76ac6cec01
CVGZ#78720 Pentest 3.1 'Herinner mij'-functionaliteit svn path=/Website/trunk/; revision=64689
110 lines
4.3 KiB
PHP
110 lines
4.3 KiB
PHP
<% /*
|
|
$Revision$
|
|
$Id$
|
|
|
|
File: model_bestpractices.inc
|
|
|
|
Description: bestpractices model.
|
|
Parameters: &failonly=1 laat alleen 'problemen' over
|
|
Context: Levert data op of de inrichting wel volgens best-practices is
|
|
|
|
Notes: Implementatie als api2-model om eenvoudiger XD queries te kunnen doen
|
|
*/
|
|
|
|
// 'best' alleen toevoegen als het afwijkt van de default waarde
|
|
// Voeg dan eventueel een remark toe als toelichting
|
|
var check_set = [{ name: "auto_https" },
|
|
{ name: "fac_html_strictness",
|
|
best: "1",
|
|
remark: "1=disallow html in messages, res-room description, flex-labels"
|
|
},
|
|
{ name: "allow_framed_facilitor" },
|
|
{ name: "fac_api_allow_impersonate" },
|
|
{ name: "fac_allow_jsonp" },
|
|
{ name: "prs_password_otp_mode",
|
|
best: 6,
|
|
remark: "6=Force everyone to use OTP"
|
|
},
|
|
{ name: "login_remember_days",
|
|
best: 0,
|
|
remark: "0=Disable 'remember me'"
|
|
},
|
|
{ name: "csp_header" },
|
|
{ name: "csp_header_extradata" },
|
|
{ name: "fac_api_allow_impersonate" },
|
|
{ name: "fac_api_key_in_url" },
|
|
{ name: "flexAllowedExt" },
|
|
{ name: "imgAllowedExt" },
|
|
{ name: "impAllowedExt" }, // (unused?)
|
|
{ name: "referrer_policy_header" },
|
|
{ name: "allowedLinkRegex" },
|
|
{ name: "fac_emailtoken_auth_expire" },
|
|
{ name: "fac_tamper_check" },
|
|
{ name: "hsts_maxage" },
|
|
{ name: "cookie_samesite" },
|
|
{ name: "self_register" } // (wil je niet 'per ongeluk' aan laten staan)
|
|
];
|
|
|
|
resultcodes = { ok: "No problem",
|
|
fatal: "No further checks possible, fix and recheck",
|
|
error: "Error, fix and recheck",
|
|
warning: "Warning: Could be more secure",
|
|
inform: "Information only"
|
|
}
|
|
|
|
function model_bestpractices()
|
|
{
|
|
this.autfunction = "WEB_FACTAB";
|
|
this.table = "bestpractices";
|
|
this.primary = "id";
|
|
this.records_name = "bestpractices";
|
|
this.record_name = "bestpractice";
|
|
this.fields = { "settingname" : { typ: "varchar" },
|
|
"defaultvalue" : { typ: "varchar" },
|
|
"best" : { typ: "varchar" },
|
|
"remark" : { typ: "varchar" },
|
|
"value" : { typ: "varchar" },
|
|
"result" : { typ: "varchar" }
|
|
};
|
|
|
|
this.REST_GET = function _GET(params)
|
|
{
|
|
var best_data = [];
|
|
for (var s in check_set)
|
|
{
|
|
var set = check_set[s];
|
|
var one_data = { "settingname" : set.name,
|
|
"defaultvalue": null,
|
|
"value" : settings.get_setting(set.name, null, true), // overrules verwarren alleen maar, geen S(set.name)
|
|
"best" : null,
|
|
"remark" : null,
|
|
"result" : null
|
|
}
|
|
var t = Application("SET_T_" + set.name);
|
|
var v = String(Application("SET_DEFAULT_" + set.name));
|
|
if (t == 'boolean')
|
|
v = (v == "true") || (v == "1") || (v.toLowerCase() == "yes");
|
|
one_data.defaultvalue = v;
|
|
if ("best" in set)
|
|
one_data.best = set.best;
|
|
else
|
|
one_data.best = one_data.defaultvalue;
|
|
|
|
if (one_data.value == one_data.best)
|
|
{
|
|
if (params.filter.failonly == '1')
|
|
continue;
|
|
}
|
|
else
|
|
{
|
|
one_data.result = resultcodes.warning;
|
|
if ("remark" in set)
|
|
one_data.remark = set.remark;
|
|
}
|
|
best_data.push(one_data);
|
|
};
|
|
|
|
return best_data;
|
|
}
|
|
}
|
|
%> |