Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add checks to WPScan API reporting logic, ensure CVSS outputted includes precision #308

Merged
merged 3 commits into from
Oct 17, 2022
Merged

Add checks to WPScan API reporting logic, ensure CVSS outputted includes precision #308

merged 3 commits into from
Oct 17, 2022

Conversation

gudmdharalds
Copy link
Contributor

@gudmdharalds gudmdharalds commented Oct 17, 2022
edited
Loading

This pull request will add a few checks before printing WPScan API results. It will furthermore ensure CVSS score is cast to float and printed so that it will include a precision point. Also, it adds more testing logic to the relevant unit tests.

TODO:

  • Added few checks to WPScan API result printing
  • Ensure CVSS score includes precision point
  • Update unit test for functions altered
  • Check status of automated tests
  • Ensure PHPDoc comments are up to date for functions added or altered
  • Changelog entry (for VIP) [ Changelog for version 1.3.2 #305 ]

@gudmdharalds gudmdharalds self-assigned this Oct 17, 2022
wpcomvip-vipgoci-bot
wpcomvip-vipgoci-bot previously requested changes Oct 17, 2022
View reviewed changes
Copy link
Collaborator

@wpcomvip-vipgoci-bot wpcomvip-vipgoci-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code analysis identified issues

VIP Code Analysis Bot has identified potential problems in this pull request during automated scanning. We recommend reviewing the issues noted and that they are resolved.

phpcs scanning turned up:

🚫 1 error

This bot provides automated PHP linting and PHPCS scanning. For more information about the bot and available customizations, see our documentation.

Scan run detail

Software versions

  • vip-go-ci version: 1.3.1
  • PHP runtime version for vip-go-ci: 8.1.11
  • PHP runtime for linting:
    • PHP 8.1: 8.1.11
  • PHP runtime version for PHPCS: 7.4.32
  • PHPCS version: 3.7.1
  • PHP runtime version for SVG scanner: 7.4.32

Options file (.vipgoci_options)

Options file enabled: true

Configurable options:

  • skip-execution
  • skip-draft-prs
  • lint-modified-files-only
  • phpcs
  • phpcs-severity
  • phpcs-sniffs-include
  • phpcs-sniffs-exclude
  • report-no-issues-found
  • review-comments-sort
  • review-comments-include-severity
  • post-generic-pr-support-comments
  • review-comments-sort
  • scan-details-msg-include
  • svg-checks
  • autoapprove
  • autoapprove-php-nonfunctional-changes

Options altered:

  • phpcs-severityset to1
  • phpcs-sniffs-includeset toGeneric.PHP.DisallowShortOpenTag, Squiz.PHP.CommentedOutCode
  • phpcs-sniffs-excludeset toWordPress.Security.EscapeOutput, WordPress.PHP.DevelopmentFunctions, WordPress.WP.AlternativeFunctions, WordPress.PHP.DiscouragedPHPFunctions, WordPress.Files.FileName, Squiz.Commenting.FileComment, Generic.PHP.Syntax
  • skip-draft-prsset to

PHP lint options

PHP lint files enabled: true

Lint modified files only: true

Directories not PHP linted:

  • None

SVG configuration

SVG scanning enabled: true

Auto-approval configuration

Auto-approvals enabled: true

Non-functional changes auto-approved: true

Auto-approved file-types:

  • css
  • csv
  • eot
  • gif
  • gz
  • ico
  • ini
  • jpeg
  • jpg
  • json
  • less
  • map
  • md
  • mdown
  • mo
  • mp4
  • otf
  • pcss
  • pdf
  • po
  • pot
  • png
  • sass
  • scss
  • styl
  • ttf
  • txt
  • woff
  • woff2
  • yml

PHPCS configuration

PHPCS scanning enabled: true

PHPCS severity level: 1

Standard(s) used:

  • PHPCompatibility
  • PHPCompatibilityParagonieRandomCompat
  • PHPCompatibilityParagonieSodiumCompat
  • VariableAnalysis
  • WordPress

Runtime set:

  • testVersion 8.1-

Custom sniffs included:

  • Generic.PHP.DisallowShortOpenTag
  • Squiz.PHP.CommentedOutCode

Custom sniffs excluded:

  • WordPress.Security.EscapeOutput
  • WordPress.PHP.DevelopmentFunctions
  • WordPress.WP.AlternativeFunctions
  • WordPress.PHP.DiscouragedPHPFunctions
  • WordPress.Files.FileName
  • Squiz.Commenting.FileComment
  • Generic.PHP.Syntax

Directories not PHPCS scanned:

  • tests/unit

WPScan API configuration

WPScan API scanning enabled: false

wpscan-reports.php Outdated Show resolved Hide resolved
@wpcomvip-vipgoci-bot wpcomvip-vipgoci-bot dismissed their stale review October 17, 2022 14:05

Dismissing review as all inline comments are obsolete by now

@wpcomvip-vipgoci-bot
Copy link
Collaborator

Scanning latest commit did not yield any new issues. Please have a look at older feedback still existing (commit-ID: 89f1b6c)

This bot provides automated PHP linting and PHPCS scanning. For more information about the bot and available customizations, see our documentation.

Scan run detail

Software versions

  • vip-go-ci version: 1.3.1
  • PHP runtime version for vip-go-ci: 8.1.11
  • PHP runtime for linting:
    • PHP 8.1: 8.1.11
  • PHP runtime version for PHPCS: 7.4.32
  • PHPCS version: 3.7.1
  • PHP runtime version for SVG scanner: 7.4.32

Options file (.vipgoci_options)

Options file enabled: true

Configurable options:

  • skip-execution
  • skip-draft-prs
  • lint-modified-files-only
  • phpcs
  • phpcs-severity
  • phpcs-sniffs-include
  • phpcs-sniffs-exclude
  • report-no-issues-found
  • review-comments-sort
  • review-comments-include-severity
  • post-generic-pr-support-comments
  • review-comments-sort
  • scan-details-msg-include
  • svg-checks
  • autoapprove
  • autoapprove-php-nonfunctional-changes

Options altered:

  • phpcs-severityset to1
  • phpcs-sniffs-includeset toGeneric.PHP.DisallowShortOpenTag, Squiz.PHP.CommentedOutCode
  • phpcs-sniffs-excludeset toWordPress.Security.EscapeOutput, WordPress.PHP.DevelopmentFunctions, WordPress.WP.AlternativeFunctions, WordPress.PHP.DiscouragedPHPFunctions, WordPress.Files.FileName, Squiz.Commenting.FileComment, Generic.PHP.Syntax
  • skip-draft-prsset to

PHP lint options

PHP lint files enabled: true

Lint modified files only: true

Directories not PHP linted:

  • None

SVG configuration

SVG scanning enabled: true

Auto-approval configuration

Auto-approvals enabled: true

Non-functional changes auto-approved: true

Auto-approved file-types:

  • css
  • csv
  • eot
  • gif
  • gz
  • ico
  • ini
  • jpeg
  • jpg
  • json
  • less
  • map
  • md
  • mdown
  • mo
  • mp4
  • otf
  • pcss
  • pdf
  • po
  • pot
  • png
  • sass
  • scss
  • styl
  • ttf
  • txt
  • woff
  • woff2
  • yml

PHPCS configuration

PHPCS scanning enabled: true

PHPCS severity level: 1

Standard(s) used:

  • PHPCompatibility
  • PHPCompatibilityParagonieRandomCompat
  • PHPCompatibilityParagonieSodiumCompat
  • VariableAnalysis
  • WordPress

Runtime set:

  • testVersion 8.1-

Custom sniffs included:

  • Generic.PHP.DisallowShortOpenTag
  • Squiz.PHP.CommentedOutCode

Custom sniffs excluded:

  • WordPress.Security.EscapeOutput
  • WordPress.PHP.DevelopmentFunctions
  • WordPress.WP.AlternativeFunctions
  • WordPress.PHP.DiscouragedPHPFunctions
  • WordPress.Files.FileName
  • Squiz.Commenting.FileComment
  • Generic.PHP.Syntax

Directories not PHPCS scanned:

  • tests/unit

WPScan API configuration

WPScan API scanning enabled: false

@gudmdharalds gudmdharalds merged commit 6f5322e into trunk Oct 17, 2022
@gudmdharalds gudmdharalds deleted the fix/wpscan-reporting-checks branch October 17, 2022 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wpcomvip-vipgoci-bot wpcomvip-vipgoci-bot wpcomvip-vipgoci-bot left review comments

Assignees

@gudmdharalds gudmdharalds

Labels
[Pri] High [Type] Enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gudmdharalds @wpcomvip-vipgoci-bot