-
Notifications
You must be signed in to change notification settings - Fork 0
/
security_pack.install
executable file
·79 lines (67 loc) · 2.5 KB
/
security_pack.install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<?php
/**
* @file
* Install, update and uninstall functions for the Security Pack module.
*/
/**
* Implements hook_install().
*/
function security_pack_install() {
if (Drupal::isConfigSyncing()) {
return;
}
// Import configuration for other modules separately
// to avoid PreExistingConfigExceptions.
\Drupal::service('security_pack.config_importer')->importDefaultConfig();
}
/**
* Implements hook_requirements().
*/
function security_pack_requirements($phase) {
if ($phase == 'runtime') {
$csp_enforced = (Drupal::config('seckit.settings')->get('seckit_xss.csp.report-only') === TRUE);
$password_policy_present = (Drupal::config('password_policy.password_policy.security_pack_default')->get('id') === 'security_pack_default');
// Check that CSP enforcement is enabled.
if ($csp_enforced) {
$requirements['security_pack_csp_enforcement'] = [
'title' => t('Content Security Policy Enforcement'),
'value' => t('The Content Security Policy is in report-only mode.'),
'description' => t('It is recommended you review the log for violations, add legitimate entries to Security Kit, then disable the Report Only option.'),
'severity' => REQUIREMENT_WARNING,
];
}
else {
$requirements['security_pack'] = [
'title' => t('Content Security Policy Enforcement'),
'value' => t('The Content Security Policy is in enforcement mode.'),
'description' => t('Content Security Policy is being enforced using provided settings.'),
'severity' => REQUIREMENT_OK,
];
}
// Check that the provided password policy is present.
if (!$password_policy_present) {
$requirements['security_pack_password_policy'] = [
'title' => t('Password Policy Not Found'),
'value' => t('The default Password Policy provided by Security Pack appears to be missing.'),
'description' => t('If it was not removed intentionally, try resetting Security Pack.'),
'severity' => REQUIREMENT_WARNING,
];
}
return $requirements;
}
}
/**
* Implements hook_uninstall().
*/
function security_pack_uninstall() {
// Try to clean up after ourselves as best we can.
$config_factory = Drupal::configFactory();
$config = $config_factory->getEditable('password_policy.password_policy.security_pack_default');
$config->delete();
}
/**
* Re-install config due to a rewrite of handlers.
*/
function security_pack_update_8001() {
\Drupal::service('security_pack.config_importer')->importDefaultConfig();
}