From e49d08f9924e0087cc01de0ef512ffae9e409827 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20G=C3=BCnter?= Date: Thu, 13 Jun 2024 14:50:57 +0200 Subject: [PATCH 1/3] feat: introduce exclude feature (WIP) --- features/checksum-core.feature | 21 +++++++++++++++++++++ src/Checksum_Core_Command.php | 25 +++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/features/checksum-core.feature b/features/checksum-core.feature index de05fb3f..aed252a5 100644 --- a/features/checksum-core.feature +++ b/features/checksum-core.feature @@ -228,3 +228,24 @@ Feature: Validate checksums for WordPress install Success: WordPress installation verifies against checksums. """ And STDERR should be empty + + Scenario: Verify core checksums with excluded files + Given a WP install + And "WordPress" replaced with "Wordpress" in the readme.html file + And a wp-includes/some-filename.php file: + """ + sample content of some file + """ + And a readme.html file: + """ + # You really should read me + """ + + When I try `wp core verify-checksums --exclude='readme.html wp-includes/some-filename.php'` + Then STDERR should be empty + And STDOUT should be: + """ + Success: WordPress installation verifies against checksums. + """ + And the return code should be 0 + diff --git a/src/Checksum_Core_Command.php b/src/Checksum_Core_Command.php index 321b89a4..30b255c0 100644 --- a/src/Checksum_Core_Command.php +++ b/src/Checksum_Core_Command.php @@ -17,6 +17,13 @@ class Checksum_Core_Command extends Checksum_Base_Command { */ private $include_root = false; + /** + * Files to exclude from the verification. + * + * @var array + */ + private $exclude_files = []; + /** * Verifies WordPress files against WordPress.org's checksums. * @@ -44,6 +51,9 @@ class Checksum_Core_Command extends Checksum_Base_Command { * [--insecure] * : Retry downloads without certificate validation if TLS handshake fails. Note: This makes the request vulnerable to a MITM attack. * + * [--exclude=] + * : Exclude specific files from the checksum verification. Provide a space-separated list of file paths. + * * ## EXAMPLES * * # Verify checksums @@ -64,6 +74,10 @@ class Checksum_Core_Command extends Checksum_Base_Command { * Warning: File doesn't verify against checksum: readme.html * Warning: File doesn't verify against checksum: wp-config-sample.php * Error: WordPress installation doesn't verify against checksums. + * + * # Verify checksums + * $ wp core verify-checksums --exclude="readme.html" + * Success: WordPress installation verifies against checksums. * * @when before_wp_load */ @@ -83,6 +97,10 @@ public function __invoke( $args, $assoc_args ) { $this->include_root = true; } + if ( ! empty( $assoc_args['exclude'] ) ) { + $this->exclude_files = explode( ' ', $assoc_args['exclude'] ); + } + if ( empty( $wp_version ) ) { $details = self::get_wp_details(); $wp_version = $details['wp_version']; @@ -112,6 +130,10 @@ public function __invoke( $args, $assoc_args ) { continue; } + if ( in_array( $file, $this->exclude_files, true ) ) { + continue; + } + if ( ! file_exists( ABSPATH . $file ) ) { WP_CLI::warning( "File doesn't exist: {$file}" ); $has_errors = true; @@ -131,6 +153,9 @@ public function __invoke( $args, $assoc_args ) { if ( ! empty( $additional_files ) ) { foreach ( $additional_files as $additional_file ) { + if ( in_array( $additional_file, $this->exclude_files, true ) ) { + continue; + } WP_CLI::warning( "File should not exist: {$additional_file}" ); } } From fc021e03fd0a783e9ab195a82d4ee09458df7641 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20G=C3=BCnter?= Date: Thu, 13 Jun 2024 16:13:45 +0200 Subject: [PATCH 2/3] chore: added negative test case --- features/checksum-core.feature | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/features/checksum-core.feature b/features/checksum-core.feature index aed252a5..8b242372 100644 --- a/features/checksum-core.feature +++ b/features/checksum-core.feature @@ -231,15 +231,11 @@ Feature: Validate checksums for WordPress install Scenario: Verify core checksums with excluded files Given a WP install - And "WordPress" replaced with "Wordpress" in the readme.html file + And "WordPress" replaced with "PressWord" in the readme.html file And a wp-includes/some-filename.php file: """ sample content of some file """ - And a readme.html file: - """ - # You really should read me - """ When I try `wp core verify-checksums --exclude='readme.html wp-includes/some-filename.php'` Then STDERR should be empty @@ -249,3 +245,18 @@ Feature: Validate checksums for WordPress install """ And the return code should be 0 + Scenario: Verify core checksums with missing one excluded file + Given a WP install + And "WordPress" replaced with "PressWord" in the readme.html file + And a wp-includes/some-filename.php file: + """ + sample content of some file + """ + + When I try `wp core verify-checksums --exclude=' wp-includes/some-filename.php'` + Then STDERR should be: + """ + Warning: File doesn't verify against checksum: readme.html + Error: WordPress installation doesn't verify against checksums. + """ + And the return code should be 1 \ No newline at end of file From 5dbc55043434128637cd1334b10017cbd8971c0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20G=C3=BCnter?= Date: Thu, 13 Jun 2024 16:40:58 +0200 Subject: [PATCH 3/3] fix: changed to comma separated, added readme --- README.md | 9 +++++++-- features/checksum-core.feature | 6 +++--- src/Checksum_Core_Command.php | 8 ++++---- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 7a6a1962..4f043b22 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ This package implements the following commands: Verifies WordPress files against WordPress.org's checksums. ~~~ -wp core verify-checksums [--include-root] [--version=] [--locale=] [--insecure] +wp core verify-checksums [--include-root] [--version=] [--locale=] [--insecure] [--exclude=] ~~~ Downloads md5 checksums for the current version from WordPress.org, and @@ -43,6 +43,9 @@ site. [--insecure] Retry downloads without certificate validation if TLS handshake fails. Note: This makes the request vulnerable to a MITM attack. + [--exclude=] + Exclude specific files from the checksum verification. Provide a comma-separated list of file paths. + **EXAMPLES** # Verify checksums @@ -64,7 +67,9 @@ site. Warning: File doesn't verify against checksum: wp-config-sample.php Error: WordPress installation doesn't verify against checksums. - + # Verify checksums excluding specific files + $ wp core verify-checksums --exclude="wp-my-custom-file.php,readme.html" + Success: WordPress installation verifies against checksums. ### wp plugin verify-checksums diff --git a/features/checksum-core.feature b/features/checksum-core.feature index 8b242372..21d20358 100644 --- a/features/checksum-core.feature +++ b/features/checksum-core.feature @@ -237,7 +237,7 @@ Feature: Validate checksums for WordPress install sample content of some file """ - When I try `wp core verify-checksums --exclude='readme.html wp-includes/some-filename.php'` + When I try `wp core verify-checksums --exclude='readme.html,wp-includes/some-filename.php'` Then STDERR should be empty And STDOUT should be: """ @@ -245,7 +245,7 @@ Feature: Validate checksums for WordPress install """ And the return code should be 0 - Scenario: Verify core checksums with missing one excluded file + Scenario: Verify core checksums with missing excluded file Given a WP install And "WordPress" replaced with "PressWord" in the readme.html file And a wp-includes/some-filename.php file: @@ -253,7 +253,7 @@ Feature: Validate checksums for WordPress install sample content of some file """ - When I try `wp core verify-checksums --exclude=' wp-includes/some-filename.php'` + When I try `wp core verify-checksums --exclude='wp-includes/some-filename.php'` Then STDERR should be: """ Warning: File doesn't verify against checksum: readme.html diff --git a/src/Checksum_Core_Command.php b/src/Checksum_Core_Command.php index 30b255c0..0d7ee94a 100644 --- a/src/Checksum_Core_Command.php +++ b/src/Checksum_Core_Command.php @@ -52,7 +52,7 @@ class Checksum_Core_Command extends Checksum_Base_Command { * : Retry downloads without certificate validation if TLS handshake fails. Note: This makes the request vulnerable to a MITM attack. * * [--exclude=] - * : Exclude specific files from the checksum verification. Provide a space-separated list of file paths. + * : Exclude specific files from the checksum verification. Provide a comma-separated list of file paths. * * ## EXAMPLES * @@ -74,8 +74,8 @@ class Checksum_Core_Command extends Checksum_Base_Command { * Warning: File doesn't verify against checksum: readme.html * Warning: File doesn't verify against checksum: wp-config-sample.php * Error: WordPress installation doesn't verify against checksums. - * - * # Verify checksums + * + * # Verify checksums and exclude files * $ wp core verify-checksums --exclude="readme.html" * Success: WordPress installation verifies against checksums. * @@ -98,7 +98,7 @@ public function __invoke( $args, $assoc_args ) { } if ( ! empty( $assoc_args['exclude'] ) ) { - $this->exclude_files = explode( ' ', $assoc_args['exclude'] ); + $this->exclude_files = explode( ',', Utils\get_flag_value( $assoc_args, 'exclude', '' ) ); } if ( empty( $wp_version ) ) {