diff --git a/remote/remote.go b/remote/remote.go index 45786ab..4367546 100644 --- a/remote/remote.go +++ b/remote/remote.go @@ -58,17 +58,6 @@ var ( gGUIDttys map[string]*wpCLIProcess padlock *sync.Mutex guidRegex *regexp.Regexp - - blackListed1stLevel = []string{"admin", "cli", "config", "core", "dist-archive", - "eval-file", "eval", "find", "i18n", "scaffold", "server", "package", "profile"} - - blackListed2ndLevel = map[string][]string{ - "media": {"regenerate"}, - "theme": {"install", "update", "delete"}, - "plugin": {"install", "update", "delete"}, - "language": {"install", "update", "delete"}, - "vip": {"support-user"}, - } ) type config struct { @@ -368,34 +357,10 @@ func validateCommand(calledCmd string) (string, error) { return "", errors.New("WP CLI command not sent") } - for _, command := range blackListed1stLevel { - if strings.ToLower(strings.TrimSpace(cmdParts[0])) == command { - return "", fmt.Errorf("WP CLI command '%s' is not permitted", command) - } - } - if 1 == len(cmdParts) { return strings.TrimSpace(cmdParts[0]), nil } - for command, blacklistedMap := range blackListed2ndLevel { - for _, subCommand := range blacklistedMap { - if strings.ToLower(strings.TrimSpace(cmdParts[0])) == command && - strings.ToLower(strings.TrimSpace(cmdParts[1])) == subCommand { - return "", fmt.Errorf("WP CLI command '%s %s' is not permitted", command, subCommand) - } - } - } - - if cmdParts[0] == "db" { - if cmdParts[1] != "query" { - return "", fmt.Errorf("WP CLI command 'db %s' is not permitted", cmdParts[1]) - } - if len(cmdParts) < 3 || cmdParts[2] == "" { - return "", errors.New("WP CLI command 'db query' requires a query parameter") - } - } - return strings.Join(cmdParts, " "), nil } diff --git a/remote/remote_test.go b/remote/remote_test.go index eaa4154..38476b2 100644 --- a/remote/remote_test.go +++ b/remote/remote_test.go @@ -37,16 +37,7 @@ func TestValidateCommand(t *testing.T) { input string want string }{ - "config edit should fail": {errString: "WP CLI command 'config' is not permitted", want: "", input: "config edit"}, - "db create should fail": {errString: "WP CLI command 'db create' is not permitted", want: "", input: "db create"}, - "db export should fail": {errString: "WP CLI command 'db export' is not permitted", want: "", input: "db export somefile.sql"}, - "db reset --yes should fail": {errString: "WP CLI command 'db reset' is not permitted", want: "", input: "db reset --yes"}, - "db query without a query param should fail": {errString: "WP CLI command 'db query' requires a query parameter", want: "", input: "db query"}, - "db query with a query param should pass": {errString: "", want: "db query \"SELECT * FROM whatever\"", input: "db query \"SELECT * FROM whatever\""}, - "db query with trailing spaces should fail": {errString: "WP CLI command 'db query' requires a query parameter", want: "", input: "db query "}, - "media regenerate should fail": {errString: "WP CLI command 'media regenerate' is not permitted", want: "", input: "media regenerate"}, "media import file should pass": {errString: "", want: "media import https://example.com/cutekitties.png", input: "media import https://example.com/cutekitties.png"}, - "vip support-user should fail": {errString: "WP CLI command 'vip support-user' is not permitted", want: "", input: "vip support-user"}, "vip whatever should pass": {errString: "", want: "vip whatever", input: "vip whatever"}, }