1C-Bitrix 25.700.0
Загрузка...
Поиск...
Не найдено
site_configuration.php
См. документацию.
1<?php
2
9
10use Bitrix\Main\SystemException;
11
16class CSecuritySiteConfigurationTest
17 extends CSecurityBaseTest
18{
19 protected $internalName = "SiteConfigurationTest";
20
21 protected $tests = array(
22 "securityLevel" => array(
23 "method" => "checkSecurityLevel"
24 ),
25 "errorReporting" => array(
26 "method" => "checkErrorReporting",
27 "base_message_key" => "SECURITY_SITE_CHECKER_ERROR_REPORTING",
28 "critical" => CSecurityCriticalLevel::MIDDLE
29 ),
30 "exceptionDebug" => array(
31 "method" => "checkExceptionDebug",
32 "base_message_key" => "SECURITY_SITE_CHECKER_EXCEPTION_DEBUG",
33 "critical" => CSecurityCriticalLevel::HIGHT
34 ),
35 "dbDebug" => array(
36 "method" => "checkDbDebug",
37 "base_message_key" => "SECURITY_SITE_CHECKER_DB_DEBUG",
38 "critical" => CSecurityCriticalLevel::HIGHT
39 ),
40 "dbPassword" => array(
41 "method" => "checkDbPassword"
42 ),
43 "scriptExtension" => array(
44 "method" => "checkScriptExtension"
45 ),
46 "modulesVersion" => array(
47 "method" => "checkModulesVersion"
48 ),
49 "captchaOn" => array(
50 "method" => "checkCaptchaOn"
51 ),
52 "hostsRestricted" => array(
53 "method" => "checkHostsRestricted",
54 "base_message_key" => "SECURITY_SITE_CHECKER_HOSTS_NOT_RESTRICTED",
55 "critical" => CSecurityCriticalLevel::MIDDLE
56 )
57 );
58
59 protected static $expectedScriptExtensions = "php,php3,php4,php5,php6,phtml,pl,asp,aspx,cgi,dll,exe,ico,shtm,shtml,fcg,fcgi,fpl,asmx,pht,py,psp";
60
61 public function __construct()
62 {
63 IncludeModuleLangFile(__FILE__);
64 }
65
69 protected function checkScriptExtension()
70 {
71 $actualExtensions = getScriptFileExt();
72 $missingExtensions = array_diff(
73 explode(",", self::$expectedScriptExtensions),
74 $actualExtensions
75 );
76
77 if(!empty($missingExtensions))
78 {
79 $this->addUnformattedDetailError(
80 "SECURITY_SITE_CHECKER_DANGER_EXTENSIONS",
81 CSecurityCriticalLevel::HIGHT,
82 getMessage("SECURITY_SITE_CHECKER_DANGER_EXTENSIONS_ADDITIONAL", array(
83 "#EXPECTED#" => self::$expectedScriptExtensions,
84 "#ACTUAL#" => join(",", $actualExtensions),
85 "#MISSING#" => join(",", $missingExtensions)
86 ))
87 );
88 return self::STATUS_FAILED;
89 }
90
91 return self::STATUS_PASSED;
92 }
93
94 protected function checkSecurityLevel()
95 {
96 $isFailed = false;
97 if(!CSecurityFilter::IsActive())
98 {
99 $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_WAF_OFF", CSecurityCriticalLevel::HIGHT);
100 $isFailed = true;
101 }
102 if(!CSecurityRedirect::IsActive())
103 {
104 $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_REDIRECT_OFF", CSecurityCriticalLevel::MIDDLE);
105 $isFailed = true;
106 }
107
108 $adminPolicy = \CCheckListTools::AdminPolicyLevel();
109 if($adminPolicy != "high")
110 {
111 $this->addUnformattedDetailError(
112 "SECURITY_SITE_CHECKER_ADMIN_SECURITY_LEVEL",
113 $adminPolicy == "middle" ? CSecurityCriticalLevel::LOW : CSecurityCriticalLevel::HIGHT
114 );
115 $isFailed = true;
116 }
117
118 if($isFailed)
119 return self::STATUS_FAILED;
120 else
121 return self::STATUS_PASSED;
122 }
123
130 protected function checkDbDebug()
131 {
133 global $DB;
134
135 if($DB->debug)
136 return self::STATUS_FAILED;
137 else
138 return self::STATUS_PASSED;
139 }
140
147 protected function checkErrorReporting()
148 {
149 $validErrorReporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR|E_PARSE;
150 if (
151 COption::GetOptionInt("main", "error_reporting", $validErrorReporting) != $validErrorReporting
152 && COption::GetOptionInt("main","error_reporting","") != 0
153 )
154 return self::STATUS_FAILED;
155 else
156 return self::STATUS_PASSED;
157 }
158
165 protected function checkExceptionDebug()
166 {
167 $exceptionConfig = \Bitrix\Main\Config\Configuration::getValue('exception_handling');
168 if(
169 is_array($exceptionConfig)
170 && isset($exceptionConfig['debug'])
171 && $exceptionConfig['debug']
172 )
173 return self::STATUS_FAILED;
174 else
175 return self::STATUS_PASSED;
176 }
177
184 protected function checkModulesVersion()
185 {
186 try
187 {
188 $updates = static::getAvailableUpdates();
189 if(!empty($updates))
190 {
191 $this->addUnformattedDetailError(
192 "SECURITY_SITE_CHECKER_MODULES_VERSION",
193 CSecurityCriticalLevel::HIGHT,
194 getMessage("SECURITY_SITE_CHECKER_MODULES_VERSION_ARRITIONAL", array(
195 "#MODULES#" => nl2br(htmlspecialcharsbx(join("\n", $updates)))
196 ))
197 );
198 return self::STATUS_FAILED;
199 }
200 }
201 catch (SystemException $e)
202 {
203 $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_MODULES_VERSION_ERROR", CSecurityCriticalLevel::HIGHT);
204 return self::STATUS_FAILED;
205 }
206
207 return self::STATUS_PASSED;
208 }
209
210 protected function checkDbPassword()
211 {
213 global $DB;
214 $password = $DB->DBPassword;
215 $sign = ",.#!*%$:-^@{}[]()'\"-+=<>?`&;";
216 $dit = "1234567890";
217 if(trim($password) == "")
218 {
219 $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_DB_EMPTY_PASS", CSecurityCriticalLevel::HIGHT);
220 }
221 else
222 {
223 if($password == mb_strtolower($password))
224 {
225 $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_DB_SAME_REGISTER_PASS", CSecurityCriticalLevel::HIGHT);
226 }
227 if(strpbrk($password, $sign) === false)
228 {
229 $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_DB_NO_SIGN_PASS", CSecurityCriticalLevel::HIGHT);
230 }
231 if(strpbrk($password, $dit) === false)
232 {
233 $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_DB_NO_DIT_PASS", CSecurityCriticalLevel::HIGHT);
234 }
235 if (mb_strlen($password) < 8)
236 {
237 $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_DB_MIN_LEN_PASS", CSecurityCriticalLevel::HIGHT);
238 }
239 }
240 }
241
247 protected static function getAvailableUpdates()
248 {
249 require_once($_SERVER['DOCUMENT_ROOT'].'/bitrix/modules/main/classes/general/update_client.php');
250
251 $errors = null;
252 $installedModules = CUpdateClient::GetCurrentModules($errors);
253 if ($errors !== null)
254 throw new SystemException($errors);
255
256 $stableVersionsOnly = COption::GetOptionString('main', 'stable_versions_only', 'Y');
257 $errors = null;
258 $updateList = CUpdateClient::GetUpdatesList($errors, LANG, $stableVersionsOnly);
259 if ($errors !== null)
260 throw new SystemException($errors);
261
262 if (
263 !isset($updateList['MODULES'])
264 || !is_array($updateList['MODULES'])
265 || !isset($updateList['MODULES'][0]['#'])
266 )
267 {
268 throw new SystemException('Empty update modules list');
269 }
270
271 $result = array();
272 if (!$updateList['MODULES'][0]['#'])
273 {
274 return $result;
275 }
276
277 if (
278 !isset($updateList['MODULES'][0]['#']['MODULE'])
279 || !is_array($updateList['MODULES'][0]['#']['MODULE'])
280 )
281 {
282 throw new SystemException('Empty update module list');
283 }
284
285 foreach ($updateList['MODULES'][0]['#']['MODULE'] as $module)
286 {
287 if (array_key_exists($module['@']['ID'], $installedModules))
288 $result[] = $module['@']['ID'];
289 }
290
291 return $result;
292 }
293
294 protected function checkCaptchaOn()
295 {
296 $isFailed = false;
297 if (COption::GetOptionString("main", "new_user_registration", "N") == "Y" && COption::GetOptionString("main", "captcha_registration", "N") != "Y")
298 {
299 $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_REGISTRATION_CAPTCHA_OFF", CSecurityCriticalLevel::MIDDLE);
300 $isFailed = true;
301 }
302 if (COption::GetOptionString("main", "captcha_restoring_password", "N") != "Y")
303 {
304 $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_PASSWORD_RESTORING_CAPTCHA_OFF", CSecurityCriticalLevel::MIDDLE);
305 $isFailed = true;
306 }
307
308 return $isFailed ? self::STATUS_FAILED : self::STATUS_PASSED;
309 }
310
311 protected function checkHostsRestricted()
312 {
313 $hosts = new Bitrix\Security\HostRestriction();
314 return $hosts->getActive() ? self::STATUS_PASSED: self::STATUS_FAILED;
315 }
316
317}
Bitrix\Main\Config\Configuration\getValue
static getValue($name)
Определения configuration.php:24
CCheckListTools\AdminPolicyLevel
static AdminPolicyLevel()
Определения checklist.php:1589
CSecurityBaseTest
Определения base_test.php:14
CSecurityBaseTest\addUnformattedDetailError
addUnformattedDetailError($baseMessageKey, $critical, $additionalInfo="")
Определения base_test.php:283
CSecurityCriticalLevel\LOW
const LOW
Определения critical_level.php:15
CSecurityCriticalLevel\MIDDLE
const MIDDLE
Определения critical_level.php:16
CSecurityCriticalLevel\HIGHT
const HIGHT
Определения critical_level.php:17
CSecurityRedirect\IsActive
static IsActive()
Определения redirect.php:400
CSecuritySiteConfigurationTest\$expectedScriptExtensions
static $expectedScriptExtensions
Определения site_configuration.php:59
CSecuritySiteConfigurationTest\getAvailableUpdates
static getAvailableUpdates()
Определения site_configuration.php:247
array
</td ></tr ></table ></td ></tr >< tr >< td class="bx-popup-label bx-width30"><?=GetMessage("PAGE_NEW_TAGS")?> array( $site)
Определения file_new.php:804
$result
$result
Определения get_property_values.php:14
$errors
$errors
Определения iblock_catalog_edit.php:74
$_SERVER
$_SERVER["DOCUMENT_ROOT"]
Определения cron_frame.php:9
$DB
global $DB
Определения cron_frame.php:29
htmlspecialcharsbx
htmlspecialcharsbx($string, $flags=ENT_COMPAT, $doubleEncode=true)
Определения tools.php:2701
IncludeModuleLangFile
IncludeModuleLangFile($filepath, $lang=false, $bReturnArray=false)
Определения tools.php:3778
$sign
$sign
Определения payment.php:69
$password
$password
Определения result.php:7