1C-Bitrix 25.700.0
Загрузка...
Поиск...
Не найдено
file_permissions.php
См. документацию.
1<?
8
13class CSecurityFilePermissionsTest
14 extends CSecurityBaseTest
15{
16 const MAX_OUTPUT_FILES = 5;
17 protected $internalName = "FilePermissionsTest";
18 protected static $interestingFileExtentions = array(".php", ".js", ".htaccess", ".html");
19 protected static $skipDirs = array("upload");
20 protected $filesCount = 0;
21 protected $filesPath = array();
22
23 protected $maximumExecutionTime = 0.0;
24 protected $savedMaxExecutionTime = 0.0;
25
26 public function __construct()
27 {
28 IncludeModuleLangFile(__FILE__);
29 $this->savedMaxExecutionTime = ini_get("max_execution_time");
30 if($this->savedMaxExecutionTime <= 0)
31 $phpMaxExecutionTime = 30;
32 else
33 $phpMaxExecutionTime = $this->savedMaxExecutionTime - 2;
34 $this->maximumExecutionTime = time() + $phpMaxExecutionTime;
35 set_time_limit(0);
36 }
37
38 public function __destruct()
39 {
40 set_time_limit($this->savedMaxExecutionTime);
41 }
42
50 public function checkRequirements($params = array())
51 {
52 if($this->maximumExecutionTime - time() <= 5)
53 throw new CSecurityRequirementsException(GetMessage('SECURITY_SITE_CHECKER_FILE_PERM_SMALL_MAX_EXEC'));
54 return true;
55 }
56
62 public function check(array $params = array())
63 {
64 $this->initializeParams($params);
65 if(!self::isRunOnWin())
66 {
67 $folder = self::getParam("folder", $_SERVER["DOCUMENT_ROOT"]);
68 try
69 {
70 $this->checkWorldWritableDirRecursive($folder);
71 }
72 catch(Exception $e)
73 {
74 return array(
75 "name" => $this->getName(),
76 "status" => true,
77 "fatal_error_text" => GetMessage($e->getMessage())
78 );
79 }
80 }
81
82 if($this->filesCount <= self::MAX_OUTPUT_FILES)
83 $recommendationFilesCount = $this->filesCount;
84 else
85 $recommendationFilesCount = self::MAX_OUTPUT_FILES;
86
87 $additionalInfo = GetMessage("SECURITY_SITE_CHECKER_FILE_PERM_ADDITIONAL",array("#COUNT#" => $recommendationFilesCount));
88 $additionalInfo .= "<br>";
89 $additionalInfo .= $this->getFilesPathInString();
90
91 $result = array(
92 "name" => $this->getName(),
93 "problem_count" => 1,
94 "errors" => array(
95 array(
96 "title" => GetMessage("SECURITY_SITE_CHECKER_FILE_PERM_TITLE", array("#COUNT#" => $this->filesCount)),
97 "critical" => CSecurityCriticalLevel::HIGHT,
98 "detail" => GetMessage("SECURITY_SITE_CHECKER_FILE_PERM_DETAIL"),
99 "recommendation" => GetMessage("SECURITY_SITE_CHECKER_FILE_PERM_RECOMMENDATION"),
100 "additional_info" => $additionalInfo
101 )
102 ),
103 "status" => ($this->filesCount <= 0)
104 );
105 return $result;
106 }
107
112 protected static function isInterestingDir($pFileName)
113 {
114 return is_dir($pFileName);
115 }
116
121 protected static function isInterestingFile($pFileName)
122 {
123 return is_file($pFileName) && in_array(mb_substr($pFileName, -4), self::$interestingFileExtentions, true);
124 }
125
131 protected function checkWorldWritableDirRecursive($pDir)
132 {
133 $result = false;
134 if ($handle = opendir($pDir))
135 {
136 while (false !== ($item = readdir($handle)))
137 {
138 if($item == "." || $item == ".." || in_array($item, self::$skipDirs))
139 continue;
140
141 if($this->filesCount > self::MAX_OUTPUT_FILES)
142 return $result;
143
144 if(time() >= $this->maximumExecutionTime)
145 throw new Exception('SECURITY_SITE_CHECKER_FILE_PERM_TIMEOUT');
146
147 $curFile = $pDir."/".$item;
148 $isInteresting = self::isInterestingFile($curFile) || self::isInterestingDir($curFile);
149 if ($isInteresting && self::isWorldWritable($curFile))
150 {
151 $result = true;
152 $this->filesCount++;
153 $this->addFilePath($curFile);
154
155 }
156 if (is_dir($curFile))
157 {
158 if($this->checkWorldWritableDirRecursive($curFile))
159 {
160 $result = true;
161 }
162 }
163 }
164 closedir($handle);
165 }
166 return $result;
167 }
168
172 protected function addFilePath($pFilePath)
173 {
174 if($this->filesCount <= self::MAX_OUTPUT_FILES)
175 {
176 array_push($this->filesPath, self::removeDocumentRoot($pFilePath));
177 }
178 }
179
183 protected function getFilesPath()
184 {
185 return $this->filesPath;
186 }
187
192 protected function getFilesPathInString($pGlue = "<br>")
193 {
194 return implode($pGlue, $this->filesPath);
195 }
196}
CSecurityBaseTest
Определения base_test.php:14
CSecurityBaseTest\getName
getName()
Определения base_test.php:28
CSecurityBaseTest\initializeParams
initializeParams(array $params=array())
Определения base_test.php:115
CSecurityBaseTest\getParam
getParam($name, $defaultValue="")
Определения base_test.php:182
CSecurityBaseTest\$params
$params
Определения base_test.php:20
CSecurityCriticalLevel\HIGHT
const HIGHT
Определения critical_level.php:17
CSecurityFilePermissionsTest\checkRequirements
checkRequirements($params=array())
Определения file_permissions.php:50
CSecurityFilePermissionsTest\$interestingFileExtentions
static $interestingFileExtentions
Определения file_permissions.php:18
CSecurityFilePermissionsTest\checkWorldWritableDirRecursive
checkWorldWritableDirRecursive($pDir)
Определения file_permissions.php:131
CSecurityFilePermissionsTest\isInterestingDir
static isInterestingDir($pFileName)
Определения file_permissions.php:112
CSecurityFilePermissionsTest\check
check(array $params=array())
Определения file_permissions.php:62
CSecurityFilePermissionsTest\isInterestingFile
static isInterestingFile($pFileName)
Определения file_permissions.php:121
CSecurityFilePermissionsTest\addFilePath
addFilePath($pFilePath)
Определения file_permissions.php:172
CSecurityFilePermissionsTest\getFilesPathInString
getFilesPathInString($pGlue="<br>")
Определения file_permissions.php:192
array
</td ></tr ></table ></td ></tr >< tr >< td class="bx-popup-label bx-width30"><?=GetMessage("PAGE_NEW_TAGS")?> array( $site)
Определения file_new.php:804
$handle
$handle
Определения include.php:55
$result
$result
Определения get_property_values.php:14
$_SERVER
$_SERVER["DOCUMENT_ROOT"]
Определения cron_frame.php:9
IncludeModuleLangFile
IncludeModuleLangFile($filepath, $lang=false, $bReturnArray=false)
Определения tools.php:3778
GetMessage
GetMessage($name, $aReplace=null)
Определения tools.php:3397