Comments (1)
QA PASS
Tested with 1.1.0 binary and v2.0.1rc4 binary
Behavior is unchanged regardless of environment or installation method (based on prior exploratory testing with licensing and configs) so only tested with Ubuntu 22.04.3 and binaries here.
SUMMARY:
QA PASS - behaves as expected. Any prior 1.x config entry for [SCAN] gets migrated accordingly when update config when prompted with 2.0.1rc4 (more details on this in the NOTES section below). The tool behaves as I would expect after upgrading the config INI. The process is as Alex described in the issue summary (i.e. the prompts and process are as described).
DETAIL/FINDINGS:
For the flowing scenarios ensure upgrade works as expected and that malware-scan and vuln-scan work as expected:
- Test by installing 1.1.0 and configuring with free license, upgrade to 2.0.1rc4 by using the rc4 binary on the command line instead of the 1.1.0 binary. When prompted to update configuration answer yes but use the old/existing license key defined in the INI.
--- Test again, but this time with 1.1.0 pick unique config settings such as a different cache directory (non-default) and a worker count of "3" for example. When update config ensure keeps these settings unless changed by user. Looks like the worker process count doesn't get detected, always defaults to '1' but this may be expected. I mentioned it to the team. - Test as described above but overwrite old free license with new free license key automatically obtained from server.
- Test but with a premium license key with 1.1.0, then upgrade and use the old key. Still should work as expected.
- Test but when prompt to update config answering "n" for no works as expected (just gracefully exists
0
and takes you back to the command line) - Test just like above, but now try to use the tool anyway without updating the config - try to run
wordfence malware-scan .
for example. This indeed does not allow the user to continue and still prompts to update config INI, as expected. - Throughout all testing, ensure that during prompts, defaults (prior config settings) show and can opt to chose to keep them as they are or modify them and INI gets updated appropriately. (note the exception I mentioned in italics above regarding worker process count)
NOTES:
FYI: There was much more additional testing done w.r.t. licensing, upgrades, configuration/INI file, and various environments not described here during recent exploratory testing.
Here is an example of INI upgrade / migrate behavior when upgrade to 2.0.1rc4. The following assumes you are keeping your settings:
For example, config from 1.1.0:
[SCAN]
license = <license_here>
cache_directory = ~/.cache/wordfence
workers = 8
Becomes:
[DEFAULT]
license = <same_license_here>
cache_directory = ~/.cache/wordfence
[MALWARE_SCAN]
workers = 8
Once upgraded and configure by answering "y" for yes to prompt to update configuration file and manually picking '8' for worker processes again (default is '1' currently).
Therefore we can see that malware-scan specific settings get moved from [SCAN] section into the new [MALWARE_SCAN] section which replaces [SCAN]. Whereas the license key and cache directory are general settings and thus in a new [DEFAULT] section.
from wordfence-cli.
Related Issues (20)
- Symlink detection, warning and scanning are not working as intended HOT 4
- Valid args placed in wordfence-cli.ini file result in "Ignoring unknown config setting" message even though they work HOT 2
- Supplying either -i (--include-vulnerability) or -e (--exclude-vulnerability) with a CVE ID with capital letters results in warning message "Unrecognized vulnerability identifier" HOT 1
- Mac: Error when using -x and -n options to include or exclude file(s) HOT 1
- Improve symlink handling for vuln-scan HOT 4
- Build RPM package HOT 2
- Add subcommand to count number of WordPress installations HOT 9
- Scanning directory containing sibling symlinks results in files being scanned multiple times HOT 3
- Scanning for sites with count-sites or vuln-scan on Mac fails when symlinks are present HOT 2
- Add status and error column to non-human output for all applicible subcommands
- Add number of sites scanned to the end of vuln-scan results
- Clarify error message in the event a scan does not complete due to IO error HOT 5
- Result queue can fill up causing malware scans to hang
- Feature: First Scan, Incremental Scan and On-demand Scan HOT 2
- Input from stdin isn't processed until an entire chunk is available HOT 1
- New Wordfence CLI install produces "Latin-1" UnicodeEncodeError HOT 11
- CLI misses malware reported by plugin HOT 2
- Implement vectorscan support to improve malware scan performance HOT 9
- On MacOS, when you remediate one or more files and enable debug logging, FileType.<TYPE> is output HOT 1
- Feature Request: Add argument to skip api.github.com version check HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wordfence-cli.