Merge branch 'master' into custom-files-fix

igorhrcek · Mar 21, 2022 · bdc4003 · bdc4003
2 parents 9487f18 + 2c935ac
commit bdc4003
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/src/SubCommands/AddSecurityHeaders.php b/src/SubCommands/AddSecurityHeaders.php
@@ -18,7 +18,7 @@ public function getTemplateVars() : array {
             'X-XSS-Protection' => '"1; mode=block"'
         ];
 
-        $headers = isset( $this->commandArguments['headers'] ) ? $this->commandArguments['headers'] : array_keys( $default_headers );
+        $headers = $this->commandArguments['headers'] ?? array_keys($default_headers);
         if ( ! empty( $headers ) ) {
             if ( is_string( $headers ) ) {
                 $headers = explode( ',', $headers );
@@ -45,6 +45,7 @@ public function getTemplateVars() : array {
             }
             return $headers_array;
         }
+
         return [];
     }
 }
diff --git a/src/SubCommands/BlockAccessToSensitiveFiles.php b/src/SubCommands/BlockAccessToSensitiveFiles.php
@@ -7,4 +7,36 @@ class BlockAccessToSensitiveFiles extends SubCommand {
     public string $ruleName = 'BLOCK ACCESS TO SENSITIVE FILES';
     public string $successMessage = 'Block Access to Sensitive Files rule has been deployed.';
     public string $removalMessage= 'Block Access to Sensitive Files rule has been removed.';
+
+
+    /**
+     * @var string List of files that we are protecting by default
+     */
+    private string $protectedFiles = 'readme.html,readme.txt,wp-config.php,nginx.conf,/wp-admin/install.php,/wp-admin/upgrade.php';
+
+    public function getTemplateVars() : array {
+        $files = $this->commandArguments['files'] ?? $this->protectedFiles;
+        if ( ! empty( $files ) ) {
+            $files = explode( ',', $files );
+            $files = array_map( 'trim', $files );
+            $files_array = [];
+
+            foreach ( $files as $key => $value ) {
+                if ( preg_match( '/.+\/.+/', $value ) ) {
+                    $file_with_directory = $this->setRuleContent( false, 'block_access_to_sensitive_files_with_directories' );
+                    if ( isset( $this->commandArguments['server'] ) && $this->commandArguments['server'] === 'nginx' ) {
+                        $file = $value;
+                    } else {
+                        $file = preg_quote( ltrim( $value, '/' ) );
+                    }
+                    $files_array[] = [ $file => $file_with_directory ];
+                } else {
+                    $files_array[] = [ 'file' => isset( $this->commandArguments['server'] ) && $this->commandArguments['server'] === 'nginx' ? preg_quote( $value ) : $value ];
+                }
+            }
+            return $files_array;
+        }
+        return [];
+    }
+
 }