X-Git-Url: http://www.aleph1.co.uk/gitweb/?p=yaffs-website;a=blobdiff_plain;f=web%2Fmodules%2Fcontrib%2Fsecurity_review%2Fsrc%2FChecks%2FField.php;fp=web%2Fmodules%2Fcontrib%2Fsecurity_review%2Fsrc%2FChecks%2FField.php;h=0000000000000000000000000000000000000000;hp=fa0e6e72ded630ac68b8715ba0f4a24490344bb2;hb=419f97be044f1aebd0713921ee604841127e9e84;hpb=052617e40b525f8b817d84c29b1c04951f427069
diff --git a/web/modules/contrib/security_review/src/Checks/Field.php b/web/modules/contrib/security_review/src/Checks/Field.php
deleted file mode 100644
index fa0e6e72d..000000000
--- a/web/modules/contrib/security_review/src/Checks/Field.php
+++ /dev/null
@@ -1,211 +0,0 @@
- 'script',
- 'PHP' => '?php',
- ];
-
- // Load all of the entities.
- $entities = [];
- $bundle_info = $this->entityManager()->getAllBundleInfo();
- foreach ($bundle_info as $entity_type_id => $bundles) {
- $current = $this->entityManager()
- ->getStorage($entity_type_id)
- ->loadMultiple();
- $entities = array_merge($entities, $current);
- }
-
- // Search for text fields.
- $text_items = [];
- foreach ($entities as $entity) {
- if ($entity instanceof FieldableEntityInterface) {
- /** @var FieldableEntityInterface $entity */
- foreach ($entity->getFields() as $field_list) {
- foreach ($field_list as $field_item) {
- if ($field_item instanceof TextItemBase) {
- /** @var TextItemBase $item */
- // Text field found.
- $text_items[] = $field_item;
- }
- }
- }
- }
- }
-
- // Scan the text items for vulnerabilities.
- foreach ($text_items as $item) {
- $entity = $item->getEntity();
- foreach ($item->getProperties() as $property) {
- /** @var TypedDataInterface $property */
- $value = $property->getValue();
- if (is_string($value)) {
- $field_name = $item->getFieldDefinition()->getLabel();
- foreach ($tags as $vulnerability => $tag) {
- if (strpos($value, '<' . $tag) !== FALSE) {
- // Vulnerability found.
- $findings[$entity->getEntityTypeId()][$entity->id()][$field_name][] = $vulnerability;
- }
- }
- }
- }
- }
-
- if (!empty($findings)) {
- $result = CheckResult::FAIL;
- }
-
- return $this->createResult($result, $findings);
- }
-
- /**
- * {@inheritdoc}
- */
- public function help() {
- $paragraphs = [];
- $paragraphs[] = $this->t('Script and PHP code in content does not align with Drupal best practices and may be a vulnerability if an untrusted user is allowed to edit such content. It is recommended you remove such contents.');
-
- return [
- '#theme' => 'check_help',
- '#title' => $this->t('Dangerous tags in content'),
- '#paragraphs' => $paragraphs,
- ];
- }
-
- /**
- * {@inheritdoc}
- */
- public function evaluate(CheckResult $result) {
- $findings = $result->findings();
- if (empty($findings)) {
- return [];
- }
-
- $paragraphs = [];
- $paragraphs[] = $this->t('The following items potentially have dangerous tags.');
-
- $items = [];
- foreach ($findings as $entity_type_id => $entities) {
- foreach ($entities as $entity_id => $fields) {
- $entity = $this->entityManager()
- ->getStorage($entity_type_id)
- ->load($entity_id);
-
- foreach ($fields as $field => $finding) {
- $url = $entity->toUrl('edit-form');
- if ($url === NULL) {
- $url = $entity->toUrl();
- }
- $items[] = $this->t(
- '@vulnerabilities found in @field field of @label',
- [
- '@vulnerabilities' => implode(' and ', $finding),
- '@field' => $field,
- '@label' => $entity->label(),
- ':url' => $url->toString(),
- ]
- );
- }
- }
- }
-
- return [
- '#theme' => 'check_evaluation',
- '#paragraphs' => $paragraphs,
- '#items' => $items,
- ];
- }
-
- /**
- * {@inheritdoc}
- */
- public function evaluatePlain(CheckResult $result) {
- $findings = $result->findings();
- if (empty($findings)) {
- return '';
- }
-
- $output = '';
- foreach ($findings as $entity_type_id => $entities) {
- foreach ($entities as $entity_id => $fields) {
- $entity = $this->entityManager()
- ->getStorage($entity_type_id)
- ->load($entity_id);
-
- foreach ($fields as $field => $finding) {
- $url = $entity->toUrl('edit-form');
- if ($url === NULL) {
- $url = $entity->toUrl();
- }
- $output .= "\t" . $this->t(
- '@vulnerabilities in @field of :link',
- [
- '@vulnerabilities' => implode(' and ', $finding),
- '@field' => $field,
- ':link' => $url->toString(),
- ]
- ) . "\n";
- }
- }
- }
-
- return $output;
- }
-
- /**
- * {@inheritdoc}
- */
- public function getMessage($result_const) {
- switch ($result_const) {
- case CheckResult::SUCCESS:
- return $this->t('Dangerous tags were not found in any submitted content (fields).');
-
- case CheckResult::FAIL:
- return $this->t('Dangerous tags were found in submitted content (fields).');
-
- default:
- return $this->t('Unexpected result.');
- }
- }
-
-}