remove URLCheck as a similar check is now part of Matomo core

2024-09-18 14:53:45 +02:00 · 2021-12-14 20:09:37 +01:00 · 2021-12-14 20:09:37 +01:00 · c84cbae6c5
commit c84cbae6c5
parent 3fea6e4905
3 changed files with 0 additions and 158 deletions
--- a/Diagnostic/URLCheck.php
+++ b/Diagnostic/URLCheck.php
@ -1,151 +0,0 @@
-<?php
-/**
- * Matomo - free/libre analytics platform
- *
- * @link https://matomo.org
- * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
- */
-
-namespace Piwik\Plugins\DiagnosticsExtended\Diagnostic;
-
-use Piwik\Http;
-use Piwik\Piwik;
-use Piwik\Plugins\Diagnostics\Diagnostic\Diagnostic;
-use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResult;
-use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResultItem;
-use Piwik\SettingsPiwik;
-use Psr\Log\LoggerInterface;
-
-class URLCheck implements Diagnostic
-{
-    /**
-     * @var LoggerInterface
-     */
-    private $logger;
-
-    const SOCKET_TIMEOUT = 2;
-    /**
-     * @var string
-     */
-    private $matomoURL;
-    /**
-     * @var boolean
-     */
-    private $criticalIssue;
-    /**
-     * @var string
-     */
-    private $label;
-
-    public function __construct(LoggerInterface $logger)
-    {
-        $this->logger = $logger;
-        $this->matomoURL = SettingsPiwik::getPiwikUrl();
-        $this->criticalIssue = false;
-        $this->label = "🧪 " . Piwik::translate("DiagnosticsExtended_URLCheckLabel");
-
-    }
-
-    public function execute()
-    {
-        if (!SettingsPiwik::isInternetEnabled()) {
-            return [DiagnosticResult::singleResult(
-                $this->label,
-                DiagnosticResult::STATUS_INFORMATIONAL,
-                Piwik::translate("DiagnosticsExtended_URLCheckSkipped")
-            )];
-        }
-        //TODO: don't check if running in development mode
-        $result = new DiagnosticResult($this->label);
-        $result->addItem($this->checkConfigIni());
-        $result->addItem($this->checkRequestNotAllowed(
-            ".git/info/exclude",
-            "Lines that start"
-        ));
-        $result->addItem($this->checkRequestNotAllowed(
-            "tmp/cache/token.php",
-            "?php exit"
-        ));
-        $result->addItem($this->checkRequestNotAllowed(
-            "cache/tracker/matomocache_general.php",
-            "unserialize"
-        ));
-        $result->addItem($this->checkRequestNotAllowed(
-            "lang/en.json",
-            "12HourClock",
-            false
-        ));
-
-        if ($this->criticalIssue) {
-            $result->setLongErrorMessage(Piwik::translate("DiagnosticsExtended_URLCheckLongErrorMessage", ["<a href='https://github.com/matomo-org/matomo-nginx/' target='_blank' rel='noopener'>", "</a>"])
-            );
-        }
-        return array($result);
-    }
-
-    /**
-     * @return DiagnosticResultItem
-     */
-    protected function checkConfigIni()
-    {
-        $relativeUrl = "config/config.ini.php";
-        list($status, $headers, $data) = $this->makeHTTPReququest($relativeUrl);
-        if ($this->contains($data, "salt")) {
-            return $this->isPublicError($relativeUrl, true);
-        }
-        if ($this->contains($data, ";")) {
-            return new DiagnosticResultItem(
-                DiagnosticResult::STATUS_WARNING,
-                Piwik::translate("DiagnosticsExtended_URLCheckConfigIni", ["<code>$relativeUrl</code>"])
-            );
-        }
-        else {
-            return new DiagnosticResultItem(
-                DiagnosticResult::STATUS_OK,
-                Piwik::translate("DiagnosticsExtended_URLCheckOk", ["<code>$relativeUrl</code>"])
-            );
-        }
-    }
-
-    protected function checkRequestNotAllowed($relativeUrl, $content, $critical = true): DiagnosticResultItem
-    {
-        list($status, $headers, $data) = $this->makeHTTPReququest($relativeUrl);
-        if (strpos($data, $content) !== false) {
-            return $this->isPublicError($relativeUrl, $critical);
-        }
-
-        return new DiagnosticResultItem(DiagnosticResult::STATUS_OK, Piwik::translate("DiagnosticsExtended_URLCheckOk", ["<code>$relativeUrl</code>"]));
-    }
-
-    protected function isPublicError($relativeUrl, $critical): DiagnosticResultItem
-    {
-        if ($critical) {
-            $this->criticalIssue = true;
-        }
-        return new DiagnosticResultItem(
-            $critical ? DiagnosticResult::STATUS_ERROR : DiagnosticResult::STATUS_WARNING,
-            Piwik::translate("DiagnosticsExtended_URLCheckError", ["<code>$relativeUrl</code>"])
-        );
-    }
-
-    protected function makeHTTPReququest($relativeUrl)
-    {
-        $response = Http::sendHttpRequest($this->matomoURL . $relativeUrl, self::SOCKET_TIMEOUT, $userAgent = null,
-            $destinationPath = null,
-            $followDepth = 0,
-            $acceptLanguage = false,
-            $byteRange = false,
-            $getExtendedInfo = true);
-        $status = $response["status"];
-        $headers = $response["headers"];
-        $data = $response["data"];
-        return [$status, $headers, $data];
-    }
-
-    protected function contains(string $haystack, string $needle): bool
-    {
-        return strpos($haystack, $needle) !== false;
-    }
-
-
-}
--- a/config/config.php
+++ b/config/config.php
@ -18,7 +18,6 @@ return [
        DI\get('\Piwik\Plugins\DiagnosticsExtended\Diagnostic\CurlVersionCheck'),
        DI\get('\Piwik\Plugins\DiagnosticsExtended\Diagnostic\OpensslVersionCheck'),
        DI\get('\Piwik\Plugins\DiagnosticsExtended\Diagnostic\PhpUserCheck'),
-        DI\get('\Piwik\Plugins\DiagnosticsExtended\Diagnostic\URLCheck'),
        DI\get('\Piwik\Plugins\DiagnosticsExtended\Diagnostic\OpcacheCheck'),
    ]),

--- a/lang/en.json
+++ b/lang/en.json
@ -46,11 +46,5 @@
        "PhpVersionCheckNotEol": "Your PHP version (%1$s) receives security support by the PHP team until %2$s.",
        "PhpVersionCheckNotWorking": "Matomo could not check if your PHP version is up-to-date",
        "PhpVersionCheckOutdated": "There is a newer PHP patch version (%1$s) available (you are using %2$s). You should update to it as soon as possible",
-        "URLCheckConfigIni": "%s seems to be semi-public. While attackers can't read the config now, the file is publicly accessible and if for whatever reason your webserver stops executing PHP files in the future, everyone can read your MySQL credentials and more. Please check your webserver config.",
-        "URLCheckError": "%s should never be public, but seems to be. Please check your webserver config.",
-        "URLCheckLabel": "Files that should not be public",
-        "URLCheckLongErrorMessage": "Please check if your webserver processes the .htaccess files generated by Matomo properly. If you are using Nginx, please take a look at the %1$sofficial matomo-nginx config%2$s for reference for files that should not be public.<br> Otherwise attackers might be able to read sensitive data.",
-        "URLCheckOk": "%s doesn't seem to be publicly reachable",
-        "URLCheckSkipped": "Internet features are disabled, so this check is skipped."
    }
 }