Skip to content

Commit

Permalink
Merge pull request #75 from getkirby/feature/security
Browse files Browse the repository at this point in the history 
New `security` command
  • Loading branch information
@bastianallgeier
bastianallgeier authored Jun 12, 2024
2 parents e1d1856 + 91e0693 commit 8f7227c
Show file tree
Hide file tree
Showing 3 changed files with 74 additions and 16 deletions.
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ This should print the Kirby CLI version and a list of available commands
- kirby register
- kirby remove:command
- kirby roots
- kirby security
- kirby unzip
- kirby upgrade
- kirby uuid:generate
Expand Down
57 changes: 57 additions & 0 deletions commands/security.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
<?php

declare(strict_types = 1);

use Kirby\CLI\CLI;
use Kirby\Http\Remote;
use Kirby\Http\Url;
use Kirby\Toolkit\I18n;

return [
'description' => 'Performs security checks of the site',
'command' => static function (CLI $cli): void {
$kirby = $cli->kirby();
$system = $kirby->system();
$updateStatus = $system->updateStatus();
$messages = [
...array_column($updateStatus?->messages() ?? [], 'text'),
...$updateStatus->exceptionMessages()
];

if ($kirby->option('debug', false) === true) {
$messages[] = I18n::translate('system.issues.debug');
}

if ($kirby->environment()->https() !== true) {
$messages[] = I18n::translate('system.issues.https');
}

// checks exposable urls of the site
// works only site url is absolute since can't get it in CLI mode
// and CURL won't work for relative urls
if (Url::isAbsolute($kirby->url())) {
$urls = [
'content' => $system->exposedFileUrl('content'),
'git' => $system->exposedFileUrl('git'),
'kirby' => $system->exposedFileUrl('kirby'),
'site' => $system->exposedFileUrl('site')
];

foreach ($urls as $key => $url) {
if (empty($url) === false && Remote::get($url)->code() < 400) {
$messages[] = I18n::translate('system.issues.' . $key);
}
}
} else {
$messages[] = 'Could not check for exposed folders as the site URL is not absolute';
}

if (empty($messages) === false) {
foreach ($messages as $message) {
$cli->error('> ' . $message);
}
} else {
$cli->success('Basic security checks were successful, please review https://getkirby.com/docs/guide/security for additional best practices.');
}
}
];
32 changes: 16 additions & 16 deletions composer.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 8f7227c

Please sign in to comment.