recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
fork atom
phorge / src / applications / config / check / PhabricatorSecuritySetupCheck.php
at upstream/main 77 lines 2.6 kB view raw
epriestley Remove product literal strings in "pht()", part 15
ce1972bf
1<?php 2 3final class PhabricatorSecuritySetupCheck extends PhabricatorSetupCheck { 4 5 public function getDefaultGroup() { 6 return self::GROUP_OTHER; 7 } 8 9 protected function executeChecks() { 10 11 // This checks for a version of bash with the "Shellshock" vulnerability. 12 // For details, see T6185. 13 14 $payload = array( 15 'SHELLSHOCK_PAYLOAD' => '() { :;} ; echo VULNERABLE', 16 ); 17 18 list($err, $stdout) = id(new ExecFuture('echo shellshock-test')) 19 ->setEnv($payload, $wipe_process_env = true) 20 ->resolve(); 21 22 if (!$err && preg_match('/VULNERABLE/', $stdout)) { 23 $summary = pht( 24 'This system has an unpatched version of Bash with a severe, widely '. 25 'disclosed vulnerability.'); 26 27 $message = pht( 28 'The version of %s on this system is out of date and contains a '. 29 'major, widely disclosed vulnerability (the "Shellshock" '. 30 'vulnerability).'. 31 "\n\n". 32 'Upgrade %s to a patched version.'. 33 "\n\n". 34 'To learn more about how this issue affects this software, see %s.', 35 phutil_tag('tt', array(), 'bash'), 36 phutil_tag('tt', array(), 'bash'), 37 phutil_tag( 38 'a', 39 array( 40 'href' => 'https://secure.phabricator.com/T6185', 41 'target' => '_blank', 42 ), 43 pht('T6185 "Shellshock" Bash Vulnerability'))); 44 45 $this 46 ->newIssue('security.shellshock') 47 ->setName(pht('Severe Security Vulnerability: Unpatched Bash')) 48 ->setSummary($summary) 49 ->setMessage($message); 50 } 51 52 $file_key = 'security.alternate-file-domain'; 53 $file_domain = PhabricatorEnv::getEnvConfig($file_key); 54 if (!$file_domain) { 55 $doc_href = PhabricatorEnv::getDoclink('Configuring a File Domain'); 56 57 $this->newIssue('security.'.$file_key) 58 ->setName(pht('Alternate File Domain Not Configured')) 59 ->setSummary( 60 pht( 61 'Improve security by configuring an alternate file domain.')) 62 ->setMessage( 63 pht( 64 'This software is currently configured to serve user uploads '. 65 'directly from the same domain as other content. This is a '. 66 'security risk.'. 67 "\n\n". 68 'Configure a CDN (or alternate file domain) to eliminate this '. 69 'risk. Using a CDN will also improve performance. See the '. 70 'guide below for instructions.')) 71 ->addPhabricatorConfig($file_key) 72 ->addLink( 73 $doc_href, 74 pht('Configuration Guide: Configuring a File Domain')); 75 } 76 } 77}