Policy verification is a simple library that provides base classes for creating and reporting security policy checks.
Each policy check returns as a result whether the policy passes or not. Other information is also reported like the actions to be taken if the policy is failing.
This library does not provide any policy check by default. To create new checks, create a new Composer package and add a dependency to it.
composer require edisonlabs/policy-verification
Now create the policy check classes extending the base class provided by the library.
The classes must be created at /src/EdisonLabs/PolicyVerification.
This is a requirement for the library to automagically locate and perform the checks during the report generation.
// File: /src/EdisonLabs/PolicyVerification/PhpVersion.php
namespace EdisonLabs\PolicyVerification;
use EdisonLabs\PolicyVerification\Check\AbstractPolicyCheckBase;
class PhpVersion extends AbstractPolicyCheckBase
{
public function getName()
{
return 'PHP version';
}
public function getDescription()
{
return 'Checks whether system is running a recent version of PHP';
}
public function getCategory()
{
return 'PHP';
}
public function getSeverity()
{
return parent::POLICY_SEVERITY_HIGH;
}
public function checkRequirements()
{
// Example of requirement verification.
if (!is_array($this->getData())) {
$this->setRequirementError('Invalid data');
}
}
public function check()
{
$phpVersion = phpversion();
if ($phpVersion[0] < 7) {
$this->setAction('Upgrade to PHP 7 or greater');
$this->setResultErrorMessage('The system is running an older version of PHP');
return parent::POLICY_FAIL;
}
$this->setWarning('PHP 7.1 will have security support up to Dec 2019');
$this->setResultPassMessage('The system is running a recent version of PHP');
return parent::POLICY_PASS;
}
}Configure the autoload in composer.json.
"autoload": {
"psr-4": {
"EdisonLabs\\PolicyVerification\\": "src/EdisonLabs/PolicyVerification"
}
}
Re-create the Composer autoloader.
composer dump-autoload
There are two ways to generate the policy check results report: programmatically and/or by command-line.
use EdisonLabs\PolicyVerification\Report;
// Some custom data to pass to the policy checks.
$data = array();
$report = new Report($data);
// Prints the result summary.
print_r($report->getResultSummary());
// Other report methods.
$report->getChecks();
$report->getPassChecks();
$report->getScorePercentage();
$report->setData($data);
$report->getData();
$report->getFailChecks();
$report->getActions();
$report->getPassChecksResultMessages();
$report->getFailChecksResultMessages();
$report->getRequirementErrors();
$report->getResult();
$report->getResultSummary();
$report->getScore();
$report->getTotalChecks();
$report->getWarnings();
$report->setCheck($check);The command is located at vendor/bin/policy-verification. Include the vendor/bin directory in the system $PATH to run this command from anywhere.
Type policy-verification --help to see all the available options.