandler = $module_handler;
$this->currentUser = $current_user;
}
/**
* Returns whether the module has been configured.
*
* If the module has been configured on the settings page this function
* returns true. Otherwise it returns false.
*
* @return bool
* A boolean indicating whether the module has been configured.
*/
public function isConfigured() {
return $this->config
->get('configured') === TRUE;
}
/**
* Returns true if logging is enabled, otherwise returns false.
*
* @return bool
* A boolean indicating whether logging is enabled.
*/
public function isLogging() {
// Check for temporary logging.
if (static::$temporaryLogging !== NULL) {
return static::$temporaryLogging;
}
return $this->config
->get('log') === TRUE;
}
/**
* Returns the last time Security Review has been run.
*
* @return int
* The last time Security Review has been run.
*/
public function getLastRun() {
return $this->state
->get('last_run', 0);
}
/**
* Returns the IDs of the stored untrusted roles.
*
* @return string[]
* Stored untrusted roles' IDs.
*/
public function getUntrustedRoles() {
return $this->config
->get('untrusted_roles');
}
/**
* Sets the 'configured' flag.
*
* @param bool $configured
* The new value of the 'configured' setting.
*/
public function setConfigured($configured) {
$this->config
->set('configured', $configured);
$this->config
->save();
}
/**
* Sets the 'logging' flag.
*
* @param bool $logging
* The new value of the 'logging' setting.
* @param bool $temporary
* Whether to set only temporarily.
*/
public function setLogging($logging, $temporary = FALSE) {
if (!$temporary) {
$this->config
->set('log', $logging);
$this->config
->save();
}
else {
static::$temporaryLogging = $logging == TRUE;
}
}
/**
* Sets the 'last_run' value.
*
* @param int $last_run
* The new value for 'last_run'.
*/
public function setLastRun($last_run) {
$this->state
->set('last_run', $last_run);
}
/**
* Stores the given 'untrusted_roles' setting.
*
* @param string[] $untrusted_roles
* The new untrusted roles' IDs.
*/
public function setUntrustedRoles(array $untrusted_roles) {
$this->config
->set('untrusted_roles', $untrusted_roles);
$this->config
->save();
}
/**
* Logs an event.
*
* @param \Drupal\security_review\Check $check
* The Check the message is about.
* @param string $message
* The message.
* @param array $context
* The context of the message.
* @param int $level
* Severity (RfcLogLevel).
*/
public function log(Check $check, $message, array $context, $level) {
if (static::isLogging()) {
$this->moduleHandler
->invokeAll('security_review_log', [
'check' => $check,
'message' => $message,
'context' => $context,
'level' => $level,
]);
}
}
/**
* Logs a check result.
*
* @param \Drupal\security_review\CheckResult $result
* The result to log.
*/
public function logCheckResult(CheckResult $result = NULL) {
if ($this
->isLogging()) {
if ($result == NULL) {
$check = $result
->check();
$context = [
'@check' => $check
->getTitle(),
'@namespace' => $check
->getNamespace(),
];
$this
->log($check, '@check of @namespace produced a null result', $context, RfcLogLevel::CRITICAL);
return;
}
$check = $result
->check();
// Fallback log message.
$level = RfcLogLevel::NOTICE;
$message = '@name check invalid result';
// Set log message and level according to result.
switch ($result
->result()) {
case CheckResult::SUCCESS:
$level = RfcLogLevel::INFO;
$message = '@name check succeeded';
break;
case CheckResult::FAIL:
$level = RfcLogLevel::ERROR;
$message = '@name check failed';
break;
case CheckResult::WARN:
$level = RfcLogLevel::WARNING;
$message = '@name check raised a warning';
break;
case CheckResult::INFO:
$level = RfcLogLevel::INFO;
$message = '@name check returned info';
break;
}
$context = [
'@name' => $check
->getTitle(),
];
$this
->log($check, $message, $context, $level);
}
}
/**
* Deletes orphaned check data.
*/
public function cleanStorage() {
/** @var \Drupal\security_review\Checklist $checklist */
$checklist = \Drupal::service('security_review.checklist');
// Get list of check configuration names.
$orphaned = $this->configFactory
->listAll('security_review.check.');
// Remove items that are used by the checks.
foreach ($checklist
->getChecks() as $check) {
$key = array_search('security_review.check.' . $check
->id(), $orphaned);
if ($key !== FALSE) {
unset($orphaned[$key]);
}
}
// Delete orphaned configuration data.
foreach ($orphaned as $config_name) {
$config = $this->configFactory
->getEditable($config_name);
$config
->delete();
}
}
/**
* Stores information about the server into the State system.
*/
public function setServerData() {
if (!static::isServerPosix() || PHP_SAPI === 'cli') {
return;
}
// Determine web server's uid and groups.
$uid = posix_getuid();
$groups = posix_getgroups();
// Store the data in the State system.
$this->state
->set('security_review.server.uid', $uid);
$this->state
->set('security_review.server.groups', $groups);
}
/**
* Returns whether the server is POSIX.
*
* @return bool
* Whether the web server is POSIX based.
*/
public function isServerPosix() {
return function_exists('posix_getuid');
}
/**
* Returns the UID of the web server.
*
* @return int
* UID of the web server's user.
*/
public function getServerUid() {
return $this->state
->get('security_review.server.uid');
}
/**
* Returns the GIDs of the web server.
*
* @return int[]
* GIDs of the web server's user.
*/
public function getServerGids() {
return $this->state
->get('security_review.server.groups');
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
DependencySerializationTrait:: |
protected | property | An array of entity type IDs keyed by the property name of their storages. | |
|
DependencySerializationTrait:: |
protected | property | An array of service IDs keyed by property name used for serialization. | |
|
DependencySerializationTrait:: |
public | function | 1 | |
|
DependencySerializationTrait:: |
public | function | 2 | |
|
SecurityReview:: |
protected | property | The config storage. | |
|
SecurityReview:: |
protected | property | The config factory. | |
|
SecurityReview:: |
protected | property | The current user. | |
|
SecurityReview:: |
protected | property | The module handler. | |
|
SecurityReview:: |
protected | property | The state storage. | |
|
SecurityReview:: |
protected static | property | Temporary logging setting. | |
|
SecurityReview:: |
public | function | Deletes orphaned check data. | |
|
SecurityReview:: |
public | function | Returns the last time Security Review has been run. | |
|
SecurityReview:: |
public | function | Returns the GIDs of the web server. | |
|
SecurityReview:: |
public | function | Returns the UID of the web server. | |
|
SecurityReview:: |
public | function | Returns the IDs of the stored untrusted roles. | |
|
SecurityReview:: |
public | function | Returns whether the module has been configured. | |
|
SecurityReview:: |
public | function | Returns true if logging is enabled, otherwise returns false. | |
|
SecurityReview:: |
public | function | Returns whether the server is POSIX. | |
|
SecurityReview:: |
public | function | Logs an event. | |
|
SecurityReview:: |
public | function | Logs a check result. | |
|
SecurityReview:: |
public | function | Sets the 'configured' flag. | |
|
SecurityReview:: |
public | function | Sets the 'last_run' value. | |
|
SecurityReview:: |
public | function | Sets the 'logging' flag. | |
|
SecurityReview:: |
public | function | Stores information about the server into the State system. | |
|
SecurityReview:: |
public | function | Stores the given 'untrusted_roles' setting. | |
|
SecurityReview:: |
public | function | Constructs a SecurityReview instance. |