Merge pull request #3747 from magento-pangolin/MQE-1430-2

[pangolin] MQE-1430: [2.2.x] Limit allowed bin/magento commands to specific list (MTF)

Author: KevinBKozan

dev/tests/functional/lib/Magento/Mtf/Util/Command/Cli.php

@@ -8,6 +8,7 @@
 
 use Magento\Mtf\Util\Protocol\CurlInterface;
 use Magento\Mtf\Util\Protocol\CurlTransport;
+use Magento\Mtf\Util\Protocol\CurlTransport\WebapiDecorator;
 
 /**
  * Perform bin/magento commands from command line for functional tests executions.
@@ -17,7 +18,7 @@ class Cli
     /**
      * Url to command.php.
      */
-    const URL = 'dev/tests/functional/utils/command.php';
+    const URL = '/dev/tests/functional/utils/command.php';
 
     /**
      * Curl transport protocol.
@@ -26,12 +27,21 @@ class Cli
      */
     private $transport;
 
+    /**
+     * Webapi handler.
+     *
+     * @var WebapiDecorator
+     */
+    private $webapiHandler;
+
     /**
      * @param CurlTransport $transport
+     * @param WebapiDecorator $webapiHandler
      */
-    public function __construct(CurlTransport $transport)
+    public function __construct(CurlTransport $transport, WebapiDecorator $webapiHandler)
     {
         $this->transport = $transport;
+        $this->webapiHandler = $webapiHandler;
     }
 
     /**
@@ -43,22 +53,31 @@ public function __construct(CurlTransport $transport)
      */
     public function execute($command, $options = [])
     {
-        $curl = $this->transport;
-        $curl->write($this->prepareUrl($command, $options), [], CurlInterface::GET);
-        $curl->read();
-        $curl->close();
+        $this->transport->write(
+            rtrim(str_replace('index.php', '', $_ENV['app_frontend_url']), '/') . self::URL,
+            $this->prepareParamArray($command, $options),
+            CurlInterface::POST,
+            []
+        );
+        $this->transport->read();
+        $this->transport->close();
     }
 
     /**
-     * Prepare url.
+     * Prepare parameter array.
      *
      * @param string $command
      * @param array $options [optional]
-     * @return string
+     * @return array
      */
-    private function prepareUrl($command, $options = [])
+    private function prepareParamArray($command, $options = [])
     {
-        $command .= ' ' . implode(' ', $options);
-        return $_ENV['app_frontend_url'] . self::URL . '?command=' . urlencode($command);
+        if (!empty($options)) {
+            $command .= ' ' . implode(' ', $options);
+        }
+        return [
+            'token' => urlencode($this->webapiHandler->getWebapiToken()),
+            'command' => urlencode($command)
+        ];
     }
 }

dev/tests/functional/lib/Magento/Mtf/Util/Command/File/Export/Reader.php

@@ -3,12 +3,12 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
 namespace Magento\Mtf\Util\Command\File\Export;
 
 use Magento\Mtf\ObjectManagerInterface;
 use Magento\Mtf\Util\Protocol\CurlTransport;
 use Magento\Mtf\Util\Protocol\CurlInterface;
+use Magento\Mtf\Util\Protocol\CurlTransport\WebapiDecorator;
 
 /**
  * File reader for Magento export files.
@@ -36,16 +36,29 @@ class Reader implements ReaderInterface
      */
     private $transport;
 
+    /**
+     * Webapi handler.
+     *
+     * @var WebapiDecorator
+     */
+    private $webapiHandler;
+
     /**
      * @param ObjectManagerInterface $objectManager
      * @param CurlTransport $transport
+     * @param WebapiDecorator $webapiHandler
      * @param string $template
      */
-    public function __construct(ObjectManagerInterface $objectManager, CurlTransport $transport, $template)
-    {
+    public function __construct(
+        ObjectManagerInterface $objectManager,
+        CurlTransport $transport,
+        WebapiDecorator $webapiHandler,
+        $template
+    ) {
         $this->objectManager = $objectManager;
         $this->template = $template;
         $this->transport = $transport;
+        $this->webapiHandler = $webapiHandler;
     }
 
     /**
@@ -70,20 +83,27 @@ public function getData()
      */
     private function getFiles()
     {
-        $this->transport->write($this->prepareUrl(), [], CurlInterface::GET);
+        $this->transport->write(
+            rtrim(str_replace('index.php', '', $_ENV['app_frontend_url']), '/') . self::URL,
+            $this->prepareParamArray(),
+            CurlInterface::POST,
+            []
+        );
         $serializedFiles = $this->transport->read();
         $this->transport->close();
-
         return unserialize($serializedFiles);
     }
 
     /**
-     * Prepare url.
+     * Prepare parameter array.
      *
-     * @return string
+     * @return array
      */
-    private function prepareUrl()
+    private function prepareParamArray()
     {
-        return $_ENV['app_frontend_url'] . self::URL . '?template=' . urlencode($this->template);
+        return [
+            'token' => urlencode($this->webapiHandler->getWebapiToken()),
+            'template' => urlencode($this->template)
+        ];
     }
 }

dev/tests/functional/lib/Magento/Mtf/Util/Command/File/Export/ReaderInterface.php

@@ -14,7 +14,7 @@ interface ReaderInterface
     /**
      * Url to export.php.
      */
-    const URL = 'dev/tests/functional/utils/export.php';
+    const URL = '/dev/tests/functional/utils/export.php';
 
     /**
      * Exporting files as Data object from Magento.

dev/tests/functional/lib/Magento/Mtf/Util/Command/File/Log.php

@@ -7,6 +7,7 @@
 namespace Magento\Mtf\Util\Command\File;
 
 use Magento\Mtf\Util\Protocol\CurlTransport;
+use Magento\Mtf\Util\Protocol\CurlTransport\WebapiDecorator;
 
 /**
  * Get content of log file in var/log folder.
@@ -16,7 +17,7 @@ class Log
     /**
      * Url to log.php.
      */
-    const URL = 'dev/tests/functional/utils/log.php';
+    const URL = '/dev/tests/functional/utils/log.php';
 
     /**
      * Curl transport protocol.
@@ -25,12 +26,21 @@ class Log
      */
     private $transport;
 
+    /**
+     * Webapi handler.
+     *
+     * @var WebapiDecorator
+     */
+    private $webapiHandler;
+
     /**
      * @param CurlTransport $transport
+     * @param WebapiDecorator $webapiHandler
      */
-    public function __construct(CurlTransport $transport)
+    public function __construct(CurlTransport $transport, WebapiDecorator $webapiHandler)
     {
         $this->transport = $transport;
+        $this->webapiHandler = $webapiHandler;
     }
 
     /**
@@ -41,22 +51,28 @@ public function __construct(CurlTransport $transport)
      */
     public function getFileContent($name)
     {
-        $curl = $this->transport;
-        $curl->write($this->prepareUrl($name), [], CurlTransport::GET);
-        $data = $curl->read();
-        $curl->close();
-
+        $this->transport->write(
+            rtrim(str_replace('index.php', '', $_ENV['app_frontend_url']), '/') . self::URL,
+            $this->prepareParamArray($name),
+            CurlInterface::POST,
+            []
+        );
+        $data = $this->transport->read();
+        $this->transport->close();
         return unserialize($data);
     }
 
     /**
-     * Prepare url.
+     * Prepare parameter array.
      *
      * @param string $name
-     * @return string
+     * @return array
      */
-    private function prepareUrl($name)
+    private function prepareParamArray($name)
     {
-        return $_ENV['app_frontend_url'] . self::URL . '?name=' . urlencode($name);
+        return [
+            'token' => urlencode($this->webapiHandler->getWebapiToken()),
+            'name' => urlencode($name)
+        ];
     }
 }

dev/tests/functional/lib/Magento/Mtf/Util/Command/GeneratedCode.php

@@ -7,6 +7,7 @@
 
 use Magento\Mtf\Util\Protocol\CurlInterface;
 use Magento\Mtf\Util\Protocol\CurlTransport;
+use Magento\Mtf\Util\Protocol\CurlTransport\WebapiDecorator;
 
 /**
  * GeneratedCode removes generated code of Magento (like generated/code and generated/metadata).
@@ -16,7 +17,7 @@ class GeneratedCode
     /**
      * Url to deleteMagentoGeneratedCode.php.
      */
-    const URL = 'dev/tests/functional/utils/deleteMagentoGeneratedCode.php';
+    const URL = '/dev/tests/functional/utils/deleteMagentoGeneratedCode.php';
 
     /**
      * Curl transport protocol.
@@ -25,12 +26,21 @@ class GeneratedCode
      */
     private $transport;
 
+    /**
+     * Webapi handler.
+     *
+     * @var WebapiDecorator
+     */
+    private $webapiHandler;
+
     /**
      * @param CurlTransport $transport
+     * @param WebapiDecorator $webapiHandler
      */
-    public function __construct(CurlTransport $transport)
+    public function __construct(CurlTransport $transport, WebapiDecorator $webapiHandler)
     {
         $this->transport = $transport;
+        $this->webapiHandler = $webapiHandler;
     }
 
     /**
@@ -40,10 +50,25 @@ public function __construct(CurlTransport $transport)
      */
     public function delete()
     {
-        $url = $_ENV['app_frontend_url'] . self::URL;
-        $curl = $this->transport;
-        $curl->write($url, [], CurlInterface::GET);
-        $curl->read();
-        $curl->close();
+        $this->transport->write(
+            rtrim(str_replace('index.php', '', $_ENV['app_frontend_url']), '/') . self::URL,
+            $this->prepareParamArray(),
+            CurlInterface::POST,
+            []
+        );
+        $this->transport->read();
+        $this->transport->close();
+    }
+
+    /**
+     * Prepare parameter array.
+     *
+     * @return array
+     */
+    private function prepareParamArray()
+    {
+        return [
+            'token' => urlencode($this->webapiHandler->getWebapiToken())
+        ];
     }
 }

dev/tests/functional/lib/Magento/Mtf/Util/Command/Locales.php

@@ -7,6 +7,7 @@
 
 use Magento\Mtf\Util\Protocol\CurlInterface;
 use Magento\Mtf\Util\Protocol\CurlTransport;
+use Magento\Mtf\Util\Protocol\CurlTransport\WebapiDecorator;
 
 /**
  * Returns array of locales depends on fetching type.
@@ -26,7 +27,7 @@ class Locales
     /**
      * Url to locales.php.
      */
-    const URL = 'dev/tests/functional/utils/locales.php';
+    const URL = '/dev/tests/functional/utils/locales.php';
 
     /**
      * Curl transport protocol.
@@ -35,12 +36,21 @@ class Locales
      */
     private $transport;
 
+    /**
+     * Webapi handler.
+     *
+     * @var WebapiDecorator
+     */
+    private $webapiHandler;
+
     /**
      * @param CurlTransport $transport Curl transport protocol
+     * @param WebapiDecorator $webapiHandler
      */
-    public function __construct(CurlTransport $transport)
+    public function __construct(CurlTransport $transport, WebapiDecorator $webapiHandler)
     {
         $this->transport = $transport;
+        $this->webapiHandler = $webapiHandler;
     }
 
     /**
@@ -51,12 +61,28 @@ public function __construct(CurlTransport $transport)
      */
     public function getList($type = self::TYPE_ALL)
     {
-        $url = $_ENV['app_frontend_url'] . self::URL . '?type=' . $type;
-        $curl = $this->transport;
-        $curl->write($url, [], CurlInterface::GET);
-        $result = $curl->read();
-        $curl->close();
-
+        $this->transport->write(
+            rtrim(str_replace('index.php', '', $_ENV['app_frontend_url']), '/') . self::URL,
+            $this->prepareParamArray($type),
+            CurlInterface::POST,
+            []
+        );
+        $result = $this->transport->read();
+        $this->transport->close();
         return explode('|', $result);
     }
+
+    /**
+     * Prepare parameter array.
+     *
+     * @param string $type
+     * @return array
+     */
+    private function prepareParamArray($type)
+    {
+        return [
+            'token' => urlencode($this->webapiHandler->getWebapiToken()),
+            'type' => urlencode($type)
+        ];
+    }
 }