Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/phabricator
 Path: blob/master/src/applications/config/check/PhabricatorSecuritySetupCheck.php
12256 views
1
<?php

2


3
final class PhabricatorSecuritySetupCheck extends PhabricatorSetupCheck {

4


5
  public function getDefaultGroup() {

6
    return self::GROUP_OTHER;

7
  }

8


9
  protected function executeChecks() {

10


11
    // This checks for a version of bash with the "Shellshock" vulnerability.

12
    // For details, see T6185.

13


14
    $payload = array(

15
      'SHELLSHOCK_PAYLOAD' => '() { :;} ; echo VULNERABLE',

16
    );

17


18
    list($err, $stdout) = id(new ExecFuture('echo shellshock-test'))

19
      ->setEnv($payload, $wipe_process_env = true)

20
      ->resolve();

21


22
    if (!$err && preg_match('/VULNERABLE/', $stdout)) {

23
      $summary = pht(

24
        'This system has an unpatched version of Bash with a severe, widely '.

25
        'disclosed vulnerability.');

26


27
      $message = pht(

28
        'The version of %s on this system is out of date and contains a '.

29
        'major, widely disclosed vulnerability (the "Shellshock" '.

30
        'vulnerability).'.

31
        "\n\n".

32
        'Upgrade %s to a patched version.'.

33
        "\n\n".

34
        'To learn more about how this issue affects this software, see %s.',

35
        phutil_tag('tt', array(), 'bash'),

36
        phutil_tag('tt', array(), 'bash'),

37
        phutil_tag(

38
          'a',

39
          array(

40
            'href' => 'https://secure.phabricator.com/T6185',

41
            'target' => '_blank',

42
          ),

43
          pht('T6185 "Shellshock" Bash Vulnerability')));

44


45
      $this

46
        ->newIssue('security.shellshock')

47
        ->setName(pht('Severe Security Vulnerability: Unpatched Bash'))

48
        ->setSummary($summary)

49
        ->setMessage($message);

50
    }

51


52
    $file_key = 'security.alternate-file-domain';

53
    $file_domain = PhabricatorEnv::getEnvConfig($file_key);

54
    if (!$file_domain) {

55
      $doc_href = PhabricatorEnv::getDoclink('Configuring a File Domain');

56


57
      $this->newIssue('security.'.$file_key)

58
        ->setName(pht('Alternate File Domain Not Configured'))

59
        ->setSummary(

60
          pht(

61
            'Improve security by configuring an alternate file domain.'))

62
        ->setMessage(

63
          pht(

64
            'This software is currently configured to serve user uploads '.

65
            'directly from the same domain as other content. This is a '.

66
            'security risk.'.

67
            "\n\n".

68
            'Configure a CDN (or alternate file domain) to eliminate this '.

69
            'risk. Using a CDN will also improve performance. See the '.

70
            'guide below for instructions.'))

71
        ->addPhabricatorConfig($file_key)

72
        ->addLink(

73
          $doc_href,

74
          pht('Configuration Guide: Configuring a File Domain'));

75
    }

76
  }

77
}

78


79