Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WAF: Avoid using Waf_Rules_Manager from Waf_Runner::initialize() #38944

Merged
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
Significance: patch
Type: fixed

WAF: reduce amount of classes autoloaded during standalone mode execution
3 changes: 2 additions & 1 deletion projects/packages/waf/src/class-waf-cli.php
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,7 @@ public function teardown() {
*/
public function generate_rules() {
try {
Waf_Constants::define_entrypoint();
Waf_Rules_Manager::generate_automatic_rules();
Waf_Rules_Manager::generate_rules();
} catch ( \Exception $e ) {
Expand All @@ -159,7 +160,7 @@ public function generate_rules() {
sprintf(
/* translators: %1$s is the name of the mode that was just switched to. */
__( 'Jetpack WAF rules successfully created to: "%1$s".', 'jetpack-waf' ),
Waf_Runner::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE )
Waf_Runner::get_waf_file_path( JETPACK_WAF_ENTRYPOINT )
)
);
}
Expand Down
10 changes: 10 additions & 0 deletions projects/packages/waf/src/class-waf-constants.php
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ public static function initialize_bootstrap_constants() {
self::define_waf_directory();
self::define_wpconfig_path();
self::define_killswitch();
self::define_entrypoint();
}

/**
Expand Down Expand Up @@ -80,6 +81,15 @@ public static function define_mode() {
}
}

/**
* Set the entrypoint definition if it has not been set.
*/
public static function define_entrypoint() {
if ( ! defined( 'JETPACK_WAF_ENTRYPOINT' ) ) {
define( 'JETPACK_WAF_ENTRYPOINT', 'rules/rules.php' );
}
}

/**
* Set the share data definition if it has not been set.
*
Expand Down
17 changes: 12 additions & 5 deletions projects/packages/waf/src/class-waf-rules-manager.php
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,16 @@ class Waf_Rules_Manager {
const IP_LISTS_ENABLED_OPTION_NAME = 'jetpack_waf_ip_list';

// Rule Files
const AUTOMATIC_RULES_FILE = '/rules/automatic-rules.php';
const IP_ALLOW_RULES_FILE = '/rules/allow-ip.php';
const IP_BLOCK_RULES_FILE = '/rules/block-ip.php';

/**
* Rules Entrypoint File
*
* @deprecated $$next-version$$ Use JETPACK_WAF_ENTRYPOINT instead.
*/
const RULES_ENTRYPOINT_FILE = '/rules/rules.php';
nateweller marked this conversation as resolved.
Show resolved Hide resolved
const AUTOMATIC_RULES_FILE = '/rules/automatic-rules.php';
const IP_ALLOW_RULES_FILE = '/rules/allow-ip.php';
const IP_BLOCK_RULES_FILE = '/rules/block-ip.php';

/**
* Whether automatic rules are enabled.
Expand Down Expand Up @@ -221,17 +227,18 @@ private static function wrap_require( $required_file, $return_code = 'return;' )
public static function generate_rules() {
global $wp_filesystem;
Waf_Runner::initialize_filesystem();
Waf_Constants::define_entrypoint();

$rules = "<?php\n";
$entrypoint_file_path = Waf_Runner::get_waf_file_path( self::RULES_ENTRYPOINT_FILE );
$entrypoint_file_path = Waf_Runner::get_waf_file_path( JETPACK_WAF_ENTRYPOINT );

// Ensure that the folder exists
if ( ! $wp_filesystem->is_dir( dirname( $entrypoint_file_path ) ) ) {
$wp_filesystem->mkdir( dirname( $entrypoint_file_path ) );
}

// Ensure all potentially required rule files exist
$rule_files = array( self::RULES_ENTRYPOINT_FILE, self::AUTOMATIC_RULES_FILE, self::IP_ALLOW_RULES_FILE, self::IP_BLOCK_RULES_FILE );
$rule_files = array( JETPACK_WAF_ENTRYPOINT, self::AUTOMATIC_RULES_FILE, self::IP_ALLOW_RULES_FILE, self::IP_BLOCK_RULES_FILE );
foreach ( $rule_files as $rule_file ) {
$rule_file = Waf_Runner::get_waf_file_path( $rule_file );
if ( ! $wp_filesystem->is_file( $rule_file ) ) {
Expand Down
8 changes: 5 additions & 3 deletions projects/packages/waf/src/class-waf-runner.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ public static function initialize() {
return;
}
Waf_Constants::define_mode();
Waf_Constants::define_entrypoint();
Waf_Constants::define_share_data();

if ( ! self::is_allowed_mode( JETPACK_WAF_MODE ) ) {
Expand Down Expand Up @@ -256,7 +257,7 @@ public static function run() {
$waf = new Waf_Runtime( new Waf_Transforms(), new Waf_Operators() );

// execute waf rules.
$rules_file_path = self::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE );
$rules_file_path = self::get_waf_file_path( JETPACK_WAF_ENTRYPOINT );
if ( file_exists( $rules_file_path ) ) {
// phpcs:ignore
include $rules_file_path;
Expand Down Expand Up @@ -366,14 +367,15 @@ public static function deactivate() {

global $wp_filesystem;
self::initialize_filesystem();
Waf_Constants::define_entrypoint();

// If the rules file doesn't exist, there's nothing else to do.
if ( ! $wp_filesystem->exists( self::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE ) ) ) {
if ( ! $wp_filesystem->exists( self::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ) ) ) {
return;
}

// Empty the rules entrypoint file.
if ( ! $wp_filesystem->put_contents( self::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE ), "<?php\n" ) ) {
if ( ! $wp_filesystem->put_contents( self::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ), "<?php\n" ) ) {
throw new File_System_Exception( 'Failed to empty rules.php file.' );
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,7 @@ public function generate() {
. sprintf( "define( 'JETPACK_WAF_SHARE_DEBUG_DATA', %s );\n", var_export( $share_debug_data_option, true ) )
. sprintf( "define( 'JETPACK_WAF_DIR', %s );\n", var_export( JETPACK_WAF_DIR, true ) )
. sprintf( "define( 'JETPACK_WAF_WPCONFIG', %s );\n", var_export( JETPACK_WAF_WPCONFIG, true ) )
. sprintf( "define( 'JETPACK_WAF_ENTRYPOINT', %s );\n", var_export( JETPACK_WAF_ENTRYPOINT, true ) )
. 'require_once ' . var_export( $autoloader_file, true ) . ";\n"
. "Automattic\Jetpack\Waf\Waf_Runner::initialize();\n";
// phpcs:enable
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
*/

use Automattic\Jetpack\Constants;
use Automattic\Jetpack\Waf\Waf_Constants;
use Automattic\Jetpack\Waf\Waf_Initializer;
use Automattic\Jetpack\Waf\Waf_Rules_Manager;
use Automattic\Jetpack\Waf\Waf_Runner;
Expand Down Expand Up @@ -75,6 +76,9 @@ public function return_invalid_filesystem_method() {
* Test WAF activation.
*/
public function testActivation() {
// Ensure the JETPACK_WAF_ENTRYPOINT is defined.
Waf_Constants::define_entrypoint();

// Mock the WPCOM request for retrieving the automatic rules.
add_filter( 'pre_http_request', array( $this, 'return_sample_response' ) );

Expand All @@ -90,7 +94,7 @@ public function testActivation() {
$this->assertSame( false, get_option( Waf_Rules_Manager::AUTOMATIC_RULES_ENABLED_OPTION_NAME ) );

// Ensure the rule files were generated.
$this->assertFileExists( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE ) );
$this->assertFileExists( Waf_Runner::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ) );
$this->assertFileExists( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::AUTOMATIC_RULES_FILE ) );
$this->assertFileExists( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::IP_ALLOW_RULES_FILE ) );
$this->assertFileExists( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::IP_BLOCK_RULES_FILE ) );
Expand All @@ -106,6 +110,9 @@ public function testActivation() {
* Test WAF deactivation.
*/
public function testDeactivation() {
// Ensure the JETPACK_WAF_ENTRYPOINT is defined.
Waf_Constants::define_entrypoint();

$deactivated = Waf_Initializer::on_waf_deactivation();

// Ensure the WAF was deactivated successfully.
Expand All @@ -116,7 +123,7 @@ public function testDeactivation() {
$this->assertSame( false, get_option( Waf_Runner::MODE_OPTION_NAME ) );

// Ensure the rules entrypoint file was emptied.
$this->assertSame( "<?php\n", file_get_contents( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE ) ) );
$this->assertSame( "<?php\n", file_get_contents( Waf_Runner::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ) ) );
}

/**
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Significance: patch
Type: changed
Comment: Updated constant for compatibility with latest waf package version.


4 changes: 3 additions & 1 deletion projects/plugins/debug-helper/modules/class-waf-helper.php
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
* @package automattic/jetpack-debug-helper
*/

use Automattic\Jetpack\Waf\Waf_Constants;
use Automattic\Jetpack\Waf\Waf_Rules_Manager;
use Automattic\Jetpack\Waf\Waf_Runner;

Expand Down Expand Up @@ -223,7 +224,8 @@ public function render_ui() {
<hr>

<h2>Rules Entrypoint</h2>
<?php $this->render_waf_file( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE ); ?>
<?php Waf_Constants::define_entrypoint(); ?>
<?php defined( 'JETPACK_WAF_ENTRYPOINT' ) ? $this->render_waf_file( (string) JETPACK_WAF_ENTRYPOINT ) : 'Not set'; ?>

<hr>

Expand Down
Loading