Merge pull request #343 from Automattic/add/skip-folders-to-wpscan

Add --wpscan-api-skip-folders-in-repo-options-file parameter
Automattic · Jan 26, 2023 · b9d9b27 · b9d9b27
2 parents f450954 + d40f97c
commit b9d9b27
Show file tree

Hide file tree

Showing 6 changed files with 259 additions and 23 deletions.
diff --git a/README.md b/README.md
@@ -501,12 +501,16 @@ For example:
 
 -- with this option in place, any files in the `foo/` or `Tests/bar` folders and subfolders will be exempt from PHP linting. The folders are relative to the git repository. Please note that regular expressions are not supported at this time.
 
+Similar option parameter exists for WPScan API scanning, use the `--wpscan-api-skip-folders-in-repo-options-file` option.
+
 Folders can also be specified in files placed at the root of the repository, `.vipgoci_lint_skip_folders` for PHP linting and `.vipgoci_phpcs_skip_folders` for PHPCS scanning. Each folder should be on a line of its own in the relevant file, and each path should be relative to the root of the repository.  This feature is activated using command-line options, for example:
 
 > ./vip-go-ci.php --lint-skip-folders-in-repo-options-file=true --phpcs-skip-folders-in-repo-options-file=true
 
 Any folders found in the files at the root of the repository will be merged with options specified on the command-line.
 
+For WPScan API, use file named `.vipgoci_wpscan_api_skip_folders`.
+
 ### Skipping large files
 
 By default, `vip-go-ci` will skip scanning of any files that are longer than 15,000 lines and display a warning in GitHub reviews about the files skipped. This means that these files are not PHP linted, not PHPCS scanned nor SVG scanned. This feature was implemented because very large files will often cause scanning to take much longer time than is ideal, delaying submission of results, as well as causing GitHub API errors.

diff --git a/main.php b/main.php
@@ -145,6 +145,10 @@ function vipgoci_help_print() :void {
 		"\t" . '                                   with items separated by commas.' . PHP_EOL .
 		"\t" . '--wpscan-api-skip-folders=ARRAY    Directories not to scan using WPScan API scanning. Should be an' . PHP_EOL .
 		"\t" . '                                   array with items separated by commas.' . PHP_EOL .
+		"\t" . '--wpscan-api-skip-folders-in-repo-options-file=BOOL Whether to allow specifying folders that are not to be' . PHP_EOL .
+		"\t" . '                                                    scanned via WPScan API to be specified in file in' . PHP_EOL .
+		"\t" . '                                                    root of repository (.vipgoci_wpscan_api_skip_folders).' . PHP_EOL .
+		"\t" . '                                                    Folders should be separated by newlines.' . PHP_EOL .
 		"\t" . '--wpscan-api-plugin-file-extensions=ARRAY Use specified file extensions to select which altered plugin files to scan with WPScan API.' . PHP_EOL .
 		"\t" . '                                          Default is: "' . implode( ',', VIPGOCI_WPSCAN_PLUGIN_FILE_EXTENSIONS_DEFAULT ) . '"' . PHP_EOL .
 		"\t" . '--wpscan-api-theme-file-extensions=ARRAY  Use specified file extensions to select which altered theme files to scan with WPScan API.' . PHP_EOL .
@@ -337,6 +341,7 @@ function vipgoci_options_recognized() :array {
 		'wpscan-api-plugin-file-extensions:',
 		'wpscan-api-theme-file-extensions:',
 		'wpscan-api-skip-folders:',
+		'wpscan-api-skip-folders-in-repo-options-file:',
 		'wpscan-api-report-end-msg:',
 
 		/*
@@ -709,6 +714,8 @@ function vipgoci_run_init_options_wpscan( array &$options ) :void {
 
 	vipgoci_option_bool_handle( $options, 'wpscan-api-dry-mode', 'true' );
 
+	vipgoci_option_bool_handle( $options, 'wpscan-api-skip-folders-in-repo-options-file', 'false' );
+
 	/*
 	 * Process --wpscan-folders -- expected to be an
 	 * array of values.

diff --git a/options.php b/options.php
@@ -267,9 +267,9 @@ function vipgoci_options_read_repo_file(
 
 /**
  * Read from repository files which folders are to
- * be skipped from PHPCS scanning and PHP Linting,
- * if configured to do so, and join with any folders
- * specified on the command line.
+ * be skipped from PHPCS scanning, PHP Linting and
+ * WPScan API scanning, if configured to do so, and
+ * join with any folders specified on the command line.
  *
  * @param array $options Options array for the program.
  *
@@ -279,7 +279,7 @@ function vipgoci_options_read_repo_skip_files(
 	array &$options
 ) :void {
 	foreach (
-		array( 'phpcs', 'lint' ) as $scan_type
+		array( 'phpcs', 'lint', 'wpscan-api' ) as $scan_type
 	) {
 		/*
 		 * If not configured to read
@@ -308,7 +308,13 @@ function vipgoci_options_read_repo_skip_files(
 			)
 		);
 
-		$type_options_file_name = '.vipgoci_' . $scan_type . '_skip_folders';
+		$scan_type_file_str = str_replace(
+			'-',
+			'_',
+			$scan_type
+		);
+
+		$type_options_file_name = '.vipgoci_' . $scan_type_file_str . '_skip_folders';
 
 		$type_options_file_contents =
 			vipgoci_gitrepo_fetch_committed_file(