Skip to content

Commit

Permalink
security report MDL-20834 Merged 'report_security_check_riskbackup' c…
Browse files Browse the repository at this point in the history 
…heck from 1.9
  • Loading branch information
@moodler
moodler committed Nov 26, 2009
1 parent 189376d commit dbec9af
Show file tree
Hide file tree
Showing 2 changed files with 123 additions and 1 deletion.
110 changes: 110 additions & 0 deletions admin/report/security/lib.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ function report_security_get_issue_list() {
'report_security_check_configrw',
'report_security_check_riskxss',
'report_security_check_riskadmin',
'report_security_check_riskbackup',
'report_security_check_defaultuserrole',
'report_security_check_guestrole',
'report_security_check_frontpagerole',
Expand Down Expand Up @@ -1103,3 +1104,112 @@ function report_security_check_riskadmin($detailed=false) {

return $result;
}

/**
* Lists all roles that have the ability to backup user data, as well as users
* @param bool $detailed
* @return object result
*/
function report_security_check_riskbackup($detailed=false) {
global $CFG;

$result = new object();
$result->issue = 'report_security_check_riskbackup';
$result->name = get_string('check_riskbackup_name', 'report_security');
$result->info = null;
$result->details = null;
$result->status = null;
$result->link = null;

$syscontext = get_context_instance(CONTEXT_SYSTEM);

$systemroles = get_records_sql(
"SELECT DISTINCT r.*
FROM {$CFG->prefix}role r
JOIN {$CFG->prefix}role_capabilities rc ON rc.roleid = r.id
WHERE rc.capability = 'moodle/backup:userinfo' AND rc.contextid = $syscontext->id AND rc.permission = ".CAP_ALLOW."");

$overriddenroles = get_records_sql(
"SELECT DISTINCT r.*, rc.contextid
FROM {$CFG->prefix}role r
JOIN {$CFG->prefix}role_capabilities rc ON rc.roleid = r.id
WHERE rc.capability = 'moodle/backup:userinfo' AND rc.contextid <> $syscontext->id AND rc.permission = ".CAP_ALLOW."");

// list of users that are able to backup personal info
// note: "sc" is context where is role assigned,
// "c" is context where is role overriden or system context if in role definition
$sqluserinfo = "
FROM (SELECT rcx.*
FROM {$CFG->prefix}role_capabilities rcx
WHERE rcx.permission = ".CAP_ALLOW." AND rcx.capability = 'moodle/backup:userinfo') rc,
{$CFG->prefix}context c,
{$CFG->prefix}context sc,
{$CFG->prefix}role_assignments ra,
{$CFG->prefix}user u
WHERE c.id = rc.contextid
AND (sc.path = c.path OR sc.path LIKE ".sql_concat('c.path', "'/%'")." OR c.path LIKE ".sql_concat('sc.path', "'/%'").")
AND u.id = ra.userid AND u.deleted = 0
AND ra.contextid = sc.id AND ra.roleid = rc.roleid
AND sc.contextlevel <= ".CONTEXT_COURSE." AND c.contextlevel <= ".CONTEXT_COURSE."";

$usercount = count_records_sql("SELECT COUNT('x') FROM (SELECT DISTINCT u.id $sqluserinfo) userinfo");
$systemrolecount = empty($systemroles) ? 0 : count($systemroles);
$overriddenrolecount = empty($overriddenroles) ? 0 : count($overriddenroles);

$result->status = REPORT_SECURITY_WARNING; // there is always at least one admin
$a = (object)array('rolecount'=>$systemrolecount,'overridecount'=>$overriddenrolecount,'usercount'=>$usercount);
$result->info = get_string('check_riskbackup_warning', 'report_security', $a);

if ($detailed) {

$result->details = ''; // Will be added to later

// Make a list of roles
if ($systemroles) {
$links = array();
foreach ($systemroles as $role) {
$role->url = "$CFG->wwwroot/$CFG->admin/roles/manage.php?action=edit&amp;roleid=$role->id";
$links[] = '<li>'.get_string('check_riskbackup_editrole', 'report_security', $role).'</li>';
}
$links = '<ul>'.implode($links).'</ul>';
$result->details .= get_string('check_riskbackup_details_systemroles', 'report_security', $links);
}

// Make a list of overrides to roles
$rolelinks2 = array();
if ($overriddenroles) {
$links = array();
foreach ($overriddenroles as $role) {
$context = get_context_instance_by_id($role->contextid);
if ($context->contextlevel == CONTEXT_COURSE) {
$role->name = role_get_name($role, $context);
}
$role->contextname = print_context_name($context);
$role->url = "$CFG->wwwroot/$CFG->admin/roles/override.php?contextid=$role->contextid&amp;roleid=$role->id";
$links[] = '<li>'.get_string('check_riskbackup_editoverride', 'report_security', $role).'</li>';
}
$links = '<ul>'.implode($links).'</ul>';
$result->details .= get_string('check_riskbackup_details_overriddenroles', 'report_security', $links);
}

// Get a list of affected users as well
$rs = get_recordset_sql("SELECT DISTINCT u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email, ra.contextid, ra.roleid
$sqluserinfo ORDER BY u.lastname, u.firstname");

$users = array();
while ($user = rs_fetch_next_record($rs)) {
$context = get_context_instance_by_id($user->contextid);
$url = "$CFG->wwwroot/$CFG->admin/roles/assign.php?contextid=$user->contextid&amp;roleid=$user->roleid";
$a = (object)array('fullname'=>fullname($user), 'url'=>$url, 'email'=>$user->email,
'contextname'=>print_context_name($context));
$users[] = '<li>'.get_string('check_riskbackup_unassign', 'report_security', $a).'</li>';
}
rs_close($rs);
if (!empty($users)) {
$users = '<ul>'.implode($users).'</ul>';
$result->details .= get_string('check_riskbackup_details_users', 'report_security', $users);
}
}

return $result;
}
14 changes: 13 additions & 1 deletion lang/en_utf8/report_security.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,11 +131,23 @@

$string['check_riskadmin_detailsok'] = '<p>Please verify the following list of system administrators:</p>$a';
$string['check_riskadmin_detailswarning'] = '<p>Please verify the following list of system administrators:</p>$a->admins
<p>It is recommended to assign administrator role in system context only. Following users have unsupported admin role assignments:</p>$a->unsupported';
<p>It is recommended to assign administrator role in the system context only. The following users have (unsupported) admin role assignments in other contexts:</p>$a->unsupported';
$string['check_riskadmin_name'] = 'Administrators';
$string['check_riskadmin_ok'] = 'Found $a server administrator(s).';
$string['check_riskadmin_unassign'] = '<a href=\"$a->url\">$a->fullname ($a->email) review role assignment</a>';
$string['check_riskadmin_warning'] = 'Found $a->admincount server administrators and $a->unsupcount unsupported admin role assignments.';
$string['check_riskadmin_name'] = 'Administrators';

$string['check_riskbackup_name'] = 'Backup of user data';
$string['check_riskbackup_warning'] = 'Found $a->rolecount roles, $a->overridecount overrides and $a->usercount users with the ability to backup user data.';
$string['check_riskbackup_details_systemroles'] = '<p>The following system roles currently allow users to include user data in backups. Please make sure this permission is necessary.</p> $a';
$string['check_riskbackup_details_overriddenroles'] = '<p>These active overrides give users the ability to include user data in backups. Please make sure this permission is necessary.</p> $a';
$string['check_riskbackup_details_users'] = '<p>Because of the above roles or local overrides, the following user accounts currently have permission to make backups containing private data from any users enrolled in their course. Make sure they are (a) trusted and (b) protected by strong passwords:</p> $a';
$string['check_riskbackup_editrole'] = '<a href=\"$a->url\">$a->name</a>';
$string['check_riskbackup_editoverride'] = '<a href=\"$a->url\">$a->name in $a->contextname</a>';
$string['check_riskbackup_unassign'] = '<a href=\"$a->url\">$a->fullname ($a->email) in $a->contextname</a>';
$string['check_riskbackup_ok'] = 'No roles explicitly allow backup of user data';
$string['check_riskbackup_detailsok'] = 'No roles explicitly allow backup of user data. However, note that admins with the \"doanything\" capability are still likely to be able to do this.';

$string['check_riskxss_details'] = '<p>RISK_XSS denotes all dangerous capabilities that only trusted users may use.</p>
<p>Please verify the following list of users and make sure that you trust them completely on this server:</p><p>$a</p>';
Expand Down

0 comments on commit dbec9af

Please sign in to comment.