search

Automattic / vip-go-ci

Continuous integration for VIP Go repositories
Other
50 stars 22 forks source link

Fix WPScan issue: Invalid UpdateURI plugin/theme headers lead to error #358

Closed gudmdharalds closed 1 year ago

gudmdharalds commented 1 year ago

This pull request fixes a bug with invalid UpdateURI plugin/theme headers which lead to unexpected errors.

TODO:

wpcomvip-vipgoci-bot commented 1 year ago

No issues were found to report when scanning latest commit (commit-ID: c60a0f254e11c0a4c2e3f8bce3e6b712ab320777)

This bot provides automated PHP linting, PHPCS scanning and Vulnerability and Update Scan. For more information about the bot and available customizations, see our documentation.

Scan run detail

Software versions

  • vip-go-ci version: 1.3.4
  • PHP runtime version for vip-go-ci: 8.1.18
  • PHP runtime for linting:
    • PHP 8.1: 8.1.18
  • PHP runtime version for PHPCS: 7.4.33
  • PHPCS version: 3.7.1
  • PHP runtime version for SVG scanner: 7.4.33

Options file (.vipgoci_options)

Options file enabled: true

Configurable options:

  • skip-execution
  • skip-draft-prs
  • lint-modified-files-only
  • phpcs
  • phpcs-severity
  • phpcs-sniffs-include
  • phpcs-sniffs-exclude
  • report-no-issues-found
  • review-comments-sort
  • review-comments-include-severity
  • post-generic-pr-support-comments
  • review-comments-sort
  • scan-details-msg-include
  • svg-checks
  • autoapprove
  • autoapprove-php-nonfunctional-changes

Options altered:

  • phpcs-severityset to1
  • phpcs-sniffs-includeset toGeneric.PHP.DisallowShortOpenTag, Squiz.PHP.CommentedOutCode
  • phpcs-sniffs-excludeset toWordPress.Security.EscapeOutput, WordPress.PHP.DevelopmentFunctions, WordPress.WP.AlternativeFunctions, WordPress.PHP.DiscouragedPHPFunctions, WordPress.Files.FileName, Squiz.Commenting.FileComment, Generic.PHP.Syntax
  • skip-draft-prsset to

PHP lint options

PHP lint files enabled: true

Lint modified files only: true

Lint files with file extensions:

  • php

Directories not PHP linted:

  • None

SVG configuration

SVG scanning enabled: true

Scan added/modified files with file extensions:

  • svg

Auto-approval configuration

Auto-approvals enabled: true

Non-functional changes auto-approved: true

Files with file extensions to consider for non-functional change auto-approval: php

Auto-approved file-types:

  • css
  • csv
  • eot
  • gif
  • gz
  • ico
  • ini
  • jpeg
  • jpg
  • json
  • less
  • map
  • md
  • mdown
  • mo
  • mp4
  • otf
  • pcss
  • pdf
  • po
  • pot
  • png
  • sass
  • scss
  • styl
  • ttf
  • txt
  • woff
  • woff2
  • yml

PHPCS configuration

PHPCS scanning enabled: true

PHPCS severity level: 1

Standard(s) used:

  • PHPCompatibility
  • PHPCompatibilityParagonieRandomCompat
  • PHPCompatibilityParagonieSodiumCompat
  • VariableAnalysis
  • WordPress

Runtime set:

  • testVersion 8.1-

Scan added/modified files with file extensions:

  • php
  • js
  • twig

Custom sniffs included:

  • Generic.PHP.DisallowShortOpenTag
  • Squiz.PHP.CommentedOutCode

Custom sniffs excluded:

  • WordPress.Security.EscapeOutput
  • WordPress.PHP.DevelopmentFunctions
  • WordPress.WP.AlternativeFunctions
  • WordPress.PHP.DiscouragedPHPFunctions
  • WordPress.Files.FileName
  • Squiz.Commenting.FileComment
  • Generic.PHP.Syntax

Directories not PHPCS scanned:

  • None

WPScan API configuration

WPScan API scanning enabled: true

WPScan API URL: https://wpscan.com/api/v3

Directories scanned:

  • plugins
  • client-mu-plugins
  • themes

Directories not scanned:

  • None

Scan added/modified plugins based on headers present in files with file extensions:

  • php

Scan added/modified themes based on headers present in files with file extensions:

  • css