You are here

Home » API reference » Security.txt 7

securitytxt.module in Security.txt 7

Same filename and directory in other branches
  1. 8 securitytxt.module

Module which implements the security.txt standard for drupal.

See also

https://securitytxt.org/

File

securitytxt.module
View source 
<?php

/**
 * @file
 * Module which implements the security.txt standard for drupal.
 *
 * @see https://securitytxt.org/
 */

/**
 * Implements hook_help().
 *
 * @see https://api.drupal.org/api/drupal/modules%21system%21system.api.php/function/hook_help/7.x
 */
function securitytxt_help($path, $arg) {
  switch ($path) {
    case 'admin/help#securitytxt':
      $output = '';
      $output .= '<h3>' . t('About') . '</h3>';
      $output .= '<p>' . t('The Security.txt module provides an implementation of the new <a href="@site">Security.txt standard</a> which is currently a <a href="@rfc">draft RFC</a>. The purpose is to allow people to easily get in touch to report security issues.', array(
        '@site' => 'https://securitytxt.org',
        '@rfc' => 'https://tools.ietf.org/html/draft-foudil-securitytxt-02',
      )) . '</p>';
      $output .= '<h3>' . t('Uses') . '</h3>';
      $output .= '<dl>';
      $output .= '<dt>' . t('Configuring and signing security.txt') . '</dt>';
      $output .= '<dd>' . t('The Security.txt module provides pages for <a href="@configure">configuring</a> and <a href="@sign">signing</a> a security.txt file. A user must have the <a href="@permission">\'Administer security.txt\' permission</a> to access these administration pages.', array(
        '@configure' => url('admin/config/system/securitytxt'),
        '@sign' => url('admin/config/system/securitytxt/sign'),
        '@permission' => url('admin/people/permissions', array(
          'fragment' => 'module-securitytxt',
        )),
      )) . '</dd>';
      $output .= '<dt>' . t('Viewing security.txt and security.txt.sig') . '</dt>';
      $output .= '<dd>' . t('The Security.txt module, when correctly configured, provides the /.well-known/security.txt and /.well-known/security.txt.sig paths to users with the <a href="@permission">\'View security.txt\' permission</a>. <strong>You will almost certinaly want to grant this permission to both the Anonymous and Authenticated user roles.</strong>', array(
        '@permission' => url('admin/people/permissions', array(
          'fragment' => 'module-securitytxt',
        )),
      )) . '</dd>';
      $output .= '</dl>';
      return $output;
    case 'admin/config/system/securitytxt':
      return '<p>' . t('A security.txt file provides a standard way for people to find out how to report security issues with your site. The new <a href="@site">Security.txt standard</a> is currently a <a href="@rfc">draft RFC</a>.', array(
        '@site' => 'https://securitytxt.org',
        '@rfc' => 'https://tools.ietf.org/html/draft-foudil-securitytxt-02',
      )) . '</p>';
    case 'admin/config/system/securitytxt/sign':
      return '<p>' . t('In order to ensure the authenticity of your security.txt file, you should provide a signature.') . '</p>';
  }
}

/**
 * Implements hook_menu().
 *
 * @see https://api.drupal.org/api/drupal/modules%21system%21system.api.php/function/hook_menu/7.x
 */
function securitytxt_menu() {
  $items['admin/config/system/securitytxt'] = array(
    'title' => 'Security.txt',
    'description' => 'Configure and sign the site security.txt file.',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'securitytxt_file_form',
    ),
    'access arguments' => array(
      'administer securitytxt',
    ),
    'file' => 'securitytxt.admin.inc',
    'weight' => 50,
  );
  $items['admin/config/system/securitytxt/file'] = array(
    'title' => 'Configure',
    'type' => MENU_DEFAULT_LOCAL_TASK,
  );
  $items['admin/config/system/securitytxt/sign'] = array(
    'title' => 'Sign',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'securitytxt_sign_form',
    ),
    'access arguments' => array(
      'administer securitytxt',
    ),
    'file' => 'securitytxt.admin.inc',
    'type' => MENU_LOCAL_TASK,
  );
  $items['.well-known/security.txt'] = array(
    'title' => 'Security.txt file',
    'page callback' => 'securitytxt_file_page',
    'access arguments' => array(
      'view securitytxt',
    ),
    'file' => 'securitytxt.pages.inc',
    'type' => MENU_CALLBACK,
  );
  $items['.well-known/security.txt.sig'] = array(
    'title' => 'Security.txt file signature',
    'page callback' => 'securitytxt_signature_page',
    'access arguments' => array(
      'view securitytxt',
    ),
    'file' => 'securitytxt.pages.inc',
    'type' => MENU_CALLBACK,
  );
  return $items;
}

/**
 * Implements hook_permission().
 *
 * @see https://api.drupal.org/api/drupal/modules%21system%21system.api.php/function/hook_permission/7.x
 */
function securitytxt_permission() {
  return array(
    'administer securitytxt' => array(
      'title' => t('Administer security.txt'),
      'description' => t('Allows configuring and signing of the security.txt file.'),
      'restrict access' => TRUE,
    ),
    'view securitytxt' => array(
      'title' => t('View security.txt'),
      'description' => t('Allows access to the security.txt and security.txt.sig files. You will almost certinaly want to grant this permission to both the Anonymous and Authenticated user roles.'),
    ),
  );
}

Functions

Namesort descending Description
securitytxt_help Implements hook_help().
securitytxt_menu Implements hook_menu().
securitytxt_permission Implements hook_permission().