Closed ibertrix closed 4 years ago
Hey @ibertrix,
Good to hear from you.
I see output of launchcheck plugins can only be html or json. Anyway to show it in porcelain or table format?
This isn't a feature we support right now, unfortunately.
One thing you could do, however, is write your own custom command that:
wp launchcheck plugins
with WP_CLI::runcommand()
.WP_CLI\Utils\format_items()
.Hope this helps!
FYIO: A useful library for supporting multiple output formats uniformly:
Ok, I will give a try to jq, which I have used in the past to parse json outputs. What kind of output should I look at to try to find a vulnerable plugin? I see the following for instance for wordpress-seo plugin:
{
"plugins": {
"alerts": {
"wordpress-seo": {
"vulnerable": "None",
"needs_update": "0",
"available": "-",
"installed": "14.0.4",
"slug": "wordpress-seo"
},
How does it look when It finds a plugin that is vulnerable? I have listed with this command all entries that have vulnerable with value "None":
wp launchcheck plugins --path=/mypath --format=json | jq .plugins.alerts |jq -c '.[] | select( .vulnerable | contains("None"))' | jq .slug
but I want to find the ones that are vulnerable
@ibertrix Here are your two options, it looks like:
When a plugin has a vulnerability, you'll see a URL with 'more info' as the target text.
If you'd like to test it out, you could temporarily install an insecure version of Akismet.
@ibertrix Here are your two options, it looks like:
When a plugin has a vulnerability, you'll see a URL with 'more info' as the target text.
If you'd like to test it out, you could temporarily install an insecure version of Akismet.
I tried your example and change in akismet.php the version number to 3.1.4 which is considered vulnerable. I get the following:
"akismet": {
"vulnerable": "None",
"needs_update": "1",
"available": "4.1.5",
"installed": "3.1.4",
"slug": "akismet"
},
@ibertrix That's odd. To confirm, this is in a Pantheon environment?
@ibertrix That's odd. To confirm, this is in a Pantheon environment?
Nope, my own server, but it should work anyway, isn´t it?
@ibertrix Have you purchased an API license from wpvulndb and set the API key to the PANTHEON_WPVULNDB_API_TOKEN
environment variable?
@ibertrix Have you purchased an API license from wpvulndb and set the API key to the
PANTHEON_WPVULNDB_API_TOKEN
environment variable?
I do have a free API TOKEN, but i don´t know where I have to put it
@ibertrix Ok, that must be the missing piece then. You'll need to define the API token in the PANTHEON_WPVULNDB_API_TOKEN
environment variable.
@ibertrix Ok, that must be the missing piece then. You'll need to define the API token in the
PANTHEON_WPVULNDB_API_TOKEN
environment variable.
How do I do that? I forgot I did it several weeks ago to make the package work. I defined the variable $wpvulndb_api_token manually so maybe that´s not the issue
Hi!
I am just trying to spot critical updates for a wordpress installation. I am starting with plugins (although It would be desirable to have it for core critical updates and themes).
I see output of launchcheck plugins can only be html or json. Anyway to show it in porcelain or table format?
I would like also the same for launchcheck secure
Thanks!