search

wordfence / wordfence-cli

Wordfence malware and vulnerability scanner command line utility.
https://www.wordfence.com/products/wordfence-cli/
GNU General Public License v3.0
100 stars 20 forks source link

Inconsistent exit code with remediate depending on if install via pip or binary #244

Closed davidnuzik closed 3 months ago

davidnuzik commented 4 months ago

Summary:

Depending on if I install via the pip install method or just use one of the build binaries when I remediate files I seem to always get a 1 exit code with the pip install version of wordfence, and always a 0 exit code with the binary build provided by the release build process.

This difference in behavior could be an issue in some situations where the user depends on a 0 exit code if remediation was successful.

Environment:

(Any supported system) v4.0.1rc1 v3.0.2 (i.e. this is an existing issue)

Steps to Reproduce:

  1. Install via pip method
  2. Remediate a folder, such as a plugin -- if you have akismet for example remediate the entire folder it should only take 30 or less seconds.
  3. echo $? right after completion -- exit code is 1 - there were a couple files that could NOT be remediated in my case since I have .htaccess for example and its not a known file (not part of the WP repo / plugin repo).
  4. Do the same as above except just use the binary provided with rc1 -- the exit code is always 0 in this case
  5. Optionally, test in v3.0.2 and you will see the same issue.

Expected Result: Expected consistent exit code. Probably a code of 0 even if there are some warnings/errors during remediation. My opinion is a non-zero exit code is more conducive of a complete failure of remediation or some critical issue resulting in not a single file being remediated.

Actual Result: Inconsistent exit code (pip install exit 1, binary install exit 0)

Additional Info: This was found using automation I have built and likely would not have been found otherwise, I'll look into building more tests to cover exit codes.

akenion commented 4 months ago

This is actually due to differences in invoking CLI as a Python module (i.e. python3 -m wordfence.cli.cli) and invoking the main.py script in the repo directly. The latter did not set the exit code properly. This has now been corrected.

davidnuzik commented 4 months ago

v4.0.1rc2 5/8/24

SUMMARY: QA validation PASSED. I now get exit code 1 in all cases (i.e. PIP install or not). This is because the particular folder being scanned has 1 or more files that are not known / not part of the WordPress or WP plugin repos so there are 1 or more warnings -- we SHOULD exit non-zero so this is good.

VALIDATION STEPS Follow steps outlined in the issue description - now whether I installed wordfence via the pip install method or otherwise (such as .deb package or just use the binary) I always get exit code 1 in my case. If everything remediates correctly and all files are remediated then I get an exit code of zero, as expected.