WPScan fixes: Ensure that WPScan type of items are not removed from results when filtering

[gudmdharalds]

This pull request will ensure that WPScan type of items are not filtered from results due to the underlying files being auto-approved.

The rationale is that WPScan type of items should always be reported; the fact that a add-on has a known issue or is obsolete will not be overridden by the file-ending or the fact that the changes were non-functional.

TODO:

• [x] Added patch to ensure WPScan type of items are not filtered away.
• [x] Add test
  • [x] Verify that WPScan items are not filtered away.
• [N/A] Add to, or update, Scan run detail report as applicable
• [x] Check status of automated tests
  • [x] Run integration tests manually (see comment).
• [x] Update README
  • [x] The README file already mentions that a pull request with obsolete or vulnerable plugin or theme is not auto-approved.
  • [x] Remove reference to database of previously reviewed, safe code.
• [x] Ensure PHPDoc comments are up to date for functions added or altered
• [x] Changelog entry (for VIP) [ #333 ]

[gudmdharalds]

Thanks @chriszarate !

The integration tests fail due to GitHub HTTP request rate limit. This is not easy to fix, but is on the agenda to resolve.

I will run the tests manually.

[wpcomvip-vipgoci-bot]

No issues were found to report when scanning latest commit (commit-ID: 1f4356b039b19371734451bda1c4fe6572559cf5)

---

This bot provides automated PHP linting and PHPCS scanning. For more information about the bot and available customizations, see our documentation.

---

---

Scan run detail

Software versions vip-go-ci version: 1.3.3 PHP runtime version for vip-go-ci: 8.1.14 PHP runtime for linting: PHP 8.1: 8.1.14 PHP runtime version for PHPCS: 7.4.33 PHPCS version: 3.7.1 PHP runtime version for SVG scanner: 7.4.33 Options file (.vipgoci_options) Options file enabled: true Configurable options: skip-execution skip-draft-prs lint-modified-files-only phpcs phpcs-severity phpcs-sniffs-include phpcs-sniffs-exclude report-no-issues-found review-comments-sort review-comments-include-severity post-generic-pr-support-comments review-comments-sort scan-details-msg-include svg-checks autoapprove autoapprove-php-nonfunctional-changes Options altered: phpcs-severityset to1 phpcs-sniffs-includeset toGeneric.PHP.DisallowShortOpenTag, Squiz.PHP.CommentedOutCode phpcs-sniffs-excludeset toWordPress.Security.EscapeOutput, WordPress.PHP.DevelopmentFunctions, WordPress.WP.AlternativeFunctions, WordPress.PHP.DiscouragedPHPFunctions, WordPress.Files.FileName, Squiz.Commenting.FileComment, Generic.PHP.Syntax skip-draft-prsset to

PHP lint options PHP lint files enabled: true Lint modified files only: true Lint files with file extensions: php Directories not PHP linted: None SVG configuration SVG scanning enabled: true Scan added/modified files with file extensions: svg Auto-approval configuration Auto-approvals enabled: true Non-functional changes auto-approved: true Files with file extensions to consider for non-functional change auto-approval: php Auto-approved file-types: css csv eot gif gz ico ini jpeg jpg json less map md mdown mo mp4 otf pcss pdf po pot png sass scss styl ttf txt woff woff2 yml

PHPCS configuration PHPCS scanning enabled: true PHPCS severity level: 1 Standard(s) used: PHPCompatibility PHPCompatibilityParagonieRandomCompat PHPCompatibilityParagonieSodiumCompat VariableAnalysis WordPress Runtime set: testVersion 8.1- Scan added/modified files with file extensions: php js twig Custom sniffs included: Generic.PHP.DisallowShortOpenTag Squiz.PHP.CommentedOutCode Custom sniffs excluded: WordPress.Security.EscapeOutput WordPress.PHP.DevelopmentFunctions WordPress.WP.AlternativeFunctions WordPress.PHP.DiscouragedPHPFunctions WordPress.Files.FileName Squiz.Commenting.FileComment Generic.PHP.Syntax Directories not PHPCS scanned: None WPScan API configuration WPScan API scanning enabled: true WPScan API URL: https://wpscan.com/api/v3 Directories scanned: plugins client-mu-plugins themes Directories not scanned: None Scan added/modified plugins based on headers present in files with file extensions: php Scan added/modified themes based on headers present in files with file extensions: css