[TASK] Integrate server response security checks
In order to evaluate potential server misconfigurations and to reduce the potential of security implications in general, a new HTTP response check is integrated to "Environment Status" and the "Security" section in the reports module. It is evaluated whether non-standard file extensions lead to unexpected handling on the server-side, such as `test.php.wrong` being evaluated as PHP or `test.html.wrong` being served with `text/html` content type. Resolves: #91354 Releases: master, 9.5 Change-Id: Ie6584692f39706aad2a25bad27bb201f4c1045e9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64450 Tested-by:Benjamin Franzke <bfr@qbus.de> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org>
Showing
- typo3/sysext/core/Documentation/Changelog/9.5.x/Feature-91354-IntegrateServerResponseSecurityChecks.rst 29 additions, 0 deletions...x/Feature-91354-IntegrateServerResponseSecurityChecks.rst
- typo3/sysext/install/Classes/Controller/EnvironmentController.php 5 additions, 0 deletions...sext/install/Classes/Controller/EnvironmentController.php
- typo3/sysext/install/Classes/Report/SecurityStatusReport.php 3 additions, 1 deletiontypo3/sysext/install/Classes/Report/SecurityStatusReport.php
- typo3/sysext/install/Classes/SystemEnvironment/ServerResponse/FileDeclaration.php 214 additions, 0 deletions...sses/SystemEnvironment/ServerResponse/FileDeclaration.php
- typo3/sysext/install/Classes/SystemEnvironment/ServerResponse/ServerResponseCheck.php 313 additions, 0 deletions.../SystemEnvironment/ServerResponse/ServerResponseCheck.php
Please register or sign in to comment