Choosing the first available program from list of options

GNU tar accepts an external program to perform compression, via the option --use-compress-program. I'd normally want pigz if it's available, but if not, fallback to gzip. Is there a compact way to get represent this? Yes!

which --skip-alias --skip-functions pigz gzip 2>/dev/null | head -1

GNU which accepts multiple arguments, printing out the resolution for each as they're found or an error if not. GNU which also allows finding only full-fledged binaries, not aliases or functions. This is exactly what we want: list the paths to these programs, in the order I gave, then pluck the first one.

Read More

What is a @dataProvider?

I'm asked about data providers almost every time I introduce a developer to PHPUnit. Once you understand them, they're quite clear, but on first pass they seem to give developers pause.

So what are they? Practically, a data provider is any static method that produces an array of arrays. The outer array defines the iterations of the test loop, while the inner arrays are the arguments to pass to each iteration. Let's look at an example. First, annotate a test method's docblock:

/**
 * @dataProvider provides_foo_and_bar
 */
public function test_frobnicator($foo, $bar) { /* ... */ }

Then define the data provider:

public static function provides_foo_and_bar() {
    return [
        [ 'FOO', 'BAR' ],
        [ 'BAZ', 'QUUX' ],
    ];
}

PHPUnit will call provides_foo_and_bar twice. The first time it will pass test_frobnicator with "FOO" and "BAR". The second time it will call test_frobnicator with "BAZ" and "QUUX". Note that the data provider is both public and static: PHPUnit requires that.

Pro-top: by default, phpunit runs all data sets. But, you can select specific data sets to run easily: phpunit FrobnicateModel.php test_frobnicate#1 runs only one loop, with the 1-index elements "BAZ" and "QUUX".

Read More

Approximating GNU parted in Windows

I partition disks in Linux all the time. But, thanks to disk ghosting, I don't do much partitioning in Windows. When I do need to partition in Windows (like external drives), what do I use? Enter the Windows Disk Management Snap-in, diskmgmt.msc, first available in Windows 98.

If you're familiar with GNU parted, this Windows tool will make perfect sense. You see immediately your list of hard drives, their partitions, and can click on them to delete or resize. Click on free space to partition. There are some limitations, though. For example, you can't delete recovery partitions. For that, you can drop to the Windows command line and run diskpart. This tool is like Linux's fdisk.

Read More

Identifying specific vulnerabilities in WordPress, by version

Exactly how vulnerable is your WordPress version? Ask the good folks over at the WordPress vulnerability database who have not only assembled a vulnerability list by version, but also provided a nice API for querying.

# WordPress 4.4.2 vulnerabilities, by type
$ curl -sS https://wpvulndb.com/api/v2/wordpresses/442 |\
  jq -r '.["4.4.2"]|.["vulnerabilities"]|.[].vuln_type' |\
  sort | uniq -c
      1 BYPASS
      1 CSRF
      1 LFI
      1 SSRF
      1 UNKNOWN
      5 XSS

Same thing, but list the titles and take a version as a parameter:

wpvulndb() {
    version=${1:?Check which WordPress version for vulnerabilities (eg 4.8.3)?}
    curl -sS "https://wpvulndb.com/api/v2/wordpresses/${version//./}" | \
      jq -r --arg version "$version" '.[$version]|.["vulnerabilities"]|.[].title'
}

wpvulndb 4.8.3

Read More