matomo-mirror/matomo-DiagnosticsExtended
1
0
Fork 0
mirror of https://github.com/Findus23/matomo-DiagnosticsExtended.git synced 2024-09-19 16:03:46 +02:00
Code Releases Activity

add Curl Version, OpenSSL Version and PHP user check

Browse source
This commit is contained in:
Lukas Winkler 2021-03-24 21:32:23 +01:00
parent d6e785684a
commit 4c63d4b722
Signed by: lukas
GPG key ID: 54DE4D798D244853
8 changed files with 256 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
Diagnostic/CurlVersionCheck.php Normal file
View file

@ -0,0 +1,110 @@
<?php
/**
* Matomo - free/libre analytics platform
*
* @link https://matomo.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*/
namespace Piwik\Plugins\DiagnosticsExtended\Diagnostic;
use Piwik\Http;
use Piwik\Plugins\Diagnostics\Diagnostic\Diagnostic;
use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResult;
use Psr\Log\LoggerInterface;
class CurlVersionCheck implements Diagnostic
{
/**
* @var LoggerInterface
*/
private $logger;
/**
* @var string
*/
private $label;
const SOCKET_TIMEOUT = 2;
const CACHEID = "DiagnosticsExtended_CurlVulnerabilities";
/**
* @var \Matomo\Cache\Lazy
*/
private $lazyCache;
public function __construct(LoggerInterface $logger, \Matomo\Cache\Lazy $lazyCache)
{
$this->logger = $logger;
$this->label = "curl version check";
$this->lazyCache = $lazyCache;
}
/**
* @return DiagnosticResult[]
*/
public function execute()
{
if (!extension_loaded('curl')) {
return [DiagnosticResult::singleResult(
$this->label,
DiagnosticResult::STATUS_INFORMATIONAL,
"Your PHP setup doesn't use curl, so there is nothing to check"
)];
}
$version = curl_version()["version"];
$url = "https://curl.se/docs/vuln.pm";
$timeout = self::SOCKET_TIMEOUT;
try {
$response = $this->lazyCache->fetch(self::CACHEID);
if (!$response) {
$response = Http::sendHttpRequest($url, $timeout);
$this->lazyCache->save(self::CACHEID, $response, 60 * 60 * 24 * 7);
}
$vulns = [];
foreach (explode("\n", $response) as $line) {
$line = trim($line);
if (strpos($line, "#") === 0 || strpos($line, "@") === 0 || strpos($line, ")") === 0) {
continue;
}
$line = str_replace('"', "", $line);
$cols = explode("|", $line);
$startVersion = $cols[1];
$endVersion = $cols[2];
$URL = htmlspecialchars($cols[0], ENT_QUOTES, 'UTF-8');
$CVE = htmlspecialchars($cols[4], ENT_QUOTES, 'UTF-8');
if (
version_compare($version, $startVersion, ">=") &&
version_compare($version, $endVersion, "<=")
) {
$vulns[] = "<a target='_blank' rel='noopener' href='https://curl.se/docs/$URL'>$CVE</a>";
}
}
if (count($vulns) > 0) {
return [DiagnosticResult::singleResult(
$this->label,
DiagnosticResult::STATUS_ERROR,
"Your curl version might be vulnerable against this vulnerabilities
(unless the distributor of your curl binary is backporting security patches): "
. join(", ", $vulns)
)];
} else {
return [DiagnosticResult::singleResult(
$this->label,
DiagnosticResult::STATUS_OK,
"It seems like there are no known vulnerabilities in your curl version"
)];
}
} catch (\Exception $e) {
return [DiagnosticResult::singleResult(
$this->label,
DiagnosticResult::STATUS_INFORMATIONAL,
"Matomo could not check if your curl version has vulnerabilities"
)];
}
}
}

4
Diagnostic/DatabaseVersionCheck.php
View file

@ -8,15 +8,13 @@
namespace Piwik\Plugins\DiagnosticsExtended\Diagnostic;
use Piwik\Date;
use Piwik\Db;
use Piwik\Http;
use Piwik\Date;
use Piwik\Plugins\Diagnostics\Diagnostic\Diagnostic;
use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResult;
use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResultItem;
use Piwik\Plugins\DiagnosticsExtended\Diagnostic\IniSettings\IniSetting;
use Psr\Log\LoggerInterface;
use function DI\factory;
class DatabaseVersionCheck implements Diagnostic
{

8
Diagnostic/ExampleCheck.php
View file

@ -27,9 +27,11 @@ class ExampleCheck implements Diagnostic
public function execute()
{
$result=new DiagnosticResult("label");
$result->addItem(new DiagnosticResultItem(DiagnosticResult::STATUS_ERROR,"a"));
$result->addItem(new DiagnosticResultItem(DiagnosticResult::STATUS_OK,"b"));
$result = new DiagnosticResult("label");
$result->addItem(new DiagnosticResultItem(DiagnosticResult::STATUS_ERROR, "error"));
$result->addItem(new DiagnosticResultItem(DiagnosticResult::STATUS_WARNING, "warning"));
$result->addItem(new DiagnosticResultItem(DiagnosticResult::STATUS_OK, "okay"));
$result->addItem(new DiagnosticResultItem(DiagnosticResult::STATUS_INFORMATIONAL, "info"));
return array($result);
}

4
Diagnostic/GzipMatomoJsCheck.php
View file

@ -8,17 +8,13 @@
namespace Piwik\Plugins\DiagnosticsExtended\Diagnostic;
use Piwik\Db;
use Piwik\Http;
use Piwik\Date;
use Piwik\Plugins\Diagnostics\Diagnostic\Diagnostic;
use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResult;
use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResultItem;
use Piwik\Plugins\DiagnosticsExtended\Diagnostic\IniSettings\IniSetting;
use Piwik\SettingsPiwik;
use Piwik\Tracker\TrackerCodeGenerator;
use Psr\Log\LoggerInterface;
use function DI\factory;
class GzipMatomoJsCheck implements Diagnostic
{

88
Diagnostic/OpensslVersionCheck.php Normal file
View file

@ -0,0 +1,88 @@
<?php
/**
* Matomo - free/libre analytics platform
*
* @link https://matomo.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*/
namespace Piwik\Plugins\DiagnosticsExtended\Diagnostic;
use Piwik\Plugins\Diagnostics\Diagnostic\Diagnostic;
use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResult;
use Psr\Log\LoggerInterface;
class OpensslVersionCheck implements Diagnostic
{
/**
* @var LoggerInterface
*/
private $logger;
/**
* @var string
*/
private $label;
/**
* Use a rather old version as many security fixes are backported
*/
const MINIMUM_VERSION = "1.0.2";
const MINIMUM_VERSION_LETTER = "b";
public function __construct(LoggerInterface $logger)
{
$this->logger = $logger;
$this->label = "OpenSSL version check";
}
/**
* @return DiagnosticResult
*/
public function noOpenSSL()
{
return DiagnosticResult::singleResult(
$this->label,
DiagnosticResult::STATUS_INFORMATIONAL,
"Your PHP setup doesn't use OpenSSL or curl, so there is nothing to check"
);
}
/**
* @return DiagnosticResult[]
*/
public function execute()
{
if (!extension_loaded("curl") || !extension_loaded('openssl')) {
return [$this->noOpenSSL()];
}
$version = curl_version()["ssl_version"];
if (strpos($version, "OpenSSL/") !== 0) {
return [$this->noOpenSSL()];
}
$versionPart = substr($version, 8, 5);
$letterPart = substr($version, 13, 1);
if (
version_compare($versionPart, self::MINIMUM_VERSION, "<")
|| (
version_compare($versionPart, self::MINIMUM_VERSION, "=")
&& ord($letterPart) < ord(self::MINIMUM_VERSION_LETTER)
)
) {
return [DiagnosticResult::singleResult(
$this->label,
DiagnosticResult::STATUS_WARNING,
"Your OpenSSL version ($version) is pretty old.
Check if there are known vulnerabilities for it and update it if necessary."
)];
} else {
return [DiagnosticResult::singleResult(
$this->label,
DiagnosticResult::STATUS_INFORMATIONAL,
"Your OpenSSL version ($version) is not really old.
Nevertheless, check if there are known vulnerabilities for it and update it if necessary."
)];
}
}
}

48
Diagnostic/PhpUserCheck.php Normal file
View file

@ -0,0 +1,48 @@
<?php
/**
* Matomo - free/libre analytics platform
*
* @link https://matomo.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*/
namespace Piwik\Plugins\DiagnosticsExtended\Diagnostic;
use Piwik\Plugins\Diagnostics\Diagnostic\Diagnostic;
use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResult;
use Piwik\SettingsServer;
use Psr\Log\LoggerInterface;
class PhpUserCheck implements Diagnostic
{
/**
* @var LoggerInterface
*/
private $logger;
public function __construct(LoggerInterface $logger)
{
$this->logger = $logger;
}
/**
* @return DiagnosticResult[]
*/
public function execute()
{
if (SettingsServer::isWindows()) {
return [];
}
if (posix_getuid() === 0) {
return [DiagnosticResult::singleResult(
"php running as root",
DiagnosticResult::STATUS_WARNING,
"PHP seems to be running as root. Unless you are using Matomo inside a docker container
you should check your setup."
)];
}
return [];
}
}

4
Diagnostic/PhpVersionCheck.php
View file

@ -8,14 +8,12 @@
namespace Piwik\Plugins\DiagnosticsExtended\Diagnostic;
use Piwik\Http;
use Piwik\Date;
use Piwik\Http;
use Piwik\Plugins\Diagnostics\Diagnostic\Diagnostic;
use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResult;
use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResultItem;
use Piwik\Plugins\DiagnosticsExtended\Diagnostic\IniSettings\IniSetting;
use Psr\Log\LoggerInterface;
use function DI\factory;
class PhpVersionCheck implements Diagnostic
{

3
config/config.php
View file

@ -15,6 +15,9 @@ return [
DI\get('\Piwik\Plugins\DiagnosticsExtended\Diagnostic\PhpVersionCheck'),
DI\get('\Piwik\Plugins\DiagnosticsExtended\Diagnostic\DatabaseVersionCheck'),
DI\get('\Piwik\Plugins\DiagnosticsExtended\Diagnostic\GzipMatomoJsCheck'),
DI\get('\Piwik\Plugins\DiagnosticsExtended\Diagnostic\CurlVersionCheck'),
DI\get('\Piwik\Plugins\DiagnosticsExtended\Diagnostic\OpensslVersionCheck'),
DI\get('\Piwik\Plugins\DiagnosticsExtended\Diagnostic\PhpUserCheck'),
]),
];