WAF: Avoid using Waf_Rules_Manager from Waf_Runner::initialize() (#38944

)
Automattic · Oct 9, 2024 · 15d9d8c · 15d9d8c
1 parent 77c7a79
commit 15d9d8c
Show file tree

Hide file tree

Showing 9 changed files with 51 additions and 12 deletions.
diff --git a/projects/packages/waf/changelog/fix-waf-no-waf-rules-manager-call-in-standalone-mode b/projects/packages/waf/changelog/fix-waf-no-waf-rules-manager-call-in-standalone-mode
@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+WAF: reduce amount of classes autoloaded during standalone mode execution
diff --git a/projects/packages/waf/src/class-waf-cli.php b/projects/packages/waf/src/class-waf-cli.php
@@ -142,6 +142,7 @@ public function teardown() {
 	 */
 	public function generate_rules() {
 		try {
+			Waf_Constants::define_entrypoint();
 			Waf_Rules_Manager::generate_automatic_rules();
 			Waf_Rules_Manager::generate_rules();
 		} catch ( \Exception $e ) {
@@ -159,7 +160,7 @@ public function generate_rules() {
 			sprintf(
 				/* translators: %1$s is the name of the mode that was just switched to. */
 				__( 'Jetpack WAF rules successfully created to: "%1$s".', 'jetpack-waf' ),
-				Waf_Runner::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE )
+				Waf_Runner::get_waf_file_path( JETPACK_WAF_ENTRYPOINT )
 			)
 		);
 	}

diff --git a/projects/packages/waf/src/class-waf-constants.php b/projects/packages/waf/src/class-waf-constants.php
@@ -22,6 +22,7 @@ public static function initialize_bootstrap_constants() {
 		self::define_waf_directory();
 		self::define_wpconfig_path();
 		self::define_killswitch();
+		self::define_entrypoint();
 	}
 
 	/**
@@ -80,6 +81,15 @@ public static function define_mode() {
 		}
 	}
 
+	/**
+	 * Set the entrypoint definition if it has not been set.
+	 */
+	public static function define_entrypoint() {
+		if ( ! defined( 'JETPACK_WAF_ENTRYPOINT' ) ) {
+			define( 'JETPACK_WAF_ENTRYPOINT', 'rules/rules.php' );
+		}
+	}
+
 	/**
 	 * Set the share data definition if it has not been set.
 	 *

diff --git a/projects/packages/waf/src/class-waf-rules-manager.php b/projects/packages/waf/src/class-waf-rules-manager.php
@@ -39,10 +39,16 @@ class Waf_Rules_Manager {
 	const IP_LISTS_ENABLED_OPTION_NAME = 'jetpack_waf_ip_list';
 
 	// Rule Files
+	const AUTOMATIC_RULES_FILE = '/rules/automatic-rules.php';
+	const IP_ALLOW_RULES_FILE  = '/rules/allow-ip.php';
+	const IP_BLOCK_RULES_FILE  = '/rules/block-ip.php';
+
+	/**
+	 * Rules Entrypoint File
+	 *
+	 * @deprecated $$next-version$$ Use JETPACK_WAF_ENTRYPOINT instead.
+	 */
 	const RULES_ENTRYPOINT_FILE = '/rules/rules.php';
-	const AUTOMATIC_RULES_FILE  = '/rules/automatic-rules.php';
-	const IP_ALLOW_RULES_FILE   = '/rules/allow-ip.php';
-	const IP_BLOCK_RULES_FILE   = '/rules/block-ip.php';
 
 	/**
 	 * Whether automatic rules are enabled.
@@ -221,17 +227,18 @@ private static function wrap_require( $required_file, $return_code = 'return;' )
 	public static function generate_rules() {
 		global $wp_filesystem;
 		Waf_Runner::initialize_filesystem();
+		Waf_Constants::define_entrypoint();
 
 		$rules                = "<?php\n";
-		$entrypoint_file_path = Waf_Runner::get_waf_file_path( self::RULES_ENTRYPOINT_FILE );
+		$entrypoint_file_path = Waf_Runner::get_waf_file_path( JETPACK_WAF_ENTRYPOINT );
 
 		// Ensure that the folder exists
 		if ( ! $wp_filesystem->is_dir( dirname( $entrypoint_file_path ) ) ) {
 			$wp_filesystem->mkdir( dirname( $entrypoint_file_path ) );
 		}
 
 		// Ensure all potentially required rule files exist
-		$rule_files = array( self::RULES_ENTRYPOINT_FILE, self::AUTOMATIC_RULES_FILE, self::IP_ALLOW_RULES_FILE, self::IP_BLOCK_RULES_FILE );
+		$rule_files = array( JETPACK_WAF_ENTRYPOINT, self::AUTOMATIC_RULES_FILE, self::IP_ALLOW_RULES_FILE, self::IP_BLOCK_RULES_FILE );
 		foreach ( $rule_files as $rule_file ) {
 			$rule_file = Waf_Runner::get_waf_file_path( $rule_file );
 			if ( ! $wp_filesystem->is_file( $rule_file ) ) {

diff --git a/projects/packages/waf/src/class-waf-runner.php b/projects/packages/waf/src/class-waf-runner.php
@@ -31,6 +31,7 @@ public static function initialize() {
 			return;
 		}
 		Waf_Constants::define_mode();
+		Waf_Constants::define_entrypoint();
 		Waf_Constants::define_share_data();
 
 		if ( ! self::is_allowed_mode( JETPACK_WAF_MODE ) ) {
@@ -256,7 +257,7 @@ public static function run() {
 			$waf = new Waf_Runtime( new Waf_Transforms(), new Waf_Operators() );
 
 			// execute waf rules.
-			$rules_file_path = self::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE );
+			$rules_file_path = self::get_waf_file_path( JETPACK_WAF_ENTRYPOINT );
 			if ( file_exists( $rules_file_path ) ) {
 				// phpcs:ignore
 				include $rules_file_path;
@@ -366,14 +367,15 @@ public static function deactivate() {
 
 		global $wp_filesystem;
 		self::initialize_filesystem();
+		Waf_Constants::define_entrypoint();
 
 		// If the rules file doesn't exist, there's nothing else to do.
-		if ( ! $wp_filesystem->exists( self::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE ) ) ) {
+		if ( ! $wp_filesystem->exists( self::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ) ) ) {
 			return;
 		}
 
 		// Empty the rules entrypoint file.
-		if ( ! $wp_filesystem->put_contents( self::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE ), "<?php\n" ) ) {
+		if ( ! $wp_filesystem->put_contents( self::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ), "<?php\n" ) ) {
 			throw new File_System_Exception( 'Failed to empty rules.php file.' );
 		}
 	}

diff --git a/projects/packages/waf/src/class-waf-standalone-bootstrap.php b/projects/packages/waf/src/class-waf-standalone-bootstrap.php
@@ -154,6 +154,7 @@ public function generate() {
 			. sprintf( "define( 'JETPACK_WAF_SHARE_DEBUG_DATA', %s );\n", var_export( $share_debug_data_option, true ) )
 			. sprintf( "define( 'JETPACK_WAF_DIR', %s );\n", var_export( JETPACK_WAF_DIR, true ) )
 			. sprintf( "define( 'JETPACK_WAF_WPCONFIG', %s );\n", var_export( JETPACK_WAF_WPCONFIG, true ) )
+			. sprintf( "define( 'JETPACK_WAF_ENTRYPOINT', %s );\n", var_export( JETPACK_WAF_ENTRYPOINT, true ) )
 			. 'require_once ' . var_export( $autoloader_file, true ) . ";\n"
 			. "Automattic\Jetpack\Waf\Waf_Runner::initialize();\n";
 		// phpcs:enable

diff --git a/projects/packages/waf/tests/php/integration/test-waf-activation.php b/projects/packages/waf/tests/php/integration/test-waf-activation.php
@@ -6,6 +6,7 @@
  */
 
 use Automattic\Jetpack\Constants;
+use Automattic\Jetpack\Waf\Waf_Constants;
 use Automattic\Jetpack\Waf\Waf_Initializer;
 use Automattic\Jetpack\Waf\Waf_Rules_Manager;
 use Automattic\Jetpack\Waf\Waf_Runner;
@@ -75,6 +76,9 @@ public function return_invalid_filesystem_method() {
 	 * Test WAF activation.
 	 */
 	public function testActivation() {
+		// Ensure the JETPACK_WAF_ENTRYPOINT is defined.
+		Waf_Constants::define_entrypoint();
+
 		// Mock the WPCOM request for retrieving the automatic rules.
 		add_filter( 'pre_http_request', array( $this, 'return_sample_response' ) );
 
@@ -90,7 +94,7 @@ public function testActivation() {
 		$this->assertSame( false, get_option( Waf_Rules_Manager::AUTOMATIC_RULES_ENABLED_OPTION_NAME ) );
 
 		// Ensure the rule files were generated.
-		$this->assertFileExists( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE ) );
+		$this->assertFileExists( Waf_Runner::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ) );
 		$this->assertFileExists( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::AUTOMATIC_RULES_FILE ) );
 		$this->assertFileExists( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::IP_ALLOW_RULES_FILE ) );
 		$this->assertFileExists( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::IP_BLOCK_RULES_FILE ) );
@@ -106,6 +110,9 @@ public function testActivation() {
 	 * Test WAF deactivation.
 	 */
 	public function testDeactivation() {
+		// Ensure the JETPACK_WAF_ENTRYPOINT is defined.
+		Waf_Constants::define_entrypoint();
+
 		$deactivated = Waf_Initializer::on_waf_deactivation();
 
 		// Ensure the WAF was deactivated successfully.
@@ -116,7 +123,7 @@ public function testDeactivation() {
 		$this->assertSame( false, get_option( Waf_Runner::MODE_OPTION_NAME ) );
 
 		// Ensure the rules entrypoint file was emptied.
-		$this->assertSame( "<?php\n", file_get_contents( Waf_Runner::get_waf_file_path( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE ) ) );
+		$this->assertSame( "<?php\n", file_get_contents( Waf_Runner::get_waf_file_path( JETPACK_WAF_ENTRYPOINT ) ) );
 	}
 
 	/**

diff --git a/projects/plugins/debug-helper/changelog/fix-waf-no-waf-rules-manager-call-in-standalone-mode b/projects/plugins/debug-helper/changelog/fix-waf-no-waf-rules-manager-call-in-standalone-mode
@@ -0,0 +1,5 @@
+Significance: patch
+Type: changed
+Comment: Updated constant for compatibility with latest waf package version.
+
+
diff --git a/projects/plugins/debug-helper/modules/class-waf-helper.php b/projects/plugins/debug-helper/modules/class-waf-helper.php
@@ -5,6 +5,7 @@
  * @package automattic/jetpack-debug-helper
  */
 
+use Automattic\Jetpack\Waf\Waf_Constants;
 use Automattic\Jetpack\Waf\Waf_Rules_Manager;
 use Automattic\Jetpack\Waf\Waf_Runner;
 
@@ -223,7 +224,8 @@ public function render_ui() {
 		<hr>
 
 		<h2>Rules Entrypoint</h2>
-		<?php $this->render_waf_file( Waf_Rules_Manager::RULES_ENTRYPOINT_FILE ); ?>
+		<?php Waf_Constants::define_entrypoint(); ?>
+		<?php defined( 'JETPACK_WAF_ENTRYPOINT' ) ? $this->render_waf_file( (string) JETPACK_WAF_ENTRYPOINT ) : 'Not set'; ?>
 
 		<hr>