www.aleph1.co.uk Git - yaffs-website/blob - web/modules/contrib/security_review/src/Controller/ChecklistController.php

   1 <?php
   2
   3 namespace Drupal\security_review\Controller;
   4
   5 use Drupal\Core\Access\CsrfTokenGenerator;
   6 use Drupal\Core\Controller\ControllerBase;
   7 use Drupal\Core\Link;
   8 use Drupal\Core\Url;
   9 use Drupal\security_review\Checklist;
  10 use Drupal\security_review\SecurityReview;
  11 use Symfony\Component\DependencyInjection\ContainerInterface;
  12
  13 /**
  14  * The class of the 'Run & Review' page's controller.
  15  */
  16 class ChecklistController extends ControllerBase {
  17
  18   /**
  19    * The CSRF Token generator.
  20    *
  21    * @var \Drupal\Core\Access\CsrfTokenGenerator $csrfToken
  22    */
  23   protected $csrfToken;
  24
  25   /**
  26    * The security_review.checklist service.
  27    *
  28    * @var \Drupal\security_review\Checklist
  29    */
  30   protected $checklist;
  31
  32   /**
  33    * The security_review service.
  34    *
  35    * @var \Drupal\security_review\SecurityReview
  36    */
  37   protected $securityReview;
  38
  39
  40   /**
  41    * Constructs a ChecklistController.
  42    *
  43    * @param \Drupal\Core\Access\CsrfTokenGenerator $csrf_token_generator
  44    *   The CSRF Token generator.
  45    * @param \Drupal\security_review\SecurityReview $security_review
  46    *   The security_review service.
  47    * @param \Drupal\security_review\Checklist $checklist
  48    *   The security_review.checklist service.
  49    */
  50   public function __construct(CsrfTokenGenerator $csrf_token_generator, SecurityReview $security_review, Checklist $checklist) {
  51     $this->csrfToken = $csrf_token_generator;
  52     $this->checklist = $checklist;
  53     $this->securityReview = $security_review;
  54   }
  55
  56   /**
  57    * {@inheritdoc}
  58    */
  59   public static function create(ContainerInterface $container) {
  60     return new static(
  61       $container->get('csrf_token'),
  62       $container->get('security_review'),
  63       $container->get('security_review.checklist')
  64     );
  65   }
  66
  67   /**
  68    * Creates the Run & Review page.
  69    *
  70    * @return array
  71    *   The 'Run & Review' page's render array.
  72    */
  73   public function index() {
  74     $run_form = [];
  75
  76     // If the user has the required permissions, show the RunForm.
  77     if ($this->currentUser()->hasPermission('run security checks')) {
  78       // Get the Run form.
  79       $run_form = $this->formBuilder()
  80         ->getForm('Drupal\security_review\Form\RunForm');
  81
  82       // Close the Run form if there are results.
  83       if ($this->securityReview->getLastRun() > 0) {
  84         $run_form['run_form']['#open'] = FALSE;
  85       }
  86     }
  87
  88     // Print the results if any.
  89     if ($this->securityReview->getLastRun() <= 0) {
  90       // If they haven't configured the site, prompt them to do so.
  91       if (!$this->securityReview->isConfigured()) {
  92         drupal_set_message($this->t('It appears this is your first time using the Security Review checklist. Before running the checklist please review the settings page at <a href=":url">admin/reports/security-review/settings</a> to set which roles are untrusted.',
  93           [':url' => Url::fromRoute('security_review.settings')->toString()]
  94         ), 'warning');
  95       }
  96     }
  97
  98     return [$run_form, $this->results()];
  99   }
 100
 101   /**
 102    * Creates the results' table.
 103    *
 104    * @return array
 105    *   The render array for the result table.
 106    */
 107   public function results() {
 108     // If there are no results return.
 109     if ($this->securityReview->getLastRun() <= 0) {
 110       return [];
 111     }
 112
 113     $checks = [];
 114     foreach ($this->checklist->getChecks() as $check) {
 115       // Initialize with defaults.
 116       $check_info = [
 117         'message' => $this->t(
 118           'The check "@name" hasn\'t been run yet.',
 119           ['@name' => $check->getTitle()]
 120         ),
 121         'skipped' => $check->isSkipped(),
 122       ];
 123
 124       // Get last result.
 125       $last_result = $check->lastResult();
 126       if ($last_result != NULL) {
 127         if (!$last_result->isVisible()) {
 128           continue;
 129         }
 130         $check_info['result'] = $last_result->result();
 131         $check_info['message'] = $last_result->resultMessage();
 132       }
 133
 134       // Determine help link.
 135       $check_info['help_link'] = Link::createFromRoute(
 136         'Details',
 137         'security_review.help',
 138         [
 139           'namespace' => $check->getMachineNamespace(),
 140           'title' => $check->getMachineTitle(),
 141         ]
 142       );
 143
 144       // Add toggle button.
 145       $toggle_text = $check->isSkipped() ? 'Enable' : 'Skip';
 146       $check_info['toggle_link'] = Link::createFromRoute($toggle_text,
 147         'security_review.toggle',
 148         ['check_id' => $check->id()],
 149         ['query' => ['token' => $this->csrfToken->get($check->id())]]
 150       );
 151
 152       // Add to array of completed checks.
 153       $checks[] = $check_info;
 154     }
 155
 156     return [
 157       '#theme' => 'run_and_review',
 158       '#date' => $this->securityReview->getLastRun(),
 159       '#checks' => $checks,
 160       '#attached' => [
 161         'library' => ['security_review/run_and_review'],
 162       ],
 163     ];
 164   }
 165
 166 }