- Модуль: security
- Путь к файлу: ~/bitrix/modules/security/classes/general/tests/environment.php
- Класс: CSecurityEnvironmentTest
- Вызов: CSecurityEnvironmentTest::checkUploadScriptExecution
protected function checkUploadScriptExecution()
{
$baseMessageKey = "SECURITY_SITE_CHECKER_UPLOAD_EXECUTABLE";
$isHtaccessOverrided = false;
// ToDo: fix and enable later
// if(self::isHtaccessOverrided())
// {
// $isHtaccessOverrided = true;
// $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_UPLOAD_HTACCESS", CSecurityCriticalLevel::LOW);
// }
$isPhpExecutable = false;
$uniqueString = randString(20);
if(self::isScriptExecutable("test.php", "", $uniqueString))
{
$isPhpExecutable = true;
$this->addUnformattedDetailError($baseMessageKey."_PHP", CSecurityCriticalLevel::LOW);
}
$isPhpDoubleExtensionExecutable = false;
if(!$isPhpExecutable && self::isScriptExecutable("test.php.any", "", $uniqueString))
{
$isPhpDoubleExtensionExecutable = true;
$this->addUnformattedDetailError($baseMessageKey."_PHP_DOUBLE", CSecurityCriticalLevel::LOW);
}
$isPythonCgiExecutable = false;
if(self::isScriptExecutable("test.py", "print 'Content-type:text/html\r\n\r\n{$uniqueString}'", $uniqueString))
{
$isPythonCgiExecutable = true;
$this->addUnformattedDetailError($baseMessageKey."_PY", CSecurityCriticalLevel::LOW);
}
if ($isPhpExecutable || $isPhpDoubleExtensionExecutable || $isHtaccessOverrided || $isPythonCgiExecutable)
return self::STATUS_FAILED;
else
return self::STATUS_PASSED;
}