Merge pull request #122 from pantheon-systems/CMS-590

[CMS-590] check for WPSCAN_API_TOKEN constant:
pantheon-systems · Apr 12, 2022 · f35e7f0 · f35e7f0
2 parents a6c6cad + e5b10f8
commit f35e7f0
Showing 1 changed file with 27 additions and 1 deletion.
diff --git a/php/pantheon/checks/plugins.php b/php/pantheon/checks/plugins.php
@@ -77,7 +77,7 @@ public function run() {
 	protected function getPluginVulnerability( $plugin_slug )
 	{
 		// Get the vulnerability API token from the platform
-		$wpvulndb_api_token = getenv('PANTHEON_WPVULNDB_API_TOKEN');
+		$wpvulndb_api_token = $this->getWpScanApiToken();
 
 		// Throw an exception if there is no token
 		if( false === $wpvulndb_api_token || empty( $wpvulndb_api_token ) ) {
@@ -121,6 +121,32 @@ protected function getPluginVulnerability( $plugin_slug )
 		return $result[$plugin_slug];
 	}
 
+
+	protected function getWpScanApiToken() {
+		if( !defined( 'PANTHEON_WPSCAN_ENVIRONMENTS' ) ) {
+			return false;
+		}
+
+		if ( ! is_array( PANTHEON_WPSCAN_ENVIRONMENTS ) ) {
+			$environments = explode( ',', PANTHEON_WPSCAN_ENVIRONMENTS );
+		} else {
+			$environments = PANTHEON_WPSCAN_ENVIRONMENTS;
+		}
+
+		if(
+			!in_array( getenv( 'PANTHEON_ENVIRONMENT' ), $environments )
+			&& !in_array( '*', $environments )
+		) {
+			return false;
+		}
+
+		if( defined( 'WPSCAN_API_TOKEN' ) ) {
+			return WPSCAN_API_TOKEN;
+		}
+
+		return getenv( 'PANTHEON_WPVULNDB_API_TOKEN' );
+	}
+
 	/**
 	* Checks a plugin by slug and version for vulnerabilities
 	* @param $plugin_slug string (required) string representing the plugin slug