Comments (11)
We will be implementing a non-interactive version of wordfence configure
in an upcoming release to support automated installation. Thanks for the suggestion @michaellehmkuhl.
from wordfence-cli.
@davidnuzik I agree on removing "Interactively" from the subcommand description since it can now be used non-interactively as well. I will proceed with that change.
As for the options used with wordfence configure
, the --default
/-D
flag can be used to specify that the default values should be used for any options that aren't explicitly specified, such as the cache directory.
I'll add two examples to the configure
command help output, one each for interactive and non-interactive configuration. I don't see a need to add the Register to receive...
message anywhere else at this point; it's already included with the --accept-terms
option which I think is sufficient.
from wordfence-cli.
I noticed this when I try to configure interactively (simply execute wordfence
for the first time to trigger interactive configure) - just following normal flow basically yes to all. Posting here since it's related to changes in this issue.
Wordfence CLI cannot be used until it has been configured. Would you like to configure it now? [y/n] (default: n): y
Would you like to automatically request a free Wordfence CLI license? [y/n] (default: y): y
Your access to and use of Wordfence CLI Free edition is subject to the Wordfence CLI License Terms and Conditions set forth at https://www.wordfence.com/wordfence-cli-license-terms-and-conditions/. By entering "y" and selecting Enter, you agree that you have read and accept the Wordfence CLI License Terms and Conditions. [y/n] (default: n): y
Free Wordfence CLI license obtained successfully: {free license key redacted}
Traceback (most recent call last):
File "/usr/local/bin/wordfence", line 8, in <module>
sys.exit(main())
^^^^^^
File "/home/david/dev/defiant/temp/wordfence-cli/venv/lib64/python3.11/site-packages/wordfence/cli/cli.py", line 202, in main
exit_code = cli.invoke()
^^^^^^^^^^^^
File "/home/david/dev/defiant/temp/wordfence-cli/venv/lib64/python3.11/site-packages/wordfence/cli/cli.py", line 175, in invoke
configurer.check_config()
File "/home/david/dev/defiant/temp/wordfence-cli/venv/lib64/python3.11/site-packages/wordfence/cli/configurer.py", line 409, in check_config
self.prompt_for_missing_config()
File "/home/david/dev/defiant/temp/wordfence-cli/venv/lib64/python3.11/site-packages/wordfence/cli/configurer.py", line 386, in prompt_for_missing_config
self.prompt_for_config()
File "/home/david/dev/defiant/temp/wordfence-cli/venv/lib64/python3.11/site-packages/wordfence/cli/configurer.py", line 327, in prompt_for_config
self._prompt_for_cache_directory()
File "/home/david/dev/defiant/temp/wordfence-cli/venv/lib64/python3.11/site-packages/wordfence/cli/configurer.py", line 271, in _prompt_for_cache_directory
if self.config.is_from_cli('cache_directory') or self.config.default:
^^^^^^^^^^^^^^^^^^^
AttributeError: 'Config' object has no attribute 'default'
from wordfence-cli.
To supported automated installation we need to make some modifications to how users can access the terms of service in order to have a legal acceptance of ToS. Updated terms to be provided by legal. The following includes new or updated behavior to accommodate the new automated installation.
-
terms
subcommand: to display the current terms along with the date of the terms update.- If not already included in the terms fetched from https://www.wordfence.com/wordfence-cli-license-terms-and-conditions, include this statement: "Register to receive updated Wordfence CLI Terms of Service via email at https://www.wordfence.com/products/wordfence-cli/#terms. Join our WordPress Security mailing list at https://www.wordfence.com/subscribe-to-the-wordfence-email-list/ to get security alerts, news, and research directly to your inbox.“
- Include line "Use --accept-terms to agree to the terms of service. (wordfence terms --accept terms)”
-
--accept terms
option: Anywhere the accept-terms param is documented, we must include a link to our terms URL, along with a mention of the wordfence terms subcommand that will allow viewing of our terms. Include it as the following:
"Automatically accept the terms required to invoke the specified command. The latest terms can be viewed using the
wordfence terms command and found at https://www.wordfence.com/wordfence-cli-license-terms-and-conditions/. Register to receive updated Wordfence CLI Terms of Service via email at https://www.wordfence.com/products/wordfence-cli/#terms. Join our WordPress Security mailing list at https://www.wordfence.com/subscribe-to-the-wordfence-email-list/ to get security alerts, news, and research directly to your inbox." -
Installing from command line: Continue to prompt for acceptance of terms during existing configuration calls such as when installing via
wordfence configure
or new installs from the command line, and when the --accept-terms option is omitted. Upon completing the configuration, following the line that states "The configuration for Wordfence CLI has been successfully updated." add the following:
"Register to receive updated Wordfence CLI Terms of Service via email at https://www.wordfence.com/products/wordfence-cli/#terms. Join our WordPress Security mailing list at https://www.wordfence.com/subscribe-to-the-wordfence-email-list/ to get security alerts, news, and research directly to your inbox.“
Updates to the Wordfence website to address the new CLI terms registration field will be documented in a separate case in the website repository.
from wordfence-cli.
Note, did initial testing at
4ddb7b0
. Will retest when is qa-ready, esp. w.r.t.terms
subcommand which requires new API.
I propose a couple of small tweaks @akenion
- Recommend we update
configure
definition.py such that "Interactively configure Wordfence CLI" now reads "Configure Wordfence CLI" since it can be done interactively or non-interactively now. Also, perhaps a couple of examples -- perhaps like:wordfence configure
Interactively configure Wordfence CLIwordfence configure --request-license --accept-terms --cache-directory=/tmp/wordfence --workers=2
Example configuring Wordfence CLI to automatically accept terms, request a free license, set custom cache-directory, and workers count.
Note, regarding the above -- would we have to also specifyRegister to receive updated Wordfence CLI Terms of Service via email at https://www.wordfence.com/products/wordfence-cli/#terms. Join our WordPress Security mailing list at https://www.wordfence.com/subscribe-to-the-wordfence-email-list/ to get security alerts, news, and research directly to your inbox.
? (possible, hopefully not). Also a thought -- advanced users configuring non-interactively perhaps don't need an example. (this could save us from a super long help/example if we have to supply that long explanation each time it's mentioned even in CLI help?) We may want to document though in the repo. I got tripped up on having to pass --cache-directory, else the non-interactive prompt I expected becomes interactive asking for me to specify it. I expected the CLI to use default cache dir.
from wordfence-cli.
@davidnuzik That issue should be resolved by #154.
from wordfence-cli.
v2.1.0rc4 11/30/23 (also tested with rc1 thru rc3 over the past week at various times, majority of testing done with rc4 to ensure all works as expected)
SUMMARY:
QA validation PASSED. I was successfully able to leverage all aspects of the new non-interactive configuration capabilities and did not find any issues after the aforementioned issues were fixed. I also am working on some Wordfence CLI automation and was able to utilize it to perform some validation on the cli in a non-interactive way. All means of testing either via a script, my automation, or with a tty work as I would expect.
VALIDATION STEPS
- Test usage of
configure
subcommand in a non-interactive way on my tty, commands like as follows for example all work for me (note that -o to overwrite is always required if a config ini exists already on disk)
wordfence configure --request-license --accept-terms -D
wordfence configure --request-license --accept-terms --workers 3 -D -o
wordfence configure --request-license --accept-terms --workers 3 --cache-directory /tmp/tempCache -o
wordfence configure -l <valid_license> --accept-terms -D -o
- ...and more variations all tested, such as order of args, not passing various (such as to ensure --accept-terms is always required, not passing -o doesn't allow overwriting, etc. Additional tests included (but are not limited to): checking that if cache-directory is not writable configuration is not allowed to continue, passing -c <config.ini> as well and ensuring it works as expected, not passing -D flag (where needed) results in the command not succeeding, and more. Various test cases were added to our internal regression test doc.
- Test but via a bash script the some of the most common ways of configure non-interactively.
- Test but via automation I am building using BATS some of the most common ways of configure non-interactively.
- Check the CLI help for
--accept-terms
- it should mention the following (it does):
--accept-terms Automatically accept the terms required to invoke the specified command. The latest terms can be viewed using the wordfence terms command and found at https://www.wordfence.com/wordfence-cli-license-terms-and-conditions/. Register to receive updated Wordfence CLI Terms of
Service via email at https://www.wordfence.com/products/wordfence-cli/#terms. Join our WordPress Security mailing list at https://www.wordfence.com/subscribe-to-the-wordfence-email-list/ to get security alerts, news, and research directly to your inbox.at https://www.wordfence.com/subscribe-to-the-wordfence-email-list/ to get security alerts, news, and research directly to your inbox.
- Check that for step for the URLs also work (they do). However, do note that the anchor to #terms on the /products/wordfence-cli on our website isn't there just yet -- we have an issue open internally to track adding this.
- Check that
wordfence terms
works as expected (it does). I spot checked the terms by checking that each section was there and the first and last paragraph show in the CLI. There is also a line after the terms that repeats the block of text above under step four.
NOTES:
Note the CLI help was updated as well, an example is provided for interactive and non-interactive configure now. This change looks good and makes sense to me.
My testing was pretty exhaustive and included a lot of exploratory testing; I am confident non-interactive configure should work in 99%+ of situations but it could be possible strange values passed to these arguments, unique environments, etc could result in issues. I used my best judgement while testing and tested in a few different linux environments, although I basically smoke tested environments outside of Ubuntu 22.04.
from wordfence-cli.
Reopening.
Now on my environment with the same rc4 I have been seeing the following as per slack discussion with Alex:
david@ilovelamp:~$ ./wordfence-v2.1.0rc4-binary configure --request-license --accept-terms --workers 8 -D -o --debug
Current license: 734d<REDACTED>b8d
Free Wordfence CLI license obtained successfully: e306<REDACTED>ac2e
Writing config to /home/david/.config/wordfence/wordfence-cli.ini...
Config saved to /home/david/.config/wordfence/wordfence-cli.ini
Traceback (most recent call last):
File "main.py", line 4, in <module>
File "wordfence/cli/cli.py", line 173, in main
File "wordfence/cli/cli.py", line 43, in process_exception
File "wordfence/cli/cli.py", line 171, in main
File "wordfence/cli/cli.py", line 164, in invoke
File "wordfence/cli/configure/configure.py", line 21, in invoke
File "wordfence/cli/configurer.py", line 348, in prompt_for_config
NameError: name 'license' is not defined
[1106495] Failed to execute script 'main' due to unhandled exception!
from wordfence-cli.
v2.1.0rc5 12/1/23
SUMMARY:
QA validation PASSED. I can confirm the latest reported issue (my last comment) is now resolved. It was an environmental problem and as such other QA did not observe this; that said it was something worth fixing as others could possibly run into it. The issue is now resolved (a la PR number 179) in my environment where I originally saw the issue (and could reproduce each time prior to the fix).
VALIDATION STEPS
- On my environment where I reproduced the problem "Error: 'license' is not defined", attempt to run the same command again but with RC5 -- the command now succeeds without issue. Smoke test of vuln-scan and malware-scan look good.
from wordfence-cli.
Reopening 12/12/23 - v2.1.0rc[1-8]
I noticed last night while writing out automation for the terms
subcommand that a license needs to be passed or configuration done. My apologies for not finding this sooner during regression testing. I've added this as a test case for our regression test plan so its checked going forward. I am also adding automation for this to check that wordfence terms
does not require any prior configuration or a license passed.
from wordfence-cli.
v2.1.0rc9 12/12/23
I can confirm I can run wordfence terms
now without any issues in an environment that has not configure
'd before (no .cache/wordfence folder and .config/wordfence folder. The terms are displayed without issue and show all expected content.Passing this issue.
from wordfence-cli.
Related Issues (20)
- Result queue can fill up causing malware scans to hang
- Feature: First Scan, Incremental Scan and On-demand Scan HOT 2
- Input from stdin isn't processed until an entire chunk is available HOT 1
- New Wordfence CLI install produces "Latin-1" UnicodeEncodeError HOT 11
- CLI misses malware reported by plugin HOT 2
- Implement vectorscan support to improve malware scan performance HOT 9
- On MacOS, when you remediate one or more files and enable debug logging, FileType.<TYPE> is output HOT 1
- Feature Request: Add argument to skip api.github.com version check HOT 2
- Inconsistent exit code with remediate depending on if install via pip or binary HOT 2
- Missing RPM from the crb repo HOT 2
- Add public contribution and security guidelines
- Add option to limit CPU usage for malware scans
- Non-ASCII characters in filenames can result in encoding errors HOT 9
- Error: 'bytes' object has no attribute 'encode' HOT 7
- Error: 'utf-8' codec can't decode byte 0xfc in position 62: invalid start byte HOT 7
- File name filtering error HOT 1
- Document `--email` file attachment capability HOT 3
- Remove version number from tracked file
- Use a specific/identifiable user agent when making requests to Wordfence APIs
- Gracefully handle rate-limited responses from the Wordfence APIs
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wordfence-cli.