5 * Contains \Drupal\security_review\Checks\BaseUrl.
8 namespace Drupal\security_review\Checks;
11 use Drupal\security_review\Check;
12 use Drupal\security_review\CheckResult;
15 * Defines a security check that checks the error reporting setting.
17 class ErrorReporting extends Check {
22 public function getNamespace() {
23 return 'Security Review';
29 public function getTitle() {
30 return 'Error reporting';
36 public function run() {
37 // Get the error level.
38 $error_level = $this->configFactory()->get('system.logging')
41 // Determine the result.
42 if (is_null($error_level) || $error_level != 'hide') {
43 $result = CheckResult::FAIL;
46 $result = CheckResult::SUCCESS;
49 return $this->createResult($result, ['level' => $error_level]);
55 public function help() {
57 $paragraphs[] = $this->t('As a form of hardening your site you should avoid information disclosure. Drupal by default prints errors to the screen and writes them to the log. Error messages disclose the full path to the file where the error occurred.');
60 '#theme' => 'check_help',
61 '#title' => $this->t('Error reporting'),
62 '#paragraphs' => $paragraphs,
69 public function evaluate(CheckResult $result) {
70 if ($result->result() == CheckResult::SUCCESS) {
75 $paragraphs[] = $this->t('You have error reporting set to both the screen and the log.');
76 $paragraphs[] = $this->l(
77 $this->t('Alter error reporting settings.'),
78 Url::fromRoute('system.logging_settings')
82 '#theme' => 'check_evaluation',
83 '#paragraphs' => $paragraphs,
91 public function evaluatePlain(CheckResult $result) {
92 if ($result->result() == CheckResult::SUCCESS) {
96 if (isset($result->findings()['level'])) {
97 return $this->t('Error level: @level', [
98 '@level' => $result->findings()['level'],
107 public function getMessage($result_const) {
108 switch ($result_const) {
109 case CheckResult::SUCCESS:
110 return $this->t('Error reporting set to log only.');
112 case CheckResult::FAIL:
113 return $this->t('Errors are written to the screen.');
116 return $this->t('Unexpected result.');