Skip to content

Commit

Permalink
Add built-in rule for bad request banner for non-existing archive files
Browse files Browse the repository at this point in the history 
Also make related unit tests more DRY.

Fixes #155.
  • Loading branch information
@chesio
chesio committed Mar 5, 2024
1 parent d8d8eb3 commit 466953e
Show file tree
Hide file tree
Showing 4 changed files with 130 additions and 56 deletions.
6 changes: 5 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@

## Upcoming version 0.23.0 (????-??-??)

### Added

* New built-in rule for bad request banner module that triggers when non-existing `.tgz` or `.zip` file is accessed [#155](https://github.com/chesio/bc-security/issues/155).

### Changed

* List of supported PHP versions for PHP version check has been updated to include PHP 8.3 [#151](https://github.com/chesio/bc-security/issues/151).
Expand All @@ -22,7 +26,7 @@ This release has been tested with PHP 8.3 and WordPress 6.4. PHP 8.1 or newer an

### Added

* New built-in rule to bad request banner module that triggers when non-existing `readme.txt` file is accessed [#149](https://github.com/chesio/bc-security/issues/149).
* New built-in rule for bad request banner module that triggers when non-existing `readme.txt` file is accessed [#149](https://github.com/chesio/bc-security/issues/149).
* Plugin has been tested with PHP 8.3 [#145](https://github.com/chesio/bc-security/issues/145).
* Plugin has been tested with WordPress 6.4 [#144](https://github.com/chesio/bc-security/issues/144).

Expand Down
9 changes: 9 additions & 0 deletions classes/BlueChip/Security/Modules/BadRequestsBanner/BuiltInRules.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@

abstract class BuiltInRules
{
public const ARCHIVE_FILES = 'archive-files';

private const ARCHIVE_FILES_PATTERN = '\.(tgz|zip)$';

public const BACKUP_FILES = 'backup-files';

private const BACKUP_FILES_PATTERN = 'backup|(\.(back|old|tmp)$)';
Expand Down Expand Up @@ -34,6 +38,11 @@ public static function enlist(): array
self::README_FILES_PATTERN,
__('(any URI targeting /readme.txt file)', 'bc-security')
),
self::ARCHIVE_FILES => new BanRule(
__('Non-existent archive files', 'bc-security'),
self::ARCHIVE_FILES_PATTERN,
__('(any URI targeting file with .tgz or .zip extension)', 'bc-security')
),
self::BACKUP_FILES => new BanRule(
__('Non-existent backup files', 'bc-security'),
self::BACKUP_FILES_PATTERN,
Expand Down
6 changes: 6 additions & 0 deletions classes/BlueChip/Security/Modules/BadRequestsBanner/Settings.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,11 @@

class Settings extends CoreSettings
{
/**
* @var string Is built-in rule "Archive files" active? [bool:no]
*/
public const BUILT_IN_RULE_ARCHIVE_FILES = BuiltInRules::ARCHIVE_FILES;

/**
* @var string Is built-in rule "Backup files" active? [bool:no]
*/
Expand Down Expand Up @@ -44,6 +49,7 @@ class Settings extends CoreSettings
* @var array<string,mixed> Default values for all settings.
*/
protected const DEFAULTS = [
self::BUILT_IN_RULE_ARCHIVE_FILES => false,
self::BUILT_IN_RULE_BACKUP_FILES => false,
self::BUILT_IN_RULE_PHP_FILES => false,
self::BUILT_IN_RULE_README_FILES => false,
Expand Down
165 changes: 110 additions & 55 deletions tests/unit/src/Cases/Modules/BadRequestsBanner/BuiltInRulesTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,66 +10,121 @@

final class BuiltInRulesTest extends TestCase
{
public static function provideUrisForBackupFilesRule(): array
public static function provideUris(): array
{
return [
'Backup file' => ['website-backup.zip', true],
'Backup (back) file' => ['wp-config.php.back', true],
'Backup (old) file' => ['script.php.old', true],
'Backup (tmp) file' => ['some/important/file.tmp', true],
'Image file' => ['dummy.png', false],
'PHP file' => ['wp-config.php', false],
'Readme.txt file' => ['wp-content/some-plugin/readme.txt', false],
'Archive (tgz) file' => [
'data.tgz',
[
BuiltInRules::ARCHIVE_FILES => true,
BuiltInRules::BACKUP_FILES => false,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
],
],
'Archive and backup (zip) file' => [
'website-backup.zip',
[
BuiltInRules::ARCHIVE_FILES => true,
BuiltInRules::BACKUP_FILES => true,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
],
],
'Backup (back) file' => [
'wp-config.php.back',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::BACKUP_FILES => true,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
],
],
'Backup (old) file' => [
'script.php.old',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::BACKUP_FILES => true,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
],
],
'Backup (tmp) file' => [
'some/important/file.tmp',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::BACKUP_FILES => true,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
],
],
'CSS asset' => [
'wp-content/theme/dummy/styles.css',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::BACKUP_FILES => false,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
],
],
'Image file' => [
'plugin/non-existent/image.png',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::BACKUP_FILES => false,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
],
],
'JS asset' => [
'wp-content/themes/dummy/script.js',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::BACKUP_FILES => false,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
],
],
'PHP file' => [
'_wp-config.php',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::BACKUP_FILES => false,
BuiltInRules::PHP_FILES => true,
BuiltInRules::README_FILES => false,
],
],
'Humans.txt file' => [
'humans.txt',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::BACKUP_FILES => false,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => false,
],
],
'Readme.txt file' => [
'wp-content/plugins/some-plugin/readme.txt',
[
BuiltInRules::ARCHIVE_FILES => false,
BuiltInRules::BACKUP_FILES => false,
BuiltInRules::PHP_FILES => false,
BuiltInRules::README_FILES => true,
],
],
];
}

public static function provideUrisForPhpFilesRule(): array
#[DataProvider('provideUris')]
public function testBuiltInRules(string $uri, array $results): void
{
return [
'Backup file' => ['website-backup.zip', false],
'Backup (back) file' => ['wp-config.php.back', false],
'Backup (old) file' => ['script.php.old', false],
'Backup (tmp) file' => ['some/important/file.tmp', false],
'Image file' => ['dummy.png', false],
'PHP file' => ['wp-config.php', true],
'Readme.txt file' => ['wp-content/some-plugin/readme.txt', false],
];
}

public static function provideUrisForReadmeTxtFilesRule(): array
{
return [
'Backup file' => ['website-backup.zip', false],
'Backup (back) file' => ['wp-config.php.back', false],
'Backup (old) file' => ['script.php.old', false],
'Backup (tmp) file' => ['some/important/file.tmp', false],
'Image file' => ['dummy.png', false],
'PHP file' => ['wp-config.php', false],
'Readme.txt file' => ['wp-content/some-plugin/readme.txt', true],
];
}

#[DataProvider('provideUrisForBackupFilesRule')]
public function testBackupFilesRule(string $uri, bool $result): void
{
$ban_rule = BuiltInRules::get(BuiltInRules::BACKUP_FILES);

$this->assertSame($ban_rule->matches($uri), $result);
}

#[DataProvider('provideUrisForPhpFilesRule')]
public function testPhpFilesRule(string $uri, bool $result): void
{
$ban_rule = BuiltInRules::get(BuiltInRules::PHP_FILES);

$this->assertSame($ban_rule->matches($uri), $result);
}

#[DataProvider('provideUrisForReadmeTxtFilesRule')]
public function testReadmeTxtFilesRule(string $uri, bool $result): void
{
$ban_rule = BuiltInRules::get(BuiltInRules::README_FILES);

$this->assertSame($ban_rule->matches($uri), $result);
foreach ($results as $rule_identifier => $result) {
$ban_rule = BuiltInRules::get($rule_identifier);
$this->assertSame(
$ban_rule->matches($uri),
$result,
sprintf($result ? 'Rule "%s" must not match URI %s' : 'Rule "%s" must match URI %s', $ban_rule->getName(), $uri)
);
}
}
}

0 comments on commit 466953e

Please sign in to comment.