From c8ded657af6c097547e8eee4aa23c2e56b771db4 Mon Sep 17 00:00:00 2001 From: Nate Weller Date: Mon, 7 Oct 2024 16:10:24 -0600 Subject: [PATCH] Update approach to use a JETPACK_WAF_ENTRYPOINT constant --- projects/packages/waf/src/class-waf-cli.php | 3 ++- projects/packages/waf/src/class-waf-constants.php | 10 ++++++++++ projects/packages/waf/src/class-waf-rules-manager.php | 5 +++-- projects/packages/waf/src/class-waf-runner.php | 9 +++++---- .../waf/src/class-waf-standalone-bootstrap.php | 1 + .../waf/tests/php/integration/test-waf-activation.php | 11 +++++++++-- .../plugins/debug-helper/modules/class-waf-helper.php | 2 +- 7 files changed, 31 insertions(+), 10 deletions(-) diff --git a/projects/packages/waf/src/class-waf-cli.php b/projects/packages/waf/src/class-waf-cli.php index 73e0a1007c574..1292302ed62c6 100644 --- a/projects/packages/waf/src/class-waf-cli.php +++ b/projects/packages/waf/src/class-waf-cli.php @@ -142,6 +142,7 @@ public function teardown() { */ public function generate_rules() { try { + Waf_Constants::define_entrypoint(); Waf_Rules_Manager::generate_automatic_rules(); Waf_Rules_Manager::generate_rules(); } catch ( \Exception $e ) { @@ -159,7 +160,7 @@ public function generate_rules() { sprintf( /* translators: %1$s is the name of the mode that was just switched to. */ __( 'Jetpack WAF rules successfully created to: "%1$s".', 'jetpack-waf' ), - Waf_Runner::get_waf_file_path( Waf_Runner::ENTRYPOINT_FILE ) + Waf_Runner::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ) ) ); } diff --git a/projects/packages/waf/src/class-waf-constants.php b/projects/packages/waf/src/class-waf-constants.php index b4c368bb7d06d..bc0b04a343c62 100644 --- a/projects/packages/waf/src/class-waf-constants.php +++ b/projects/packages/waf/src/class-waf-constants.php @@ -22,6 +22,7 @@ public static function initialize_bootstrap_constants() { self::define_waf_directory(); self::define_wpconfig_path(); self::define_killswitch(); + self::define_entrypoint(); } /** @@ -80,6 +81,15 @@ public static function define_mode() { } } + /** + * Set the entrypoint definition if it has not been set. + */ + public static function define_entrypoint() { + if ( ! defined( 'JETPACK_WAF_ENTRYPOINT' ) ) { + define( 'JETPACK_WAF_ENTRYPOINT', 'rules/rules.php' ); + } + } + /** * Set the share data definition if it has not been set. * diff --git a/projects/packages/waf/src/class-waf-rules-manager.php b/projects/packages/waf/src/class-waf-rules-manager.php index 6315c44d69bd5..0d97eb17896fa 100644 --- a/projects/packages/waf/src/class-waf-rules-manager.php +++ b/projects/packages/waf/src/class-waf-rules-manager.php @@ -220,9 +220,10 @@ private static function wrap_require( $required_file, $return_code = 'return;' ) public static function generate_rules() { global $wp_filesystem; Waf_Runner::initialize_filesystem(); + Waf_Constants::define_entrypoint(); $rules = "is_dir( dirname( $entrypoint_file_path ) ) ) { @@ -230,7 +231,7 @@ public static function generate_rules() { } // Ensure all potentially required rule files exist - $rule_files = array( Waf_Runner::ENTRYPOINT_FILE, self::AUTOMATIC_RULES_FILE, self::IP_ALLOW_RULES_FILE, self::IP_BLOCK_RULES_FILE ); + $rule_files = array( JETPACK_WAF_ENTRYPOINT, self::AUTOMATIC_RULES_FILE, self::IP_ALLOW_RULES_FILE, self::IP_BLOCK_RULES_FILE ); foreach ( $rule_files as $rule_file ) { $rule_file = Waf_Runner::get_waf_file_path( $rule_file ); if ( ! $wp_filesystem->is_file( $rule_file ) ) { diff --git a/projects/packages/waf/src/class-waf-runner.php b/projects/packages/waf/src/class-waf-runner.php index c1afcd422721f..c1a8eb1965057 100644 --- a/projects/packages/waf/src/class-waf-runner.php +++ b/projects/packages/waf/src/class-waf-runner.php @@ -20,7 +20,6 @@ class Waf_Runner { const MODE_OPTION_NAME = 'jetpack_waf_mode'; const SHARE_DATA_OPTION_NAME = 'jetpack_waf_share_data'; const SHARE_DEBUG_DATA_OPTION_NAME = 'jetpack_waf_share_debug_data'; - const ENTRYPOINT_FILE = '/rules/rules.php'; /** * Run the WAF @@ -32,6 +31,7 @@ public static function initialize() { return; } Waf_Constants::define_mode(); + Waf_Constants::define_entrypoint(); Waf_Constants::define_share_data(); if ( ! self::is_allowed_mode( JETPACK_WAF_MODE ) ) { @@ -257,7 +257,7 @@ public static function run() { $waf = new Waf_Runtime( new Waf_Transforms(), new Waf_Operators() ); // execute waf rules. - $rules_file_path = self::get_waf_file_path( self::ENTRYPOINT_FILE ); + $rules_file_path = self::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ); if ( file_exists( $rules_file_path ) ) { // phpcs:ignore include $rules_file_path; @@ -367,14 +367,15 @@ public static function deactivate() { global $wp_filesystem; self::initialize_filesystem(); + Waf_Constants::define_entrypoint(); // If the rules file doesn't exist, there's nothing else to do. - if ( ! $wp_filesystem->exists( self::get_waf_file_path( self::ENTRYPOINT_FILE ) ) ) { + if ( ! $wp_filesystem->exists( self::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ) ) ) { return; } // Empty the rules entrypoint file. - if ( ! $wp_filesystem->put_contents( self::get_waf_file_path( self::ENTRYPOINT_FILE ), "put_contents( self::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ), "assertSame( false, get_option( Waf_Rules_Manager::AUTOMATIC_RULES_ENABLED_OPTION_NAME ) ); // Ensure the rule files were generated. - $this->assertFileExists( Waf_Runner::get_waf_file_path( Waf_Runner::ENTRYPOINT_FILE ) ); + $this->assertFileExists( Waf_Runner::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ) ); $this->assertFileExists( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::AUTOMATIC_RULES_FILE ) ); $this->assertFileExists( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::IP_ALLOW_RULES_FILE ) ); $this->assertFileExists( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::IP_BLOCK_RULES_FILE ) ); @@ -106,6 +110,9 @@ public function testActivation() { * Test WAF deactivation. */ public function testDeactivation() { + // Ensure the JETPACK_WAF_ENTRYPOINT is defined. + Waf_Constants::define_entrypoint(); + $deactivated = Waf_Initializer::on_waf_deactivation(); // Ensure the WAF was deactivated successfully. @@ -116,7 +123,7 @@ public function testDeactivation() { $this->assertSame( false, get_option( Waf_Runner::MODE_OPTION_NAME ) ); // Ensure the rules entrypoint file was emptied. - $this->assertSame( "assertSame( "

Rules Entrypoint

- render_waf_file( Waf_Runner::ENTRYPOINT_FILE ); ?> + render_waf_file( defined( 'JETPACK_WAF_ENTRYPOINT' ) && JETPACK_WAF_ENTRYPOINT ); ?>