use the new get_wp_vuln_api_token function

pantheon-systems · May 24, 2023 · 50025a4 · 50025a4
1 parent 854b28f
commit 50025a4
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 29 deletions.
diff --git a/php/pantheon/checks/plugins.php b/php/pantheon/checks/plugins.php
@@ -11,6 +11,8 @@ class Plugins extends Checkimplementation {
 	public $check_all_plugins;
 
 	public function __construct($check_all_plugins) {
+		require_once __DIR__ . '/namespace.php';
+
 		$this->check_all_plugins = $check_all_plugins;
 	}
 
@@ -37,7 +39,7 @@ public function run() {
 		$all_plugins = Utils::sanitize_data( get_plugins() );
 		$update = Utils::sanitize_data( get_plugin_updates() );
 		$report = array();
-		$should_check_vulnerabilities = $this->getWpScanApiToken();
+		$should_check_vulnerabilities = $this->getWpVulnApiToken();
 		$vulnerable = false;
 
 		foreach( $all_plugins as $plugin_path => $data ) {
@@ -87,7 +89,7 @@ public function run() {
 	protected function getPluginVulnerability( $plugin_slug )
 	{
 		// Get the vulnerability API token from the platform
-		$wpvulndb_api_token = $this->getWpScanApiToken();
+		$wpvulndb_api_token = $this->getWpVulnApiToken();
 
 		// Fail silently if there is no API token.
 		if( false === $wpvulndb_api_token || empty( $wpvulndb_api_token ) ) {
@@ -130,27 +132,6 @@ protected function getPluginVulnerability( $plugin_slug )
 		return $result[$plugin_slug];
 	}
 
-
-	protected function getWpScanApiToken() {
-		if ( defined( 'WPSCAN_API_TOKEN' ) ) {
-			// Don't use WPSCAN if PANTHEON_WPSCAN_ENVIRONMENTS have not been specified.
-			if( ! defined( 'PANTHEON_WPSCAN_ENVIRONMENTS' ) ) {
-				return false;
-			}
-
-			$environments = ( ! is_array( PANTHEON_WPSCAN_ENVIRONMENTS ) ) ? explode( ',', PANTHEON_WPSCAN_ENVIRONMENTS ) : PANTHEON_WPSCAN_ENVIRONMENTS;
-
-			// Only run WPSCAN on the specified environments unless it's been configured to run on all (*).
-			if ( in_array( getenv( 'PANTHEON_ENVIRONMENT' ), $environments, true ) || in_array( '*', $environments, true ) ) {
-				return WPSCAN_API_TOKEN;
-			}
-		}
-
-		// TODO: Replace this PANTHEON_WPVULNDB_API_TOKEN with a new Patchstack API token.
-		// return getenv( 'PANTHEON_WPVULNDB_API_TOKEN' );
-		return false;
-	}
-
 	/**
 	* Checks a plugin by slug and version for vulnerabilities
 	* @param $plugin_slug string (required) string representing the plugin slug
@@ -200,7 +181,7 @@ public function message(Messenger $messenger) {
 		$plugin_message = __( 'You should update all out-of-date plugins' );
 		$vuln_message = __( 'Update plugins to fix vulnerabilities' );
 		$no_plugins_message = __( 'No plugins found' );
-		$should_check_vulnerabilities = $this->getWpScanApiToken();
+		$should_check_vulnerabilities = Common\get_wp_vuln_api_token();
 
 		if (!empty($this->alerts)) {
 			$headers = array(

diff --git a/php/pantheon/checks/themes.php b/php/pantheon/checks/themes.php
@@ -12,6 +12,8 @@ class Themes extends Checkimplementation {
 	public $alerts = array();
 
 	public function __construct($check_all_themes) {
+		require_once __DIR__ . '/namespace.php';
+
 		$this->check_all_themes = $check_all_themes;
 	}
 
@@ -38,7 +40,7 @@ public function run() {
 		$all_themes = Utils::sanitize_data( wp_get_themes() );
 		$update = Utils::sanitize_data( get_theme_updates() );
 		$report = array();
-		$should_check_vulnerabilities = $this->getWpVulnApiToken();
+		$should_check_vulnerabilities = Common\get_wp_vuln_api_token();
 		$vulnerable = false;
 
 		foreach( $all_themes as $theme_path => $data ) {
@@ -99,7 +101,7 @@ protected function getWpVulnApiToken() {
 		if ( defined( 'WPSCAN_API_TOKEN' ) ) {
 			// Don't use WPSCAN if PANTHEON_WPSCAN_ENVIRONMENTS have not been specified.
 			if( ! defined( 'PANTHEON_WPSCAN_ENVIRONMENTS' ) ) {
-				return false;
+				return '';
 			}
 
 			$environments = ( ! is_array( PANTHEON_WPSCAN_ENVIRONMENTS ) ) ? explode( ',', PANTHEON_WPSCAN_ENVIRONMENTS ) : PANTHEON_WPSCAN_ENVIRONMENTS;
@@ -112,7 +114,7 @@ protected function getWpVulnApiToken() {
 
 		// TODO: Replace this PANTHEON_WPVULNDB_API_TOKEN with a new Patchstack API token.
 		// return getenv( 'PANTHEON_WPVULNDB_API_TOKEN' );
-		return false;
+		return '';
 	}
 
 	/**
@@ -124,7 +126,7 @@ protected function getWpVulnApiToken() {
 	 * @todo Refactor this to use the Patchstack API
 	 */
 	protected function getThemeVulnerability($theme_slug ) {
-		$wpvulndb_api_token = $this->getWpVulnApiToken();
+		$wpvulndb_api_token = Common\get_wp_vuln_api_token();
 
 		// Fail silently if there is no API token.
 		if( false === $wpvulndb_api_token || empty( $wpvulndb_api_token ) ) {
@@ -214,7 +216,7 @@ public function is_vulnerable($theme_slug, $current_version) {
 
 	public function message(Messenger $messenger) {
 		if (!empty($this->alerts)) {
-			$should_check_vulnerabilities = $this->getWpVulnApiToken();
+			$should_check_vulnerabilities = Common\get_wp_vuln_api_token();
 			$theme_message = __( 'You should update all out-of-date themes' );
 			$vuln_message = __( 'Update themes to fix vulnerabilities' );
 			$no_themes_message = __( 'No themes found' );