Scott Pinkelman bio photo

Scott Pinkelman

web development, data visualization, digital literacy

Twitter LinkedIn Github Email / PGP Key

Checking for Vulnerable Drupal Modules with drush and egrep

This week the Drupal Security Team announced that several contributed modules had extremely critical vulnerabilites. On Wednesday, July 13, the security updates for these modules were released. The modules were:

  • Coder
  • Webform Multiple File Upload

While it’s easy enough to look for three modules, I wanted to automate the process across the sites I had to check. Since I already had Drush installed, I took the opportunity to use drush along some basic Linux commands and came up with this:

drush pm-list | egrep '(\(coder\)|\(webform_multifile\)|\(restws\))'

drush pm-list will list out all of the modules installed on your site. The piple | passes this output to the next command. egrep is grep with regular expression, and the rest of the command is a regular expresion that looks for the module shortname (‘coder’, ‘restws’) wrapped in a parentheses, which is how drush pm-list outputs. This allowed me to get better results that my first command:

drush pm-list | egrep '(coder|webform_multifile|restws)'

which returned a false positive for Geocoder Module.