From 3f623de2681ffd36a65933ae917a980e8983d9df Mon Sep 17 00:00:00 2001
From: tinect <s.koenig@tinect.de>
Date: Wed, 8 Jan 2025 11:13:25 +0100
Subject: [PATCH] feat: add check for active webProfiler and kernelDebug state

---
 .../Checker/HealthChecker/DebugChecker.php    | 70 +++++++++++++++++++
 1 file changed, 70 insertions(+)
 create mode 100644 src/Components/Health/Checker/HealthChecker/DebugChecker.php

diff --git a/src/Components/Health/Checker/HealthChecker/DebugChecker.php b/src/Components/Health/Checker/HealthChecker/DebugChecker.php
new file mode 100644
index 0000000..da56d06
--- /dev/null
+++ b/src/Components/Health/Checker/HealthChecker/DebugChecker.php
@@ -0,0 +1,70 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Frosh\Tools\Components\Health\Checker\HealthChecker;
+
+use Frosh\Tools\Components\Health\Checker\CheckerInterface;
+use Frosh\Tools\Components\Health\HealthCollection;
+use Frosh\Tools\Components\Health\SettingsResult;
+use Symfony\Bundle\WebProfilerBundle\WebProfilerBundle;
+use Symfony\Component\DependencyInjection\Attribute\Autowire;
+
+class DebugChecker implements HealthCheckerInterface, CheckerInterface
+{
+    public function __construct(
+        /** @var array<string, string> $kernelBundles */
+        #[Autowire(param: 'kernel.bundles')]
+        private readonly array $kernelBundles,
+        #[Autowire(param: 'kernel.debug')]
+        private readonly bool $kernelDebug,
+    ) {}
+
+    public function collect(HealthCollection $collection): void
+    {
+        $this->checkWebProfiler($collection);
+        $this->checkKernelDebug($collection);
+    }
+
+    private function checkWebProfiler(HealthCollection $collection): void
+    {
+        if (\in_array(WebProfilerBundle::class, $this->kernelBundles, true)) {
+            $collection->add(SettingsResult::error(
+                'webprofiler',
+                'WebProfilerBundle is active which leaks sensitive information',
+                'active',
+                'not active'
+            ));
+
+            return;
+        }
+
+        $collection->add(SettingsResult::ok(
+            'webprofiler',
+            'WebProfilerBundle is not active',
+            'not active',
+            'not active'
+        ));
+    }
+
+    private function checkKernelDebug(HealthCollection $collection): void
+    {
+        if ($this->kernelDebug) {
+            $collection->add(SettingsResult::error(
+                'kerneldebug',
+                'Kernel debug is active',
+                'active',
+                'not active'
+            ));
+
+            return;
+        }
+
+        $collection->add(SettingsResult::ok(
+            'kerneldebug',
+            'Kernel debug is not active',
+            'not active',
+            'not active'
+        ));
+    }
+}