This standalone application is intended to be used in running automated checks that monitor the functioning of an active wp-plugin or wp-theme to be performed when packages are submitted for federation on the FAIR network and with subsequent releases. Examples of prior art are shown here along with other resources, but are not intended as an exhaustive or approved list of libraries to be used. Other runtime environments may be suitable for certain checks, but all should assume unsafe code is being run and should consider blocking outbound http requests or mail sending of any kind.
As described in Runtime Checks:
- No unexpected filesystem modifications
- No unexpected outbound http requests
- Flag outbound http requests to CDNs, Google fonts, etc. if not already logged from static scan
- No console errors
- No PHP errors or warnings in log
- Flag
deprecation notices
- Flag
doing_it_wrong
- Slow db queries?
- Fuzz Testing:
- Performance checks; e.g., Code Profiler / Code Profiler
- Possible environment: Katakate/k7 self-hosted infra for lightweight VM sandboxes to safely execute untrusted code
- Append results to fair-forge-meta per spec
Resulting output to STDOUT is fine, can be piped where we need it later. Output format should be along these lines:
This standalone application is intended to be used in running automated checks that monitor the functioning of an active
wp-pluginorwp-themeto be performed when packages are submitted for federation on the FAIR network and with subsequent releases. Examples of prior art are shown here along with other resources, but are not intended as an exhaustive or approved list of libraries to be used. Other runtime environments may be suitable for certain checks, but all should assume unsafe code is being run and should consider blocking outbound http requests or mail sending of any kind.As described in Runtime Checks:
deprecationnoticesdoing_it_wrongResulting output to STDOUT is fine, can be piped where we need it later. Output format should be along these lines: