From 15d9d8c0e6947dbb333e97aaa99faa3a4e7e0d71 Mon Sep 17 00:00:00 2001 From: Nate Weller Date: Wed, 9 Oct 2024 13:04:21 -0600 Subject: [PATCH] WAF: Avoid using Waf_Rules_Manager from Waf_Runner::initialize() (#38944) --- ...no-waf-rules-manager-call-in-standalone-mode | 4 ++++ projects/packages/waf/src/class-waf-cli.php | 3 ++- .../packages/waf/src/class-waf-constants.php | 10 ++++++++++ .../waf/src/class-waf-rules-manager.php | 17 ++++++++++++----- projects/packages/waf/src/class-waf-runner.php | 8 +++++--- .../waf/src/class-waf-standalone-bootstrap.php | 1 + .../php/integration/test-waf-activation.php | 11 +++++++++-- ...no-waf-rules-manager-call-in-standalone-mode | 5 +++++ .../debug-helper/modules/class-waf-helper.php | 4 +++- 9 files changed, 51 insertions(+), 12 deletions(-) create mode 100644 projects/packages/waf/changelog/fix-waf-no-waf-rules-manager-call-in-standalone-mode create mode 100644 projects/plugins/debug-helper/changelog/fix-waf-no-waf-rules-manager-call-in-standalone-mode diff --git a/projects/packages/waf/changelog/fix-waf-no-waf-rules-manager-call-in-standalone-mode b/projects/packages/waf/changelog/fix-waf-no-waf-rules-manager-call-in-standalone-mode new file mode 100644 index 0000000000000..781cd4af66626 --- /dev/null +++ b/projects/packages/waf/changelog/fix-waf-no-waf-rules-manager-call-in-standalone-mode @@ -0,0 +1,4 @@ +Significance: patch +Type: fixed + +WAF: reduce amount of classes autoloaded during standalone mode execution diff --git a/projects/packages/waf/src/class-waf-cli.php b/projects/packages/waf/src/class-waf-cli.php index e7e2c01aac42c..1292302ed62c6 100644 --- a/projects/packages/waf/src/class-waf-cli.php +++ b/projects/packages/waf/src/class-waf-cli.php @@ -142,6 +142,7 @@ public function teardown() { */ public function generate_rules() { try { + Waf_Constants::define_entrypoint(); Waf_Rules_Manager::generate_automatic_rules(); Waf_Rules_Manager::generate_rules(); } catch ( \Exception $e ) { @@ -159,7 +160,7 @@ public function generate_rules() { sprintf( /* translators: %1$s is the name of the mode that was just switched to. */ __( 'Jetpack WAF rules successfully created to: "%1$s".', 'jetpack-waf' ), - Waf_Runner::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE ) + Waf_Runner::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ) ) ); } diff --git a/projects/packages/waf/src/class-waf-constants.php b/projects/packages/waf/src/class-waf-constants.php index b4c368bb7d06d..bc0b04a343c62 100644 --- a/projects/packages/waf/src/class-waf-constants.php +++ b/projects/packages/waf/src/class-waf-constants.php @@ -22,6 +22,7 @@ public static function initialize_bootstrap_constants() { self::define_waf_directory(); self::define_wpconfig_path(); self::define_killswitch(); + self::define_entrypoint(); } /** @@ -80,6 +81,15 @@ public static function define_mode() { } } + /** + * Set the entrypoint definition if it has not been set. + */ + public static function define_entrypoint() { + if ( ! defined( 'JETPACK_WAF_ENTRYPOINT' ) ) { + define( 'JETPACK_WAF_ENTRYPOINT', 'rules/rules.php' ); + } + } + /** * Set the share data definition if it has not been set. * diff --git a/projects/packages/waf/src/class-waf-rules-manager.php b/projects/packages/waf/src/class-waf-rules-manager.php index 89bf220f1a5d2..ddfb55f6bfd1a 100644 --- a/projects/packages/waf/src/class-waf-rules-manager.php +++ b/projects/packages/waf/src/class-waf-rules-manager.php @@ -39,10 +39,16 @@ class Waf_Rules_Manager { const IP_LISTS_ENABLED_OPTION_NAME = 'jetpack_waf_ip_list'; // Rule Files + const AUTOMATIC_RULES_FILE = '/rules/automatic-rules.php'; + const IP_ALLOW_RULES_FILE = '/rules/allow-ip.php'; + const IP_BLOCK_RULES_FILE = '/rules/block-ip.php'; + + /** + * Rules Entrypoint File + * + * @deprecated $$next-version$$ Use JETPACK_WAF_ENTRYPOINT instead. + */ const RULES_ENTRYPOINT_FILE = '/rules/rules.php'; - const AUTOMATIC_RULES_FILE = '/rules/automatic-rules.php'; - const IP_ALLOW_RULES_FILE = '/rules/allow-ip.php'; - const IP_BLOCK_RULES_FILE = '/rules/block-ip.php'; /** * Whether automatic rules are enabled. @@ -221,9 +227,10 @@ private static function wrap_require( $required_file, $return_code = 'return;' ) public static function generate_rules() { global $wp_filesystem; Waf_Runner::initialize_filesystem(); + Waf_Constants::define_entrypoint(); $rules = "is_dir( dirname( $entrypoint_file_path ) ) ) { @@ -231,7 +238,7 @@ public static function generate_rules() { } // Ensure all potentially required rule files exist - $rule_files = array( self::RULES_ENTRYPOINT_FILE, self::AUTOMATIC_RULES_FILE, self::IP_ALLOW_RULES_FILE, self::IP_BLOCK_RULES_FILE ); + $rule_files = array( JETPACK_WAF_ENTRYPOINT, self::AUTOMATIC_RULES_FILE, self::IP_ALLOW_RULES_FILE, self::IP_BLOCK_RULES_FILE ); foreach ( $rule_files as $rule_file ) { $rule_file = Waf_Runner::get_waf_file_path( $rule_file ); if ( ! $wp_filesystem->is_file( $rule_file ) ) { diff --git a/projects/packages/waf/src/class-waf-runner.php b/projects/packages/waf/src/class-waf-runner.php index e15ce7a8290aa..c1a8eb1965057 100644 --- a/projects/packages/waf/src/class-waf-runner.php +++ b/projects/packages/waf/src/class-waf-runner.php @@ -31,6 +31,7 @@ public static function initialize() { return; } Waf_Constants::define_mode(); + Waf_Constants::define_entrypoint(); Waf_Constants::define_share_data(); if ( ! self::is_allowed_mode( JETPACK_WAF_MODE ) ) { @@ -256,7 +257,7 @@ public static function run() { $waf = new Waf_Runtime( new Waf_Transforms(), new Waf_Operators() ); // execute waf rules. - $rules_file_path = self::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE ); + $rules_file_path = self::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ); if ( file_exists( $rules_file_path ) ) { // phpcs:ignore include $rules_file_path; @@ -366,14 +367,15 @@ public static function deactivate() { global $wp_filesystem; self::initialize_filesystem(); + Waf_Constants::define_entrypoint(); // If the rules file doesn't exist, there's nothing else to do. - if ( ! $wp_filesystem->exists( self::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE ) ) ) { + if ( ! $wp_filesystem->exists( self::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ) ) ) { return; } // Empty the rules entrypoint file. - if ( ! $wp_filesystem->put_contents( self::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE ), "put_contents( self::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ), "assertSame( false, get_option( Waf_Rules_Manager::AUTOMATIC_RULES_ENABLED_OPTION_NAME ) ); // Ensure the rule files were generated. - $this->assertFileExists( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE ) ); + $this->assertFileExists( Waf_Runner::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ) ); $this->assertFileExists( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::AUTOMATIC_RULES_FILE ) ); $this->assertFileExists( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::IP_ALLOW_RULES_FILE ) ); $this->assertFileExists( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::IP_BLOCK_RULES_FILE ) ); @@ -106,6 +110,9 @@ public function testActivation() { * Test WAF deactivation. */ public function testDeactivation() { + // Ensure the JETPACK_WAF_ENTRYPOINT is defined. + Waf_Constants::define_entrypoint(); + $deactivated = Waf_Initializer::on_waf_deactivation(); // Ensure the WAF was deactivated successfully. @@ -116,7 +123,7 @@ public function testDeactivation() { $this->assertSame( false, get_option( Waf_Runner::MODE_OPTION_NAME ) ); // Ensure the rules entrypoint file was emptied. - $this->assertSame( "assertSame( "

Rules Entrypoint

- render_waf_file( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE ); ?> + + render_waf_file( (string) JETPACK_WAF_ENTRYPOINT ) : 'Not set'; ?>