From a93d14df18e3a62e48d8774594ee74e7adba7850 Mon Sep 17 00:00:00 2001 From: Brandon Kraft Date: Tue, 17 Dec 2024 16:13:53 -0600 Subject: [PATCH 1/2] Create SECURITY.md (#16) --- SECURITY.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..372dd06 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,5 @@ +# Reporting Security Issues + +The WordPress community take security bugs seriously. We appreciate your efforts to disclose your findings responsibly and will make every effort to acknowledge your contributions. + +To report a security issue, please visit the [WordPress HackerOne](https://hackerone.com/wordpress) program. From 1c6c0d4147ab261dd69590c7fd7c1c7826b80fb5 Mon Sep 17 00:00:00 2001 From: Brandon Kraft Date: Wed, 18 Dec 2024 14:42:46 -0600 Subject: [PATCH 2/2] Github Action: Add phpcs checks (#17) * Add github action, phpcs-changed, and pre-commit hook via Husky props bjorsch --- .github/workflows/phpcs.yml | 36 ++++++++++++++++++++ .husky/pre-commit | 2 ++ .husky/pre-commit-phpcbf.sh | 49 +++++++++++++++++++++++++++ composer.json | 3 +- composer.lock | 66 +++++++++++++++++++++++++++++++++---- package-lock.json | 33 +++++++++++++++---- package.json | 4 ++- 7 files changed, 178 insertions(+), 15 deletions(-) create mode 100644 .github/workflows/phpcs.yml create mode 100644 .husky/pre-commit create mode 100644 .husky/pre-commit-phpcbf.sh diff --git a/.github/workflows/phpcs.yml b/.github/workflows/phpcs.yml new file mode 100644 index 0000000..5015d7b --- /dev/null +++ b/.github/workflows/phpcs.yml @@ -0,0 +1,36 @@ +name: Code Standards +on: + pull_request: + +jobs: + phpcs: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Required for phpcs-changed to compare with base branch + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.1' + tools: composer:v2 + + - name: Install Dependencies + run: composer install + + - name: Run PHPCS on changed files + env: + BASE_REF: ${{ github.base_ref }} + run: | + CHANGED_FILES=$(git diff --name-only --no-renames --diff-filter=d "origin/$BASE_REF" '*.php' || true) + if [[ -n "$CHANGED_FILES" ]]; then + vendor/bin/phpcs-changed \ + --git-base="origin/$BASE_REF" \ + --phpcs-path=vendor/bin/phpcs \ + --standard=.phpcs.xml.dist \ + $CHANGED_FILES + else + echo "No PHP files changed" + fi \ No newline at end of file diff --git a/.husky/pre-commit b/.husky/pre-commit new file mode 100644 index 0000000..fcbf954 --- /dev/null +++ b/.husky/pre-commit @@ -0,0 +1,2 @@ +#!/bin/sh +. .husky/pre-commit-phpcbf.sh \ No newline at end of file diff --git a/.husky/pre-commit-phpcbf.sh b/.husky/pre-commit-phpcbf.sh new file mode 100644 index 0000000..0a9b82e --- /dev/null +++ b/.husky/pre-commit-phpcbf.sh @@ -0,0 +1,49 @@ +#!/bin/sh + +# Disable exit on error since we handle exit codes manually +set +e + +# Get list of staged PHP files +STAGED_PHP_FILES=$(git diff --cached --name-only --no-renames --diff-filter=d '*.php' ) + +# Exit if no PHP files are staged +if [ -z "$STAGED_PHP_FILES" ]; then + exit 0 +fi + +echo "Running PHPCBF on staged files..." + +# First try to fix what we can with PHPCBF +echo "$STAGED_PHP_FILES" | xargs vendor/bin/phpcbf + +# Check the return code +PHPCBF_STATUS=$? + +# If files were fixed, add them back to staging +if [ $PHPCBF_STATUS -ne 3 ]; then + echo "$STAGED_PHP_FILES" | xargs git add + + if [ $PHPCBF_STATUS -eq 1 ] || [ $PHPCBF_STATUS -eq 2 ]; then + echo "" + echo "Some errors were fixed by PHPCBF, but not all. Continuing with phpcs-changed for remaining errors on lines changed by this PR." + fi +fi + +# Now run phpcs-changed to check only modified lines +echo "Checking modified lines with phpcs-changed..." + +vendor/bin/phpcs-changed\ + --git-staged\ + --phpcs-path=vendor/bin/phpcs\ + --standard=.phpcs.xml.dist\ + $STAGED_PHP_FILES + +PHPCS_STATUS=$? + +if [ $PHPCS_STATUS -ne 0 ]; then + echo "⛔️ Found coding standards violations in changed lines. Please fix them before committing." + exit 1 +fi + +echo "✅ All coding standards checks passed!" +exit 0 \ No newline at end of file diff --git a/composer.json b/composer.json index 8ad81c8..47c9d9b 100644 --- a/composer.json +++ b/composer.json @@ -15,6 +15,7 @@ }, "require-dev": { "wp-coding-standards/wpcs": "^3.0", - "phpcompatibility/phpcompatibility-wp": "^2.1" + "phpcompatibility/phpcompatibility-wp": "^2.1", + "sirbrillig/phpcs-changed": "^2.11" } } diff --git a/composer.lock b/composer.lock index 7372819..73b8131 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "c72f7b548e828a10d1c3b9665cbc1064", + "content-hash": "0bb833be87c3ffe2c1cb6be003952af5", "packages": [], "packages-dev": [ { @@ -455,18 +455,72 @@ ], "time": "2024-05-20T13:34:27+00:00" }, + { + "name": "sirbrillig/phpcs-changed", + "version": "v2.11.6", + "source": { + "type": "git", + "url": "https://github.com/sirbrillig/phpcs-changed.git", + "reference": "284c394d7c5fd292a8876be6edb18781c28d612a" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sirbrillig/phpcs-changed/zipball/284c394d7c5fd292a8876be6edb18781c28d612a", + "reference": "284c394d7c5fd292a8876be6edb18781c28d612a", + "shasum": "" + }, + "require": { + "php": "^7.1 || ^8.0" + }, + "require-dev": { + "dealerdirect/phpcodesniffer-composer-installer": "^0.7.1", + "phpunit/phpunit": "^6.4 || ^9.5", + "sirbrillig/phpcs-variable-analysis": "^2.1.3", + "squizlabs/php_codesniffer": "^3.2.1", + "vimeo/psalm": "^0.2 || ^0.3 || ^1.1 || ^4.24 || ^5.0@beta" + }, + "bin": [ + "bin/phpcs-changed" + ], + "type": "library", + "autoload": { + "files": [ + "PhpcsChanged/Cli.php", + "PhpcsChanged/functions.php" + ], + "psr-4": { + "PhpcsChanged\\": "PhpcsChanged/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Payton Swick", + "email": "payton@foolord.com" + } + ], + "description": "Run phpcs on files, but only report warnings/errors from lines which were changed.", + "support": { + "issues": "https://github.com/sirbrillig/phpcs-changed/issues", + "source": "https://github.com/sirbrillig/phpcs-changed/tree/v2.11.6" + }, + "time": "2024-12-15T17:22:37+00:00" + }, { "name": "squizlabs/php_codesniffer", - "version": "3.11.1", + "version": "3.11.2", "source": { "type": "git", "url": "https://github.com/PHPCSStandards/PHP_CodeSniffer.git", - "reference": "19473c30efe4f7b3cd42522d0b2e6e7f243c6f87" + "reference": "1368f4a58c3c52114b86b1abe8f4098869cb0079" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/19473c30efe4f7b3cd42522d0b2e6e7f243c6f87", - "reference": "19473c30efe4f7b3cd42522d0b2e6e7f243c6f87", + "url": "https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/1368f4a58c3c52114b86b1abe8f4098869cb0079", + "reference": "1368f4a58c3c52114b86b1abe8f4098869cb0079", "shasum": "" }, "require": { @@ -533,7 +587,7 @@ "type": "open_collective" } ], - "time": "2024-11-16T12:02:36+00:00" + "time": "2024-12-11T16:04:26+00:00" }, { "name": "wp-coding-standards/wpcs", diff --git a/package-lock.json b/package-lock.json index d21b9fa..591b66e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,5 +1,5 @@ { - "name": "secure-custom-fields-wporg", + "name": "secure-custom-fields", "lockfileVersion": 3, "requires": true, "packages": { @@ -14,6 +14,7 @@ "babel-loader": "^9.2.1", "css-loader": "^7.1.2", "css-minimizer-webpack-plugin": "^7.0.0", + "husky": "^9.0.11", "mini-css-extract-plugin": "^2.9.1", "sass": "^1.79.5", "sass-loader": "^16.0.2", @@ -2650,10 +2651,11 @@ } }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, + "license": "MIT", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", @@ -3288,6 +3290,22 @@ "node": ">= 0.4" } }, + "node_modules/husky": { + "version": "9.1.7", + "resolved": "https://registry.npmjs.org/husky/-/husky-9.1.7.tgz", + "integrity": "sha512-5gs5ytaNjBrh5Ow3zrvdUUY+0VxIuWVL4i9irt6friV+BqdCfmV11CQTWMiBYWHbXhco+J1kHfTOUkePhCDvMA==", + "dev": true, + "license": "MIT", + "bin": { + "husky": "bin.js" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/typicode" + } + }, "node_modules/icss-utils": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/icss-utils/-/icss-utils-5.1.0.tgz", @@ -3807,9 +3825,9 @@ "dev": true }, "node_modules/nanoid": { - "version": "3.3.7", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", - "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", + "version": "3.3.8", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz", + "integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==", "dev": true, "funding": [ { @@ -3817,6 +3835,7 @@ "url": "https://github.com/sponsors/ai" } ], + "license": "MIT", "bin": { "nanoid": "bin/nanoid.cjs" }, diff --git a/package.json b/package.json index 1bad268..4f85f10 100644 --- a/package.json +++ b/package.json @@ -6,6 +6,7 @@ "babel-loader": "^9.2.1", "css-loader": "^7.1.2", "css-minimizer-webpack-plugin": "^7.0.0", + "husky": "^9.0.11", "mini-css-extract-plugin": "^2.9.1", "sass": "^1.79.5", "sass-loader": "^16.0.2", @@ -17,7 +18,8 @@ "scripts": { "build": "webpack", "watch": "webpack --watch", - "clean": "rm -rf assets/build/js/*.js assets/build/css/*.css assets/build/js/*.map assets/build/css/*.map assets/build/css/*.js" + "clean": "rm -rf assets/build/js/*.js assets/build/css/*.css assets/build/js/*.map assets/build/css/*.map assets/build/css/*.js", + "prepare": "husky" }, "dependencies": { "md5": "^2.3.0"