Skip to content

Add --include-root parameter to also verify root directory #102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 19 commits into from
Mar 24, 2023
Merged

Add --include-root parameter to also verify root directory #102

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
4df6e69
Add --include-root parameter
paulschreiber Mar 22, 2023
1893b47
Add test for --include-root parameter
paulschreiber Mar 22, 2023
31f15fc
when --allow-root is set, do not warn about wp-config.php and wp-cont…
paulschreiber Mar 22, 2023
e00b62f
PHPCS: align equals signs
paulschreiber Mar 22, 2023
81ea662
Update src/Checksum_Core_Command.php
paulschreiber Mar 23, 2023
e3e1936
when --include-root is enabled, skip entire wp-content directory from…
paulschreiber Mar 23, 2023
56e5ab8
add private $include_root variable
paulschreiber Mar 23, 2023
5653679
update help text to indicate it looks for files and folders
paulschreiber Mar 23, 2023
962472f
Add test for wp-cli.yml
paulschreiber Mar 23, 2023
b133985
Update features/checksum-core.feature
paulschreiber Mar 23, 2023
63fd9e7
Fix Scenario indentation
danielbachhuber Mar 24, 2023
d755af7
Add more tests to clarify expected behavior
danielbachhuber Mar 24, 2023
e69798e
Remove extraneous helper
danielbachhuber Mar 24, 2023
7176faf
Clean up `wp-cli.yml` scenario
danielbachhuber Mar 24, 2023
71c327f
Rebuild README with new flag
danielbachhuber Mar 24, 2023
a59cc2e
Avoid random test failures when the order changes
danielbachhuber Mar 24, 2023
a03bee1
Remove extraneous argument
danielbachhuber Mar 24, 2023
c9bab49
Merge branch 'main' into patch-1
danielbachhuber Mar 24, 2023
dc03bc8
Fix these assertions
danielbachhuber Mar 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ This package implements the following commands:
Verifies WordPress files against WordPress.org's checksums.

~~~
wp core verify-checksums [--version=<version>] [--locale=<locale>] [--insecure]
wp core verify-checksums [--include-root] [--version=<version>] [--locale=<locale>] [--insecure]
~~~

Downloads md5 checksums for the current version from WordPress.org, and
Expand All @@ -31,6 +31,9 @@ site.

**OPTIONS**

[--include-root]
Verify all files and folders in the root directory, and warn if any non-WordPress items are found.

[--version=<version>]
Verify checksums against a specific version of WordPress.

Expand Down
118 changes: 101 additions & 17 deletions features/checksum-core.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,37 @@ Feature: Validate checksums for WordPress install
Warning: File doesn't exist: readme.html
Error: WordPress installation doesn't verify against checksums.
"""
And the return code should be 1

Scenario: Core checksums don't verify because wp-cli.yml is present
Given a WP install
And a wp-cli.yml file:
"""
plugin install:
- user-switching
"""

When I try `wp core verify-checksums`
Then STDERR should be:
"""
Warning: File should not exist: wp-cli.yml
"""
And STDOUT should be:
"""
Success: WordPress installation verifies against checksums.
"""
And the return code should be 0

When I run `rm wp-cli.yml`
Then STDERR should be empty

When I run `wp core verify-checksums`
Then STDERR should be empty
And STDOUT should be:
"""
Success: WordPress installation verifies against checksums.
"""
And the return code should be 0

Scenario: Verify core checksums without loading WordPress
Given an empty directory
Expand Down Expand Up @@ -96,23 +127,76 @@ Feature: Validate checksums for WordPress install
"""
And the return code should be 0

Scenario: Verify core checksums when extra files prefixed with 'wp-' are included in WordPress root
Given a WP install
And a wp-extra-file.php file:
"""
hello world
"""

When I try `wp core verify-checksums`
Then STDERR should be:
"""
Warning: File should not exist: wp-extra-file.php
"""
And STDOUT should be:
"""
Success: WordPress installation verifies against checksums.
"""
And the return code should be 0
Scenario: Verify core checksums when extra files prefixed with 'wp-' are included in WordPress root
Given a WP install
And a wp-extra-file.php file:
"""
hello world
"""

When I try `wp core verify-checksums`
Then STDERR should be:
"""
Warning: File should not exist: wp-extra-file.php
"""
And STDOUT should be:
"""
Success: WordPress installation verifies against checksums.
"""
And the return code should be 0

Scenario: Verify core checksums when extra files are included in WordPress root and --include-root is passed
Given a WP install
And a extra-file.php file:
"""
hello world
"""
And a unknown-folder/unknown-file.php file:
"""
taco burrito
"""
And a wp-content/unknown-file.php file:
"""
foobar
"""

When I try `wp core verify-checksums --include-root`
Then STDERR should contain:
"""
Warning: File should not exist: unknown-folder/unknown-file.php
"""
And STDERR should contain:
"""
Warning: File should not exist: extra-file.php
"""
And STDERR should not contain:
"""
Warning: File should not exist: wp-content/unknown-file.php
"""
And STDOUT should be:
"""
Success: WordPress installation verifies against checksums.
"""
And the return code should be 0

When I run `wp core verify-checksums`
Then STDERR should not contain:
"""
Warning: File should not exist: unknown-folder/unknown-file.php
"""
And STDERR should not contain:
"""
Warning: File should not exist: extra-file.php
"""
And STDERR should not contain:
"""
Warning: File should not exist: wp-content/unknown-file.php
"""
And STDOUT should be:
"""
Success: WordPress installation verifies against checksums.
"""
And the return code should be 0

Scenario: Verify core checksums with a plugin that has wp-admin
Given a WP install
Expand Down
18 changes: 18 additions & 0 deletions src/Checksum_Core_Command.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,13 @@
*/
class Checksum_Core_Command extends Checksum_Base_Command {

/**
* Whether or not to verify contents of the root directory.
*
* @var boolean
*/
private $include_root = false;

/**
* Verifies WordPress files against WordPress.org's checksums.
*
Expand All @@ -25,6 +32,9 @@ class Checksum_Core_Command extends Checksum_Base_Command {
*
* ## OPTIONS
*
* [--include-root]
* : Verify all files and folders in the root directory, and warn if any non-WordPress items are found.
*
* [--version=<version>]
* : Verify checksums against a specific version of WordPress.
*
Expand Down Expand Up @@ -69,6 +79,10 @@ public function __invoke( $args, $assoc_args ) {
$locale = $assoc_args['locale'];
}

if ( ! empty( $assoc_args['include-root'] ) ) {
$this->include_root = true;
}

if ( empty( $wp_version ) ) {
$details = self::get_wp_details();
$wp_version = $details['wp_version'];
Expand Down Expand Up @@ -136,6 +150,10 @@ public function __invoke( $args, $assoc_args ) {
* @return bool
*/
protected function filter_file( $filepath ) {
if ( true === $this->include_root ) {
return ( 1 !== preg_match( '/^(wp-config\.php$|wp-content\/)/', $filepath ) );
}

return ( 0 === strpos( $filepath, 'wp-admin/' )
|| 0 === strpos( $filepath, 'wp-includes/' )
|| 1 === preg_match( '/^wp-(?!config\.php)([^\/]*)$/', $filepath )
Expand Down