Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Labs: GitHub-177: Randomly generate log file's name to enhance log file's security #311

Closed
wants to merge 12 commits into from
Closed

Labs: GitHub-177: Randomly generate log file's name to enhance log file's security #311

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
3ac7635
Update log file path from uploads to web-root
Oct 3, 2023
be967cd
Revert old changes
Jan 10, 2024
ea621a3
Generate log file name randomly generated
Jan 10, 2024
e998277
Fixing playwright tests
Jan 10, 2024
2f7adba
Update playwright config
Jan 10, 2024
ee0c948
Merge develop and resolve conflicts
Jan 10, 2024
37ca5b6
Revert the test change
Jan 10, 2024
bdaab40
Test: Disable theme activation step
thelovekesh Jan 10, 2024
a403dbf
Update playwright test command
Jan 11, 2024
63be4f7
Revert the test change
Jan 11, 2024
3602935
Update playwright test command
Jan 11, 2024
3760032
Add tailing name of the file
Jan 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .github/ci/main.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ function start_services() {
# Create, setup and populate learn.rtcamp.com base site with data
function create_and_configure_site () {

ee site create $SITE_NAME --wp --php74
ee site create $SITE_NAME --wp --php74
cd $SITE_ROOT/wp-content/plugins/
rm -rf nginx-helper
ls
Expand All @@ -36,7 +36,7 @@ function create_and_configure_site () {
ls
wp plugin activate nginx-helper --allow-root
wp user create automation [email protected] --role=administrator --user_pass=automation --allow-root
wp theme activate twentytwentyone --allow-root
# wp theme activate twentytwentyone --allow-root
}


Expand Down Expand Up @@ -96,4 +96,4 @@ function main() {
run_playwright_tests
}

main
main
43 changes: 41 additions & 2 deletions admin/class-nginx-helper-admin.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -261,6 +261,7 @@ public function nginx_helper_default_settings() {
'enable_map' => 0,
'enable_log' => 0,
'log_level' => 'INFO',
'log_file_path' => '',
'log_filesize' => '5',
'enable_stamp' => 0,
'purge_homepage_on_edit' => 1,
Expand Down Expand Up @@ -373,6 +374,45 @@ public function functional_asset_url() {

}

/**
* Retrieve log file's name.
*
* @since 2.0.0
* @return string log file name of the plugin.
*/
public function get_log_file_name() {

$options = get_site_option( 'rt_wp_nginx_helper_options', array() );

if ( ! empty( $options ) && ! empty( $options['log_file_path'] ) ) {

return $options['log_file_path'];
}

// Generate random log file name.
$file_name = wp_generate_password( 10, false );

// Append extension.
$file_name = $file_name . '-nginx.log';

$options['log_file_path'] = $file_name;

update_site_option( 'rt_wp_nginx_helper_options', $options );

return $file_name;
}

/**
* Get log file's full path.
*
* @since 2.0.0
* @return string file path.
*/
public function get_log_file_full_path() {

return $this->functional_asset_path() . $this->get_log_file_name();
}

/**
* Get latest news.
*
Expand Down Expand Up @@ -732,10 +772,9 @@ public function purge_all() {
}

if ( 'purge' === $action ) {

/**
* Fire an action after the entire cache has been purged whatever caching type is used.
*
*
* @since 2.2.2
*/
do_action( 'rt_nginx_helper_after_purge_all' );
Expand Down
4 changes: 2 additions & 2 deletions admin/class-purger.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -542,7 +542,7 @@ public function log( $msg, $level = 'INFO' ) {

if ( $log_levels[ $level ] >= $log_levels[ $nginx_helper_admin->options['log_level'] ] ) {

$fp = fopen( $nginx_helper_admin->functional_asset_path() . 'nginx.log', 'a+' );
$fp = fopen( $nginx_helper_admin->get_log_file_full_path(), 'a+' );
if ( $fp ) {

fwrite( $fp, "\n" . gmdate( 'Y-m-d H:i:s ' ) . ' | ' . $level . ' | ' . $msg );
Expand All @@ -566,7 +566,7 @@ public function check_and_truncate_log_file() {
return;
}

$nginx_asset_path = $nginx_helper_admin->functional_asset_path() . 'nginx.log';
$nginx_asset_path = $nginx_helper_admin->get_log_file_full_path();

if ( ! file_exists( $nginx_asset_path ) ) {
return;
Expand Down
21 changes: 12 additions & 9 deletions admin/partials/nginx-helper-general-options.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,15 +67,18 @@
$nginx_helper_admin->update_map();
}

$nginx_settings['log_file_path'] = $nginx_helper_admin->get_log_file_name();

update_site_option( 'rt_wp_nginx_helper_options', $nginx_settings );

echo '<div class="updated"><p>' . esc_html__( 'Settings saved.', 'nginx-helper' ) . '</p></div>';

}

$nginx_helper_settings = $nginx_helper_admin->nginx_helper_settings();
$log_path = $nginx_helper_admin->functional_asset_path();
$log_url = $nginx_helper_admin->functional_asset_url();
$nginx_helper_settings = $nginx_helper_admin->nginx_helper_settings();
$log_path = $nginx_helper_admin->functional_asset_path();
$log_path_with_file_name = $nginx_helper_admin->get_log_file_full_path();
$log_url = $nginx_helper_admin->functional_asset_url();

/**
* Get setting url for single multiple with subdomain OR multiple with subdirectory site.
Expand Down Expand Up @@ -635,11 +638,11 @@
if ( ! is_dir( $log_path ) ) {
mkdir( $log_path );
}
if ( is_writable( $log_path ) && ! file_exists( $log_path . 'nginx.log' ) ) {
$log = fopen( $log_path . 'nginx.log', 'w' );
if ( is_writable( $log_path ) && ! file_exists( $log_path_with_file_name ) ) {
$log = fopen( $log_path_with_file_name, 'w' );
fclose( $log );
}
if ( ! is_writable( $log_path . 'nginx.log' ) ) {
if ( ! is_writable( $log_path_with_file_name ) ) {
?>
<span class="error fade" style="display : block">
<p>
Expand All @@ -650,7 +653,7 @@
sprintf(
// translators: %s file url.
__( 'Check you have write permission on <strong>%s</strong>', 'nginx-helper' ),
esc_url( $log_path . 'nginx.log' )
esc_url( $log_path_with_file_name )
),
array( 'strong' => array() )
);
Expand All @@ -671,7 +674,7 @@
</th>
<td>
<code>
<?php echo esc_url( $log_path . 'nginx.log' ); ?>
<?php echo esc_url( $log_path_with_file_name ); ?>
</code>
</td>
</tr>
Expand All @@ -682,7 +685,7 @@
</label>
</th>
<td>
<a target="_blank" href="<?php echo esc_url( $log_url . 'nginx.log' ); ?>">
<a target="_blank" href="<?php echo esc_url( $log_url . $nginx_helper_admin->get_log_file_name() ); ?>">
<?php esc_html_e( 'Log', 'nginx-helper' ); ?>
</a>
</td>
Expand Down
6 changes: 3 additions & 3 deletions tests/e2e-playwright/playwright.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ const config: PlaywrightTestConfig = {
["html", { open: "never" }],
["junit", { outputFile: "playwright-report/results.xml" }],
[
"playwright-tesults-reporter",
{ "tesults-target": process.env.TESRESULT_TOKEN },
"playwright-tesults-reporter",
{ "tesults-target": process.env.TESRESULT_TOKEN },
],
],
forbidOnly: !! process.env.CI,
Expand Down Expand Up @@ -63,4 +63,4 @@ const config: PlaywrightTestConfig = {
],
};

export default config;
export default config;