mirror of
https://github.com/Findus23/matomo-DiagnosticsExtended.git
synced 2024-09-19 16:03:46 +02:00
88 lines
2.5 KiB
PHP
88 lines
2.5 KiB
PHP
<?php
|
|
/**
|
|
* Matomo - free/libre analytics platform
|
|
*
|
|
* @link https://matomo.org
|
|
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
|
|
*/
|
|
|
|
namespace Piwik\Plugins\DiagnosticsExtended\Diagnostic;
|
|
|
|
use Piwik\Plugins\Diagnostics\Diagnostic\Diagnostic;
|
|
use Piwik\Plugins\Diagnostics\Diagnostic\DiagnosticResult;
|
|
use Psr\Log\LoggerInterface;
|
|
|
|
class OpensslVersionCheck implements Diagnostic
|
|
{
|
|
/**
|
|
* @var LoggerInterface
|
|
*/
|
|
private $logger;
|
|
/**
|
|
* @var string
|
|
*/
|
|
private $label;
|
|
|
|
/**
|
|
* Use a rather old version as many security fixes are backported
|
|
*/
|
|
const MINIMUM_VERSION = "1.0.2";
|
|
const MINIMUM_VERSION_LETTER = "b";
|
|
|
|
|
|
public function __construct(LoggerInterface $logger)
|
|
{
|
|
$this->logger = $logger;
|
|
$this->label = "OpenSSL version check";
|
|
}
|
|
|
|
/**
|
|
* @return DiagnosticResult
|
|
*/
|
|
public function noOpenSSL()
|
|
{
|
|
return DiagnosticResult::singleResult(
|
|
$this->label,
|
|
DiagnosticResult::STATUS_INFORMATIONAL,
|
|
"Your PHP setup doesn't use OpenSSL or curl, so there is nothing to check"
|
|
);
|
|
}
|
|
|
|
|
|
/**
|
|
* @return DiagnosticResult[]
|
|
*/
|
|
public function execute()
|
|
{
|
|
if (!extension_loaded("curl") || !extension_loaded('openssl')) {
|
|
return [$this->noOpenSSL()];
|
|
}
|
|
$version = curl_version()["ssl_version"];
|
|
if (strpos($version, "OpenSSL/") !== 0) {
|
|
return [$this->noOpenSSL()];
|
|
}
|
|
$versionPart = substr($version, 8, 5);
|
|
$letterPart = substr($version, 13, 1);
|
|
if (
|
|
version_compare($versionPart, self::MINIMUM_VERSION, "<")
|
|
|| (
|
|
version_compare($versionPart, self::MINIMUM_VERSION, "=")
|
|
&& ord($letterPart) < ord(self::MINIMUM_VERSION_LETTER)
|
|
)
|
|
) {
|
|
return [DiagnosticResult::singleResult(
|
|
$this->label,
|
|
DiagnosticResult::STATUS_WARNING,
|
|
"Your OpenSSL version ($version) is pretty old.
|
|
Check if there are known vulnerabilities for it and update it if necessary."
|
|
)];
|
|
} else {
|
|
return [DiagnosticResult::singleResult(
|
|
$this->label,
|
|
DiagnosticResult::STATUS_INFORMATIONAL,
|
|
"Your OpenSSL version ($version) is not really old.
|
|
Nevertheless, check if there are known vulnerabilities for it and update it if necessary."
|
|
)];
|
|
}
|
|
}
|
|
}
|