You are here

class SiteAuditCheckSecurityMenuRouter in Site Audit 8.2

Same name and namespace in other branches
  1. 7 Check/Security/MenuRouter.php \SiteAuditCheckSecurityMenuRouter

Class SiteAuditCheckSecurityMenuRouter.

Hierarchy

Expanded class hierarchy of SiteAuditCheckSecurityMenuRouter

File

Check/Security/MenuRouter.php, line 10
Contains \SiteAudit\Check\Security\MenuRouter.

View source
class SiteAuditCheckSecurityMenuRouter extends SiteAuditCheckAbstract {

  /**
   * Implements \SiteAudit\Check\Abstract\getLabel().
   */
  public function getLabel() {
    return dt('Menu Router');
  }

  /**
   * Implements \SiteAudit\Check\Abstract\getDescription().
   */
  public function getDescription() {
    return dt('Check for potentially malicious entries in the menu router.');
  }

  /**
   * Implements \SiteAudit\Check\Abstract\getResultFail().
   */
  public function getResultFail() {
    $ret_val = dt('The following potentially malicious paths have been discovered: @list', array(
      '@list' => implode(', ', array_keys($this->registry['menu_router'])),
    ));
    if (drush_get_option('detail')) {
      if (drush_get_option('html')) {
        $ret_val .= '<br/>';
        $ret_val .= '<table class="table table-condensed">';
        $ret_val .= '<thead><tr><th>' . dt('Path') . '</th><th>' . dt('Reason') . '</th></thead>';
        $ret_val .= '<tbody>';
        foreach ($this->registry['menu_router'] as $path => $malicious_callbacks) {
          foreach ($malicious_callbacks as $malicious_callback) {
            $ret_val .= '<tr><td>' . $path . '</td><td>' . $malicious_callback . '</td></tr>';
          }
        }
        $ret_val .= '</tbody>';
        $ret_val .= '</table>';
      }
      else {
        foreach ($this->registry['menu_router'] as $path => $malicious_callbacks) {
          foreach ($malicious_callbacks as $malicious_callback) {
            $ret_val .= PHP_EOL;
            if (!drush_get_option('json')) {
              $ret_val .= str_repeat(' ', 6);
            }
            $ret_val .= '- ' . $path . ': ' . $malicious_callback;
          }
        }
      }
    }
    return $ret_val;
  }

  /**
   * Implements \SiteAudit\Check\Abstract\getResultInfo().
   */
  public function getResultInfo() {
  }

  /**
   * Implements \SiteAudit\Check\Abstract\getResultPass().
   */
  public function getResultPass() {
    return dt('No known potentially malicious entries were detected in the menu_router table.');
  }

  /**
   * Implements \SiteAudit\Check\Abstract\getResultWarn().
   */
  public function getResultWarn() {
  }

  /**
   * Implements \SiteAudit\Check\Abstract\getAction().
   */
  public function getAction() {
    if ($this->score == SiteAuditCheckAbstract::AUDIT_CHECK_SCORE_FAIL) {
      return dt('Delete the file containing the offending menu_router entries, clear the site caches, update your Drupal site code, and check your entire codebase for questionable code using a tool like the Hacked! module.');
    }
  }

  /**
   * Implements \SiteAudit\Check\Abstract\calculateScore().
   */
  public function calculateScore() {

    // DRUPAL SA-CORE-2014-005 Exploits.
    $dangerous_callbacks = array(
      'php_eval' => 'executes arbitrary PHP code',
      'assert' => 'executes arbitrary PHP code',
      'exec' => 'executes external programs',
      'passthru' => 'executes external programs and displays raw output',
      'system' => 'executes external programs and displays raw output',
      'shell_exec' => 'executes commands via shell and returns complete output',
      'popen' => 'opens process file pointer',
      'proc_open' => 'executes a command, opens file pointers for I/O',
      'pcntl_exec' => 'executes program in current process space',
      'eval' => 'evalues string as PHP code',
      'preg_replace' => 'can be used to eval() on match',
      'create_function' => 'creates anonymous functions',
      'include' => 'includes and evaluates files',
      'include_once' => 'includes and evaluates files',
      'require' => 'includes and evaluates files',
      'require_once' => 'includes and evaluates files',
      'ob_start' => 'can specify callback function',
      'array_diff_uassoc' => 'can specify callback function',
      'array_diff_ukey' => 'can specify callback function',
      'array_filter' => 'can specify callback function',
      'array_intersect_uassoc' => 'can specify callback function',
      'array_intersect_ukey' => 'can specify callback function',
      'array_map' => 'can specify callback function',
      'array_reduce' => 'can specify callback function',
      'array_udiff_assoc' => 'can specify callback function',
      'array_udiff_uassoc' => 'can specify callback function',
      'array_udiff' => 'can specify callback function',
      'array_uintersect_assoc' => 'can specify callback function',
      'array_uintersect_uassoc' => 'can specify callback function',
      'array_uintersect' => 'can specify callback function',
      'array_walk_recursive' => 'can specify callback function',
      'array_walk' => 'can specify callback function',
      'assert_options' => 'can specify callback function',
      'uasort' => 'can specify callback function',
      'uksort' => 'can specify callback function',
      'usort' => 'can specify callback function',
      'preg_replace_callback' => 'can specify callback function',
      'spl_autoload_register' => 'can specify callback function',
      'iterator_apply' => 'can specify callback function',
      'call_user_func' => 'can specify callback function',
      'call_user_func_array' => 'can specify callback function',
      'register_shutdown_function' => 'can specify callback function',
      'register_tick_function' => 'can specify callback function',
      'set_error_handler' => 'can specify callback function',
      'set_exception_handler' => 'can specify callback function',
      'session_set_save_handler' => 'can specify callback function',
      'sqlite_create_aggregate' => 'can specify callback function',
      'sqlite_create_function' => 'can specify callback function',
      'phpinfo' => 'information disclosure',
      'posix_getlogin' => 'information disclosure',
      'posix_ttyname' => 'information disclosure',
      'getenv' => 'information disclosure',
      'get_current_user' => 'information disclosure',
      'proc_get_status' => 'information disclosure',
      'get_cfg_var' => 'information disclosure',
      'disk_free_space' => 'information disclosure',
      'disk_total_space' => 'information disclosure',
      'diskfreespace' => 'information disclosure',
      'getcwd' => 'information disclosure',
      'getlastmo' => 'information disclosure',
      'getmygid' => 'information disclosure',
      'getmyinode' => 'information disclosure',
      'getmypid' => 'information disclosure',
      'getmyuid' => 'information disclosure',
      'echo' => 'information disclosure',
      'print' => 'information disclosure',
      'extract' => 'imports variables',
      'parse_str' => 'imports variables',
      'putenv' => 'sets environment variables',
      'ini_set' => 'changes configuration',
      'mail' => 'sends mail',
      'header' => 'sets headers',
      'proc_nice' => 'process management',
      'proc_terminate' => 'process management',
      'proc_close' => 'process management',
      'pfsockopen' => 'socket management',
      'fsockopen' => 'socket management',
      'apache_child_terminate' => 'process management',
      'posix_kill' => 'process management',
      'posix_mkfifo' => 'process management',
      'posix_setpgid' => 'process management',
      'posix_setsid' => 'process management',
      'posix_setuid' => 'process management',
      'fopen' => 'opens files',
      'tmpfile' => 'opens files',
      'bzopen' => 'opens files',
      'gzopen' => 'opens files',
      'SplFileObject->__construct' => 'opens files',
      'chgrp' => 'modifies files',
      'chmod' => 'modifies files',
      'chown' => 'modifies files',
      'copy' => 'modifies files',
      'file_put_contents' => 'modifies files',
      'lchgrp' => 'modifies files',
      'lchown' => 'modifies files',
      'link' => 'modifies files',
      'mkdir' => 'modifies files',
      'move_uploaded_file' => 'modifies files',
      'rename' => 'modifies files',
      'rmdir' => 'modifies files',
      'symlink' => 'modifies files',
      'tempnam' => 'modifies files',
      'touch' => 'modifies files',
      'unlink' => 'modifies files',
      'imagepng' => 'modifies files',
      'imagewbmp' => 'modifies files',
      'image2wbmp' => 'modifies files',
      'imagejpeg' => 'modifies files',
      'imagexbm' => 'modifies files',
      'imagegif' => 'modifies files',
      'imagegd' => 'modifies files',
      'imagegd2' => 'modifies files',
      'iptcembed' => 'modifies files',
      'ftp_get' => 'modifies files',
      'ftp_nb_get' => 'modifies files',
      'file_exists' => 'reads files',
      'file_get_contents' => 'reads files',
      'file' => 'reads files',
      'fileatime' => 'reads files',
      'filectime' => 'reads files',
      'filegroup' => 'reads files',
      'fileinode' => 'reads files',
      'filemtime' => 'reads files',
      'fileowner' => 'reads files',
      'fileperms' => 'reads files',
      'filesize' => 'reads files',
      'filetype' => 'reads files',
      'glob' => 'reads files',
      'is_dir' => 'reads files',
      'is_executable' => 'reads files',
      'is_file' => 'reads files',
      'is_link' => 'reads files',
      'is_readable' => 'reads files',
      'is_uploaded_file' => 'reads files',
      'is_writable' => 'reads files',
      'is_writeable' => 'reads files',
      'linkinfo' => 'reads files',
      'lstat' => 'reads files',
      'parse_ini_file' => 'reads files',
      'pathinfo' => 'reads files',
      'readfile' => 'reads files',
      'readlink' => 'reads files',
      'realpath' => 'reads files',
      'stat' => 'reads files',
      'gzfile' => 'reads files',
      'readgzfile' => 'reads files',
      'getimagesize' => 'reads files',
      'imagecreatefromgif' => 'reads files',
      'imagecreatefromjpeg' => 'reads files',
      'imagecreatefrompng' => 'reads files',
      'imagecreatefromwbmp' => 'reads files',
      'imagecreatefromxbm' => 'reads files',
      'imagecreatefromxpm' => 'reads files',
      'ftp_put' => 'reads files',
      'ftp_nb_put' => 'reads files',
      'exif_read_data' => 'reads files',
      'read_exif_data' => 'reads files',
      'exif_thumbnail' => 'reads files',
      'exif_imagetype' => 'reads files',
      'hash_file' => 'reads files',
      'hash_hmac_file' => 'reads files',
      'hash_update_file' => 'reads files',
      'md5_file' => 'reads files',
      'sha1_file' => 'reads files',
      'highlight_file' => 'reads files',
      'show_source' => 'reads files',
      'php_strip_whitespace' => 'reads files',
      'get_meta_tags' => 'reads files',
    );
    $all_routes = \Drupal::service('router.route_provider')
      ->getAllRoutes();
    $callback_keys = array(
      '_controller',
      '_title_callback',
    );
    foreach ($all_routes as $route) {
      $defaults = $route
        ->getDefaults();
      foreach ($callback_keys as $key) {
        if (isset($defaults[$key]) && in_array($defaults[$key], array_keys($dangerous_callbacks))) {
          $callback = $defaults[$key];
          $parameters = (new \ReflectionFunction($callback))
            ->getParameters();
          $parameters = array_map(function ($parameter) {
            return $parameter->name;
          }, $parameters);
          $passed_arguments = array_intersect($parameters, array_keys($defaults));
          $arguments = array();
          foreach ($passed_arguments as $argument) {
            $arguments[] = $argument . '=' . $defaults[$argument];
          }
          $this->registry['menu_router'][$route
            ->getPath()][] = $key . ' "' . $callback . '" (' . $dangerous_callbacks[$callback] . ') with the following arguments: "' . implode(',', $arguments) . '"';
        }
      }
    }
    if (empty($this->registry['menu_router'])) {
      return SiteAuditCheckAbstract::AUDIT_CHECK_SCORE_PASS;
    }
    return SiteAuditCheckAbstract::AUDIT_CHECK_SCORE_FAIL;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
SiteAuditCheckAbstract::$abort protected property Indicate that no other checks should be run after this check.
SiteAuditCheckAbstract::$customCode private static property Use for checking whether custom code paths have been validated.
SiteAuditCheckAbstract::$optOut protected property User has opted out of this check in configuration.
SiteAuditCheckAbstract::$percentOverride protected property If set, will override the Report's percentage.
SiteAuditCheckAbstract::$registry protected property Use for passing data between checks within a report.
SiteAuditCheckAbstract::$score protected property Quantifiable number associated with result on a scale of 0 to 2.
SiteAuditCheckAbstract::AUDIT_CHECK_SCORE_FAIL constant
SiteAuditCheckAbstract::AUDIT_CHECK_SCORE_INFO constant
SiteAuditCheckAbstract::AUDIT_CHECK_SCORE_PASS constant
SiteAuditCheckAbstract::AUDIT_CHECK_SCORE_WARN constant
SiteAuditCheckAbstract::getCustomCodePaths public function Returns an array containing custom code paths or AUDIT_CHECK_SCORE_INFO.
SiteAuditCheckAbstract::getExecPath public function Returns the path of the executable.
SiteAuditCheckAbstract::getOptions public function Returns the values of the valid options for a command.
SiteAuditCheckAbstract::getPercentOverride public function Get the report percent override, if any.
SiteAuditCheckAbstract::getRegistry public function Get the check registry.
SiteAuditCheckAbstract::getRelativePath public function Gives path relative to DRUPAL_ROOT of the path is inside Drupal.
SiteAuditCheckAbstract::getResult public function Determine the result message based on the score.
SiteAuditCheckAbstract::getScore public function Get a quantifiable number representing a check result; lazy initialization.
SiteAuditCheckAbstract::getScoreCssClass public function Get the CSS class associated with a score.
SiteAuditCheckAbstract::getScoreDrushLevel public function Get the Drush message level associated with a score.
SiteAuditCheckAbstract::getScoreLabel public function Get a human readable label for a score.
SiteAuditCheckAbstract::logXmlError public function Logs error if unable to parse XML output.
SiteAuditCheckAbstract::renderAction public function Display action items for a user to perform.
SiteAuditCheckAbstract::shouldAbort public function Determine whether the check failed so badly that the report must stop.
SiteAuditCheckAbstract::__construct public function Constructor.
SiteAuditCheckSecurityMenuRouter::calculateScore public function Implements \SiteAudit\Check\Abstract\calculateScore(). Overrides SiteAuditCheckAbstract::calculateScore
SiteAuditCheckSecurityMenuRouter::getAction public function Implements \SiteAudit\Check\Abstract\getAction(). Overrides SiteAuditCheckAbstract::getAction
SiteAuditCheckSecurityMenuRouter::getDescription public function Implements \SiteAudit\Check\Abstract\getDescription(). Overrides SiteAuditCheckAbstract::getDescription
SiteAuditCheckSecurityMenuRouter::getLabel public function Implements \SiteAudit\Check\Abstract\getLabel(). Overrides SiteAuditCheckAbstract::getLabel
SiteAuditCheckSecurityMenuRouter::getResultFail public function Implements \SiteAudit\Check\Abstract\getResultFail(). Overrides SiteAuditCheckAbstract::getResultFail
SiteAuditCheckSecurityMenuRouter::getResultInfo public function Implements \SiteAudit\Check\Abstract\getResultInfo(). Overrides SiteAuditCheckAbstract::getResultInfo
SiteAuditCheckSecurityMenuRouter::getResultPass public function Implements \SiteAudit\Check\Abstract\getResultPass(). Overrides SiteAuditCheckAbstract::getResultPass
SiteAuditCheckSecurityMenuRouter::getResultWarn public function Implements \SiteAudit\Check\Abstract\getResultWarn(). Overrides SiteAuditCheckAbstract::getResultWarn