Drupal Approved Modules
Posted February 25th, 2009 by jukeane
The School of Arts and Sciences Information Security and Unix Systems regularly audits Drupal modules to ensure security and stability. Before modules can be installed on our production environments they must be reviewed by information security staff. While this review is not a surefire guarantee of security, it does insure a certain degree of safety in the module code. Modules are examined for compliance with the Drupal secure coding guidelines as well as for common web application vulnerabilities (Cross Site Scripting, SQL injection, authentication bypass, remote code execution, file inclusion, information disclosure, etc.). Note that some modules are approved for use only with certain patches applied that address known vulnerabilities.
The following are a list of modules which have been audited by the ISUS group:
Drupal 6
- Administration Menu 6.x-1.5
- Advanced Help 6.x-1.2
- Autocomplete Widgets 6.x-1.1
- Automatic NodeTitle 6.x-1.1
- Autosave 6.x-1.1
- Bibliography 6.x-1.7
- Calendar 6.x-2.2
- CCK 6.x-2.3 (Content Construction Kit)
- Content Access 6.x-1.2
- Date 6.x-2.4
- DHTML Menu 6.x-3.5
- Email Field 6.x-1.2
- Embedded Media Field 6.x-1.2
- FileField 6.x-3.0
- Footnotes 6.x-2.1
- Google Analytics 6.x-2.2
- ImageAPI 6.x-1.6
- ImageCache 6.x-2.0-Beta10
- ImageField 6.x-3.0
- IMCE 6.x-1.2
- IMCE Wysiwyg Bridge 6.x-1.0
- Invisimail 6.x-1.2
- JQuery Plugin 6.x-1.10
- JQuery UI 6.x-1.3
- Link 6.x-2.6
- Lowername 6.x-1.1
- Menu Trails 6.x-1.0
- Meta Tags 6.x-1.0
- Modal Frame API 6.x-1.3
- Mollom 6.x-1.9
- Nice Menu 6.x-1.3
- Nodequeue 6.x-2.3
- Node Relationships 6.x-1.1
- Path Auto 6.x-1.1
- Pingback 6.x-1.0
- Print, e-mail and PDF versions 6.x-1.10
- Popups API 6.x-1.3
- Popups: Add and Reference 6.x-1.0
- Protected Node 6.x-1.2
- Rotor 6.x-1.5
- Scheduler 6.x-1.3 (allows nodes to be published and unpublished at specific times via cron)
- Secure Pages 6.x-1.8
- Service Links 6.x-1.0 with patch
- Site Map 6.x-1.2
- Tagadelic 6.x-1.2
- Taxonomy Autotag 6.x-1.25
- Token 6.x-1.11
- Transliteration 6.x-2.1
- Upload Element6.x-1.2
- Views 6.x-2.6
- Webform 6.x-2.8
- Webform Block 6.x-1.1
- workflow 6.x-1.3
- Wysiwyg 6.x-2.0
Drupal 5
- acl 5.x-1.6 (access control lists, no UI, just support for other modules)
- Administration Menu 5.x-2.8
- advertisement 5.x-1.7
- biblio 5.x-1.17
- Calendar 5.x-2.2
- Captcha 5.x-3.1
- CCK 5.x-1.10 (Content Construction Kit)
- CCK Field Permissions 5.x-1.10 with patch (allows for customizable field level permissions)
- Content Access 5.x-1.5 with patch(Content Access for specific role based content)
- Custom Breadcrumbs 5.x-1.2
- Custom Pagers 5.x-1.9
- date 5.x-2.8
- Download Count 5.x-1.0
- Embedded Media Field 5.x-1.3
- event 5.x-1.0
- field indexer 5.x-1.0
- Forward 5.x-1.18
- Google Analytics 5.x-1.6 (allows you to utilize Google Analytics tracking)
- image 5.x-1.9
- Image API 5.x-1.2
- Invisimail 5.x-1.0
- JQuery Update 5.x-2.0
- Link to Us 5.x-1.1
- Menu Trim 5.x-1.0
- Meta Tags 5.x-1.13 (NodeWords)
- Modr8 5.x-2.4 (allows for content moderation queues)
- News Page 5.x-1.2
- Nice Menus 5.x-1.2
- Node Queue 5.x-2.2
- Paging 5.x-1.2
- Panels 5.x-1.2
- PathAuto 5.x-2.3
- Print, e-mail and PDF versions 5.x-4.9 (Printer friendly view)
- Protected Node 5.x-1.4
- SecurePages 5.x-1.7
- Service Links 5.x-1.1
- Signup 5.x-2.7
- tac_lite 5.x-1.2 (Taxonomy based access control)
- Tagadelic 5.x-1.0 (Module for adding tag clouds)
- Taxonomy Theme 5.x-1.2
- Thickbox 5.x-2.0 (CSS image pop up display)
- TinyMCE 5.x-1.9 (JavaScript WYSIWYG editor)
- Token 5.x-1.11, Token 5.x-1.13 (Developer API module needed for other modules)
- video 5.x-1.x-dev
- views 5.x-1.6 (Used to apply filters to content)
- Views Tagadelic 5.x-1.0 (an extension of Views module to add a block with Tagadelic tags)
- View of Views 5.x-1.0 (allows for filtered views)
- webform 5.x-2.8 (Used to create forms and capture/export form information)
- workflow 5.x-2.4 (Enforce publishing reviews)
- XML Sitemap 5.x-1.7