function SitesDirectoryHardeningTest::testSitesDirectoryHardeningConfig

Same name in other branches
  1. 9 core/modules/system/tests/src/Functional/System/SitesDirectoryHardeningTest.php \Drupal\Tests\system\Functional\System\SitesDirectoryHardeningTest::testSitesDirectoryHardeningConfig()
  2. 8.9.x core/modules/system/tests/src/Functional/System/SitesDirectoryHardeningTest.php \Drupal\Tests\system\Functional\System\SitesDirectoryHardeningTest::testSitesDirectoryHardeningConfig()
  3. 11.x core/modules/system/tests/src/Functional/System/SitesDirectoryHardeningTest.php \Drupal\Tests\system\Functional\System\SitesDirectoryHardeningTest::testSitesDirectoryHardeningConfig()

Tests writable files remain writable when directory hardening is disabled.

File

core/modules/system/tests/src/Functional/System/SitesDirectoryHardeningTest.php, line 48

Class

SitesDirectoryHardeningTest
Tests Drupal permissions hardening of /sites subdirectories.

Namespace

Drupal\Tests\system\Functional\System

Code

public function testSitesDirectoryHardeningConfig() : void {
    $site_path = $this->kernel
        ->getSitePath();
    $settings_file = $this->settingsFile($site_path);
    // Disable permissions enforcement.
    $settings = Settings::getAll();
    $settings['skip_permissions_hardening'] = TRUE;
    new Settings($settings);
    $this->assertTrue(Settings::get('skip_permissions_hardening'), 'Able to set skip permissions hardening to true.');
    $this->makeWritable($site_path);
    // Manually trigger the requirements check.
    $requirements = $this->checkSystemRequirements();
    $this->assertEquals(REQUIREMENT_WARNING, $requirements['configuration_files']['severity'], 'Warning severity is properly set.');
    $this->assertEquals('Protection disabled', (string) $requirements['configuration_files']['value']);
    $description = strip_tags((string) \Drupal::service('renderer')->renderInIsolation($requirements['configuration_files']['description']));
    $this->assertStringContainsString('settings.php is not protected from modifications and poses a security risk.', $description);
    $this->assertStringContainsString('services.yml is not protected from modifications and poses a security risk.', $description);
    // Verify that site directory and the settings.php remain writable when
    // automatically enforcing file permissions is disabled.
    $this->assertDirectoryIsWritable($site_path);
    $this->assertFileIsWritable($settings_file);
    // Re-enable permissions enforcement.
    $settings = Settings::getAll();
    $settings['skip_permissions_hardening'] = FALSE;
    new Settings($settings);
    // Manually trigger the requirements check.
    $requirements = $this->checkSystemRequirements();
    $this->assertEquals('Protected', (string) $requirements['configuration_files']['value']);
    // Verify that site directory and the settings.php remain protected when
    // automatically enforcing file permissions is enabled.
    $this->assertDirectoryIsNotWritable($site_path);
    $this->assertFileIsNotWritable($settings_file);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.