From 43cca4b1918309c2121664056549e17f9152dfce Mon Sep 17 00:00:00 2001
From: Julian Prieber <60265788+JulianPrieber@users.noreply.github.com>
Date: Wed, 20 Apr 2022 18:18:41 +0200
Subject: [PATCH] Added security check sidebar
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added a security check on the sidebar.blade.php that tests if critical config components are accessible externally by anyone.

This is a fairly crude method and not at all optimized. I might change this in future revisions. At least this feature is disabled for normal users, so it won't affect load for non admins. This is the same code from the new diagnostic tool added in the previous commit. I had to change the names of each variable, otherwise the diagnostic tool could not use the same variables. The smart thing to do here would probably be to simply use the variables only in the sidebar, since they are loaded anyway since the sidebar layout is included on the diagnostic tool, effectively loading the variables twice. I might change this later, but for now I will leave it as.

Read more about the diagnostic tool on the blog here: https://blog.littlelink-custom.com/new-security-check-tool/
---
 resources/views/layouts/sidebar.blade.php | 40 ++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/resources/views/layouts/sidebar.blade.php b/resources/views/layouts/sidebar.blade.php
index 4c83ce7..8aef52a 100755
--- a/resources/views/layouts/sidebar.blade.php
+++ b/resources/views/layouts/sidebar.blade.php
@@ -46,6 +46,40 @@
 					@endif
   <!-- end dark mode detection -->
 
+<?php //security check, checks if config files got compromised
+if(auth()->user()->role == 'admin'){
+
+$serversb = $_SERVER['SERVER_NAME'];
+$urisb = $_SERVER['REQUEST_URI'];
+
+// Tests if a URL has a valid SSL certificate
+function has_sslsb( $domain ) {
+	$ssl_check = @fsockopen( 'ssl://' . $domain, 443, $errno, $errstr, 30 );
+	$res = !! $ssl_check;
+	if ( $ssl_check ) { fclose( $ssl_check ); }
+	return $res;
+  }
+  
+  // Changes probed URL to HTTP if no valid SSL certificate is present, otherwise an error would be thrown
+  if (has_sslsb($serversb)) {
+	$actual_linksb = "https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
+  } else {
+	$actual_linksb = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
+  }
+
+// Files or directories to test if accessible externally
+$url1sb = Http::get($actual_linksb . '/../../.env');
+$url2sb = Http::get($actual_linksb . '/../../database/database.sqlite');
+
+// sets compromised to true if config files got compromised
+if ($url1sb->successful() or $url2sb->successful()) {
+	$compromised = "true";
+} else {
+	$compromised = "false";
+}
+}
+ // end security check ?>
+
     @if(file_exists(base_path("littlelink/images/avatar.png" )))
     <link rel="icon" type="image/png" href="{{ asset('littlelink/images/avatar.png') }}">
     @else
@@ -207,7 +241,11 @@
 	@endif
             <! –– #### end update detection #### ––>
 
-                    <a class="nav-link" href="{{ url('') }}/@<?= Auth::user()->littlelink_name ?>" target="_blank">Watch Page</a>
+					@if(auth()->user()->role == 'admin' and $compromised === "true")
+					<a style="color:tomato;" class="nav-link" href="{{ url('panel/diagnose') }}" title="Your security is at risk. Some files can be accessed by everyone. Immediate action is required! Click this message to learn more.">Your security is at risk!</a>
+					@endif
+
+                    <a class="nav-link" href="{{ url('') }}/@<?= Auth::user()->littlelink_name ?>" target="_blank">View Page</a>
                   </div>
                 </li>
               </ul>