[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  final class PhabricatorSetupCheckSecurity extends PhabricatorSetupCheck {
   4  
   5    protected function executeChecks() {
   6  
   7      // This checks for a version of bash with the "Shellshock" vulnerability.
   8      // For details, see T6185.
   9  
  10      $payload = array(
  11        'SHELLSHOCK_PAYLOAD' => '() { :;} ; echo VULNERABLE',
  12      );
  13  
  14      list($err, $stdout) = id(new ExecFuture('echo shellshock-test'))
  15        ->setEnv($payload, $wipe_process_env = true)
  16        ->resolve();
  17  
  18      if (!$err && preg_match('/VULNERABLE/', $stdout)) {
  19        $summary = pht(
  20          'This system has an unpatched version of Bash with a severe, widely '.
  21          'disclosed vulnerability.');
  22  
  23        $message = pht(
  24          'The version of %s on this system is out of date and contains a '.
  25          'major, widely disclosed vulnerability (the "Shellshock" '.
  26          'vulnerability).'.
  27          "\n\n".
  28          'Upgrade %s to a patched version.'.
  29          "\n\n".
  30          'To learn more about how this issue affects Phabricator, see %s.',
  31          phutil_tag('tt', array(), 'bash'),
  32          phutil_tag('tt', array(), 'bash'),
  33          phutil_tag(
  34            'a',
  35            array(
  36              'href' => 'https://secure.phabricator.com/T6185',
  37              'target' => '_blank',
  38            ),
  39            pht('T6185 "Shellshock" Bash Vulnerability')));
  40  
  41        $this
  42          ->newIssue('security.shellshock')
  43          ->setName(pht('Severe Security Vulnerability: Unpatched Bash'))
  44          ->setSummary($summary)
  45          ->setMessage($message);
  46      }
  47  
  48    }
  49  }