Skip to content

Add diagnostic that checks if server directories that should be private are accessible #17490

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Apr 26, 2021
Merged

Add diagnostic that checks if server directories that should be private are accessible #17490

merged 6 commits into from
Apr 26, 2021

Conversation

diosmosis
Copy link
Member

### Description:

Adds a new diagnostic that checks that the tmp/ directory is not accessible, and checks that, if present, the .git/ directory is not accessible.

Review

  • Functional review done
  • Potential edge cases thought about (behavior of the code with strange input, with strange internal state or possible interactions with other Matomo subsystems)
  • Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
  • Security review done see checklist
  • Code review done
  • Tests were added if useful/possible
  • Reviewed for breaking changes
  • Developer changelog updated if needed
  • Documentation added if needed
  • Existing documentation updated if needed

@diosmosis diosmosis added the Needs Review PRs that need a code review label Apr 23, 2021
@diosmosis diosmosis added this to the 4.3.0 milestone Apr 23, 2021
sgiehl
sgiehl requested changes Apr 23, 2021
View reviewed changes
@Findus23
Copy link
Collaborator

For reference: I also created a similar check in my plugin that also checks for lang/en.json (less severe, but indicates that the htaccess doesn't work), cache/tracker/matomocache_general.php and config/config.ini.php (also showing a warning if it only outputs ;)

https://github.com/Findus23/matomo-DiagnosticsExtended/blob/main/Diagnostic/URLCheck.php

@diosmosis
Copy link
Member Author

@sgiehl updated the PR.

Also added the directories @Findus23 mentioned 👍 .

sgiehl
sgiehl approved these changes Apr 26, 2021
View reviewed changes
Copy link
Member

@sgiehl sgiehl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems to work as expected now, even though the check would be more accurate if the requests would be performed in the browser and not server side.

@diosmosis
Copy link
Member Author

diosmosis commented Apr 26, 2021
edited
Loading

Unfortunately I don't think there's an easy way to implement it so an actual browser separate from the server makes those requests. At least none that I can think of.

@diosmosis diosmosis merged commit 634a9a5 into 4.x-dev Apr 26, 2021
@diosmosis diosmosis deleted the private-dir-diagnostic branch April 26, 2021 17:04
@Findus23 Findus23 mentioned this pull request May 14, 2021
Closed
@devlinrcg devlinrcg mentioned this pull request Jun 3, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgiehl sgiehl sgiehl approved these changes

Assignees
No one assigned
Labels
Needs Review PRs that need a code review
Milestone
4.3.0
Development

Successfully merging this pull request may close these issues.
3 participants
@diosmosis @Findus23 @sgiehl