Add edge case handling checksum verification of Hello Dolly (#119)

* Add edge case handling for Hello Dolly (Core vs Plugin) * Compare hello.php against core checksum instead of plugin repo * Fixed PHPCS Linting errors
wp-cli · Nov 10, 2023 · f691199 · f691199
1 parent 7ae0201
commit f691199
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 2 deletions.
diff --git a/features/checksum-plugin.feature b/features/checksum-plugin.feature
@@ -215,3 +215,12 @@ Feature: Validate checksums for WordPress plugins
       """
       Verified 1 of 1 plugins.
       """
+
+  Scenario: Verifies Hello Dolly
+    Given a WP install
+
+    When I run `wp plugin verify-checksums hello`
+    Then STDOUT should contain:
+      """
+      Verified 1 of 1 plugins.
+      """
diff --git a/src/Checksum_Plugin_Command.php b/src/Checksum_Plugin_Command.php
@@ -105,6 +105,11 @@ public function __invoke( $args, $assoc_args ) {
 				continue;
 			}
 
+			if ( 'hello' === $plugin->name ) {
+				$this->verify_hello_dolly_from_core( $assoc_args );
+				continue;
+			}
+
 			if ( false === $version ) {
 				WP_CLI::warning( "Could not retrieve the version for plugin {$plugin->name}, skipping." );
 				++$skips;
@@ -143,7 +148,6 @@ public function __invoke( $args, $assoc_args ) {
 				if ( ! $strict && $this->is_soft_change_file( $file ) ) {
 					continue;
 				}
-
 				$result = $this->check_file_checksum( dirname( $plugin->file ) . '/' . $file, $checksums[ $file ] );
 				if ( true !== $result ) {
 					$this->add_error( $plugin->name, $file, is_string( $result ) ? $result : 'Checksum does not match' );
@@ -173,6 +177,29 @@ public function __invoke( $args, $assoc_args ) {
 		);
 	}
 
+	private function verify_hello_dolly_from_core( $assoc_args ) {
+		$file       = 'hello.php';
+		$wp_version = get_bloginfo( 'version', 'display' );
+		$insecure   = (bool) Utils\get_flag_value( $assoc_args, 'insecure', false );
+		$wp_org_api = new WpOrgApi( [ 'insecure' => $insecure ] );
+		$locale     = '';
+
+		try {
+			$checksums = $wp_org_api->get_core_checksums( $wp_version, empty( $locale ) ? 'en_US' : $locale );
+		} catch ( Exception $exception ) {
+			WP_CLI::error( $exception );
+		}
+
+		if ( ! is_array( $checksums ) || ! isset( $checksums['wp-content/plugins/hello.php'] ) ) {
+			WP_CLI::error( "Couldn't get hello.php checksum from WordPress.org." );
+		}
+
+		$md5_file = md5_file( $this->get_absolute_path( '/' ) . $file );
+		if ( $md5_file !== $checksums['wp-content/plugins/hello.php'] ) {
+			$this->add_error( 'hello', $file, 'Checksum does not match' );
+		}
+	}
+
 	/**
 	 * Adds a new error to the array of detected errors.
 	 *
@@ -255,7 +282,6 @@ private function check_file_checksum( $path, $checksums ) {
 			&& array_key_exists( 'sha256', $checksums )
 		) {
 			$sha256 = $this->get_sha256( $this->get_absolute_path( $path ) );
-
 			return in_array( $sha256, (array) $checksums['sha256'], true );
 		}