search

wordfence / wordfence-cli

Wordfence malware and vulnerability scanner command line utility.
https://www.wordfence.com/products/wordfence-cli/
GNU General Public License v3.0
97 stars 20 forks source link

When running docker version for first time, fails #106

Open vocatan opened 9 months ago

vocatan commented 9 months ago

With the new Voodoo Child release, the automatic license acquisition logic cannot trigger unless the docker container is launched with -it parameter.

Without that parameter, it looks like this:

$ docker run -v /var/www:/var/www wordfence-cli:latest malware-scan /var/www
Wordfence CLI cannot be used until it has been configured. Would you like to configure it now? [y/n] (default: n): Traceback (most recent call last):
  File "/venv/bin/wordfence", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/venv/lib/python3.11/site-packages/wordfence/cli/cli.py", line 181, in main
    exit_code = cli.invoke()
                ^^^^^^^^^^^^
  File "/venv/lib/python3.11/site-packages/wordfence/cli/cli.py", line 163, in invoke
    and not configurer.check_config():
            ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.11/site-packages/wordfence/cli/configurer.py", line 382, in check_config
    self.prompt_for_missing_config()
  File "/venv/lib/python3.11/site-packages/wordfence/cli/configurer.py", line 366, in prompt_for_missing_config
    should_configure = prompt_yes_no(
                       ^^^^^^^^^^^^^^
  File "/venv/lib/python3.11/site-packages/wordfence/util/input.py", line 59, in prompt_yes_no
    return prompt(
           ^^^^^^^
  File "/venv/lib/python3.11/site-packages/wordfence/util/input.py", line 20, in prompt
    response = input(f'{message}{default_message}: ')
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
EOFError: EOF when reading a line

And if you launch it with -it parameter, it does successfully get a license, then subsequently exits.

$ docker run -it -v /var/www:/var/www wordfence-cli:latest malware-scan /var/www

             ▓▓▓
        ▓▓▓▓▓   ▓▓▓▓▓          _       __               __  ____
  ▓▓▓▓▓▓▓           ▓▓▓▓▓▓▓   | |     / /___  _________/ / / __/__  ____  ________
 ▓▓           ▓           ▓▓  | | /| / / __ \/ ___/ __  /_/ /_/ _ \/ __ \/ ___/ _ \
▓▓     ▓▓    ▓▓▓    ▓▓     ▓▓ | |/ |/ / /_/ / /  / /_/ /_  __/  __/ / / / /__/  __/
▓▓      ▓     ▓     ▓      ▓▓ |__/|__/\____/_/   \____/ /_/  \___/_/ /_/\___/\___/
▓▓    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓    ▓▓                                       ____ _     ___
▓▓  ▓▓▓ ▓    ▓▓▓    ▓ ▓▓▓  ▓▓                                      / ___| |   |_ _|
▓▓▓▓▓   ▓    ▓▓▓    ▓   ▓▓▓▓▓                                     | |   | |    | |
 ▓▓     ▓   ▓▓ ▓▓   ▓     ▓▓                                      | |___| |___ | |
  ▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓                                        \____|_____|___|

Wordfence CLI cannot be used until it has been configured. Would you like to configure it now? [y/n] (default: n): y
Would you like to automatically request a free Wordfence CLI license? [y/n] (default: y): y
Your access to and use of Wordfence CLI Free edition is subject to the Wordfence CLI License Terms and Conditions set forth at https://www.wordfence.com/wordfence-cli-license-terms-and-conditions/. By entering "y" and selecting Enter, you agree that you have read and accept the Wordfence CLI License Terms and Conditions. [y/n] (default: n): y
Free Wordfence CLI license obtained successfully: 72a24fde0b99035b6c2dbd3a71d70756b50e72f2d566895496c07b3e071be3eb9d43470c883d31cd5dbd5e49f6d47a77f0627c765681f58af6b57a0586429a1866d39f61c117464bba8aea3d918b70b9e77e404e5cd72dfeed5ed02b526ce8510e746bb0620b3f6ebe03e797f1f3b870
Cache directory (default: ~/.cache/wordfence):
Number of worker processes (8 CPUs available) (default: 1): 4
Config saved to /root/.config/wordfence/wordfence-cli.ini
Wordfence CLI has been successfully configured and is now ready for use.

... leaving behind a trail of crushes hopes and dreams:

$ docker ps -a
CONTAINER ID   IMAGE                                                     COMMAND                  CREATED             STATUS                           PORTS                                                                                                                        NAMES
92f8a3e8cbbd   wordfence-cli:latest                                      "wordfence malware-s…"   39 seconds ago      Exited (0) 17 seconds ago                                                                                                                                     inspiring_robinson
c2d856a01cba   wordfence-cli:latest                                      "wordfence malware-s…"   2 minutes ago       Exited (1) 2 minutes ago                                                                                                                                      magical_panini
3e592d5a43a4   wordfence-cli:latest                                      "wordfence malware-s…"   16 minutes ago      Exited (0) 15 minutes ago                                                                                                                                     exciting_hypatia
be6ef23db6c9   wordfence-cli:latest                                      "wordfence scan --ve…"   18 minutes ago      Exited (1) 18 minutes ago                                                                                                                                     stupefied_shamir
d6758307168e   wordfence-cli:latest                                      "wordfence scan --ve…"   18 minutes ago      Exited (1) 18 minutes ago                                                                                                                                     upbeat_golick
dcb2293d01e4   wordfence-cli:latest                                      "wordfence scan --ve…"   19 minutes ago      Exited (1) 18 minutes ago                                                                                                                                     pedantic_sutherland
e3c8278b2e4a   wordfence-cli:latest                                      "wordfence malware-s…"   19 minutes ago      Exited (0) 19 minutes ago                                                                                                                                     frosty_tu
[...]

Suggested options for fix: option 1 : When running in docker mode, have it do the scan after acquiring a license

option 2: modify the execution instructions to run interactively

$ docker run -it --entrypoint bash wordfence-cli
root@83e479bb827a:/venv# wordfence malware-scan /var/www

             ▓▓▓
        ▓▓▓▓▓   ▓▓▓▓▓          _       __               __  ____
  ▓▓▓▓▓▓▓           ▓▓▓▓▓▓▓   | |     / /___  _________/ / / __/__  ____  ________
 ▓▓           ▓           ▓▓  | | /| / / __ \/ ___/ __  /_/ /_/ _ \/ __ \/ ___/ _ \
▓▓     ▓▓    ▓▓▓    ▓▓     ▓▓ | |/ |/ / /_/ / /  / /_/ /_  __/  __/ / / / /__/  __/
▓▓      ▓     ▓     ▓      ▓▓ |__/|__/\____/_/   \____/ /_/  \___/_/ /_/\___/\___/
▓▓    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓    ▓▓                                       ____ _     ___
▓▓  ▓▓▓ ▓    ▓▓▓    ▓ ▓▓▓  ▓▓                                      / ___| |   |_ _|
▓▓▓▓▓   ▓    ▓▓▓    ▓   ▓▓▓▓▓                                     | |   | |    | |
 ▓▓     ▓   ▓▓ ▓▓   ▓     ▓▓                                      | |___| |___ | |
  ▓▓▓▓▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓                                        \____|_____|___|

Wordfence CLI cannot be used until it has been configured. Would you like to configure it now? [y/n] (default: n): y
Would you like to automatically request a free Wordfence CLI license? [y/n] (default: y): y
Your access to and use of Wordfence CLI Free edition is subject to the Wordfence CLI License Terms and Conditions set forth at https://www.wordfence.com/wordfence-cli-license-terms-and-conditions/. By entering "y" and selecting Enter, you agree that you have read and accept the Wordfence CLI License Terms and Conditions. [y/n] (default: n): y
Free Wordfence CLI license obtained successfully: c558a814dc7d6a6afc907ef6bdaefb0fdc7cfe007e9060ae6605a4716ea19c10773b065ab54732242f50895fcfd3253dc21f6d7bec85058c700782c9b522e4f00948c6443b79000a9a24296052fe48d9a11bc4680848e73c8f9c25ae5abdc43fda975234ac9505b39214a57028a6ab0a
Cache directory (default: ~/.cache/wordfence):
Number of worker processes (8 CPUs available) (default: 1):
Config saved to /root/.config/wordfence/wordfence-cli.ini
Wordfence CLI has been successfully configured and is now ready for use.
root@83e479bb827a:/venv# wordfence malware-scan /var/www
[..great success..]
akenion commented 9 months ago

I've added #128 to add more graceful handling when CLI needs to prompt for input, but can't.

Licenses are designed to be persistent, so having it acquire a license and them run a scan immediately in one invocation is not ideal. Instead, when running under Docker, a persistent volume should be used for the config and cache directories so that multiple invocations can reuse the same config. We will be updating the documentation accordingly.