Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WAF: Avoid using Waf_Rules_Manager from Waf_Runner::initialize() #38944

Open
wants to merge 8 commits into
base: trunk
Choose a base branch
from
Open

WAF: Avoid using Waf_Rules_Manager from Waf_Runner::initialize() #38944

wants to merge 8 commits into from
+51 −12

Conversation

nateweller
Copy link
Contributor

@nateweller nateweller commented Aug 18, 2024
edited
Loading

Related to https://github.com/Automattic/jpop-issues/issues/9175

Proposed changes:

  • Migrates Waf_Rules_Manager::RULES_ENTRYPOINT_FILE to a new JETPACK_WAF_ENTRYPOINT constant, to avoid autoloading the Waf_Rules_Manager class during standalone mode firewall execution.

Other information:

  • Have you written new tests for your changes, if applicable?
  • Have you checked the E2E test CI results, and verified that your changes do not break them?
  • Have you tested your changes on WordPress.com, if applicable (if so, you'll see a generated comment below with a script to run)?

Jetpack product discussion

peb6dq-2HL-p2

Does this pull request change what data or activity we track or use?

No

Testing instructions:

  • Set up automatic firewall rules.
  • Verify the firewall blocks a request in both the default and standalone mode.
  • Test updating various firewall settings.

@nateweller nateweller requested a review from a team August 18, 2024 16:38
@nateweller nateweller self-assigned this Aug 18, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 18, 2024
edited
Loading

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

  • To test on WoA, go to the Plugins menu on a WordPress.com Simple site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin, and enable the fix/waf/no-waf-rules-manager-call-in-standalone-mode branch.

  • To test on Simple, run the following command on your sandbox:

    bin/jetpack-downloader test jetpack fix/waf/no-waf-rules-manager-call-in-standalone-mode

Interested in more tips and information?

  • In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
  • Read more about our development workflow here: PCYsg-eg0-p2
  • Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 18, 2024
edited
Loading

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

  • ✅ Include a description of your PR changes.
  • ✅ Add a "[Status]" label (In Progress, Needs Team Review, ...).
  • ✅ Add testing instructions.
  • ✅ Specify whether this PR includes any changes to data or privacy.
  • ✅ Add changelog entries to affected projects

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

The e2e test report can be found here. Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available.

Follow this PR Review Process:

  1. Ensure all required checks appearing at the bottom of this PR are passing.
  2. Choose a review path based on your changes:
    • A. Team Review: add the "[Status] Needs Team Review" label
      • For most changes, including minor cross-team impacts.
      • Example: Updating a team-specific component or a small change to a shared library.
    • B. Crew Review: add the "[Status] Needs Review" label
      • For significant changes to core functionality.
      • Example: Major updates to a shared library or complex features.
    • C. Both: Start with Team, then request Crew
      • For complex changes or when you need extra confidence.
      • Example: Refactor affecting multiple systems.
  3. Get at least one approval before merging.

Still unsure? Reach out in #jetpack-developers for guidance!

Debug Helper plugin:

  • Next scheduled release: none scheduled.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

@nateweller nateweller force-pushed the fix/waf/no-waf-rules-manager-call-in-standalone-mode branch from 458423c to b5b4421 Compare September 3, 2024 17:21
@nateweller nateweller marked this pull request as ready for review September 3, 2024 17:21
@nateweller nateweller force-pushed the fix/waf/no-waf-rules-manager-call-in-standalone-mode branch from b5b4421 to 2be0c14 Compare October 7, 2024 16:17
@nateweller
Copy link
Contributor Author

PHP compatibility warnings appear unrelated to the changes in this PR.

@nateweller nateweller requested a review from dkmyta October 7, 2024 21:07
@github-actions github-actions bot added the [Plugin] Debug Helper Debug Tools plugin label Oct 7, 2024
nateweller
nateweller commented Oct 7, 2024
View reviewed changes
projects/packages/waf/src/class-waf-rules-manager.php Outdated
@@ -223,15 +222,15 @@ public static function generate_rules() {
Waf_Runner::initialize_filesystem();

$rules = "<?php\n";
$entrypoint_file_path = Waf_Runner::get_waf_file_path( self::RULES_ENTRYPOINT_FILE );
$entrypoint_file_path = Waf_Runner::get_waf_file_path( Waf_Runner::ENTRYPOINT_FILE );
Copy link
Contributor Author

@nateweller nateweller Oct 7, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am wondering if this is problematic - will this generate_rules method run within a request where an outdated Waf_Runner class was autoloaded in standalone mode, creating the same issue?

Wondering if we just need to duplicate the deceleration of the entrypoint file value, or provide it from a third source separate from the runner and rule manager classes... or just safely handle it potentially being undefined.

🤔

@nateweller nateweller force-pushed the fix/waf/no-waf-rules-manager-call-in-standalone-mode branch 2 times, most recently from 7cf67fe to 60ee2a9 Compare October 7, 2024 22:11
@nateweller nateweller force-pushed the fix/waf/no-waf-rules-manager-call-in-standalone-mode branch from 60ee2a9 to c8ded65 Compare October 7, 2024 22:54
@nateweller nateweller requested a review from a team October 8, 2024 03:28
@nateweller nateweller force-pushed the fix/waf/no-waf-rules-manager-call-in-standalone-mode branch from 810dad6 to e789c15 Compare October 8, 2024 03:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dkmyta dkmyta Awaiting requested review from dkmyta

Requested changes must be addressed to merge this pull request.

Assignees

@nateweller nateweller

Labels
[Package] WAF [Plugin] Debug Helper Debug Tools plugin [Status] Needs Team Review [Tests] Includes Tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nateweller @dkmyta