## Security Review API * hook_security_checks() and check returns * Check help * Standalone use of the checklist * Drush ### hook_security_checks() Checks returned from an implementation of hook_security_checks() look like the following. array( $namespace => array( $check_name => array( 'title' => 'Simple title of this check', 'callback' => 'function to invoke for check, see section on check returns', 'success' => 'One-line description of a successful check', 'failure' => 'One-line description of a failed check listing what the risk is', ) ) ) The top level index is often the module name. Each check name (not title) should attempt to be unique. ### Check return values A check can return a boolean or NULL. A return value of TRUE means the check passed and the 'success' description will be used. FALSE means failure. A return value of NULL is used in case the check can not run for any reason, an example being if a dependency is nesecessary to run the check and that depenency is not met. ### Check help Implement $callback . '_help' to provide help for a check. Help functions should return an array like so: array( 'title' => '', 'descriptions' => array('Check descriptions', 'Link off to something'), 'findings' => array( 'descriptions' => array('Descriptions of findings'), 'items' => array('Specific findings'), ) ) Consult security_review.help.inc for details. ## Standalone use of the checklist The Security Review module need not be installed to use the checklist, though no logging, UI, or check result storage will be available. To run the checklist include the following code in your own module. include_once('security_review.inc'); $checklist = security_review_get_checklist(); $checklist_results = security_review_run($checklist); Note that the some checks may take long to complete, so it is advised that you plan accordingly or unset those checks. ## Drush Run the checklist via Drush with the following command drush security-review Consult the Drush help on the security-review command for more information. You can also run the drush command without installing the module so long as the the security_review.drush.inc and security_review.inc files can be found by drush. For instance you could place these files in your ~/.drush/ directory.