MDL-71806 report_security: Improve public paths check

clenisson · Jun 1, 2021 · 7d96f74 · 7d96f74
1 parent 30b8ad5
commit 7d96f74
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 2 deletions.
diff --git a/lib/classes/check/environment/publicpaths.php b/lib/classes/check/environment/publicpaths.php
@@ -173,7 +173,7 @@ public function get_result(): result {
 
         $status = result::OK;
         $details = '';
-        $summary = '';
+        $summary = get_string('check_publicpaths_ok', 'report_security');
         $errors = [];
 
         $c = new \curl();
@@ -250,6 +250,7 @@ public function get_result(): result {
                         } else {
                             $result = new result(result::ERROR, '', '');
                             $status = result::ERROR;
+                            $summary = get_string('check_publicpaths_warning', 'report_security');
                         }
 
                         $rowdetail = isset($path['details']) ? $path['details'] : $rowsummary;

diff --git a/lib/classes/check/table.php b/lib/classes/check/table.php
@@ -118,7 +118,11 @@ public function render($output) {
             $row[] = $output->check_result($result);
             $row[] = $output->action_link($link, $check->get_name());
 
-            $row[] = $result->get_summary();
+            $row[] = $result->get_summary()
+                . '<br>'
+                . \html_writer::start_tag('small')
+                . $output->action_link($link, get_string('moreinfo'))
+                . \html_writer::end_tag('small');
             if ($actionlink) {
                 $row[] = $output->render($actionlink);
             } else {

diff --git a/report/security/lang/en/report_security.php b/report/security/lang/en/report_security.php
@@ -95,6 +95,8 @@
 $string['check_preventexecpath_warning'] = 'Executable paths can be set in the Admin GUI.';
 $string['check_preventexecpath_details'] = '<p>Allowing executable paths to be set via the Admin GUI is a vector for privilege escalation. This must be forced in config.php:</p><p><code>$CFG->preventexecpath = true;<code></p>';
 $string['check_publicpaths_name'] = 'Check all public / private paths';
+$string['check_publicpaths_ok'] = 'All internal paths are not publicly accessible';
+$string['check_publicpaths_warning'] = 'Some internal paths are publicly accessible';
 $string['check_publicpaths_generic'] = '{$a} files should not be public';
 $string['check_publicpaths_403'] = ' (Returned a 403, ideally should be 404)';
 $string['check_riskadmin_detailsok'] = '<p>Please verify the following list of system administrators:</p>{$a}';