MDL-71806 report_security: Improve public paths check

2025-04-13 20:42:22 +02:00 · 2021-06-01 18:24:53 +10:00 · 2021-06-01 18:24:53 +10:00 · 7d96f74f6f
commit 7d96f74f6f
parent 30b8ad51f4
3 changed files with 9 additions and 2 deletions
--- a/lib/classes/check/environment/publicpaths.php
+++ b/lib/classes/check/environment/publicpaths.php
@ -173,7 +173,7 @@ class publicpaths extends check {

        $status = result::OK;
        $details = '';
-        $summary = '';
+        $summary = get_string('check_publicpaths_ok', 'report_security');
        $errors = [];

        $c = new \curl();
@ -250,6 +250,7 @@ class publicpaths extends check {
                        } else {
                            $result = new result(result::ERROR, '', '');
                            $status = result::ERROR;
+                            $summary = get_string('check_publicpaths_warning', 'report_security');
                        }

                        $rowdetail = isset($path['details']) ? $path['details'] : $rowsummary;
--- a/lib/classes/check/table.php
+++ b/lib/classes/check/table.php
@ -118,7 +118,11 @@ class table implements \renderable {
            $row[] = $output->check_result($result);
            $row[] = $output->action_link($link, $check->get_name());

-            $row[] = $result->get_summary();
+            $row[] = $result->get_summary()
+                . '<br>'
+                . \html_writer::start_tag('small')
+                . $output->action_link($link, get_string('moreinfo'))
+                . \html_writer::end_tag('small');
            if ($actionlink) {
                $row[] = $output->render($actionlink);
            } else {
--- a/report/security/lang/en/report_security.php
+++ b/report/security/lang/en/report_security.php
@ -95,6 +95,8 @@ $string['check_preventexecpath_ok'] = 'Executable paths only settable in config.
 $string['check_preventexecpath_warning'] = 'Executable paths can be set in the Admin GUI.';
 $string['check_preventexecpath_details'] = '<p>Allowing executable paths to be set via the Admin GUI is a vector for privilege escalation. This must be forced in config.php:</p><p><code>$CFG->preventexecpath = true;<code></p>';
 $string['check_publicpaths_name'] = 'Check all public / private paths';
+$string['check_publicpaths_ok'] = 'All internal paths are not publicly accessible';
+$string['check_publicpaths_warning'] = 'Some internal paths are publicly accessible';
 $string['check_publicpaths_generic'] = '{$a} files should not be public';
 $string['check_publicpaths_403'] = ' (Returned a 403, ideally should be 404)';
 $string['check_riskadmin_detailsok'] = '<p>Please verify the following list of system administrators:</p>{$a}';