WAF: Add killswitch define checks

[dkmyta]

Changes proposed in this Pull Request:

• This PR implements a set of killswitch define checks within:
  • The WAF package's main actions.php file to prevent the package code from running
  • The wp-content/jetpack-waf/bootstrap.php file generated by class-waf-standalone-bootstrap.php to cover any edge cases where the package had already been set up in standalone mode.

Jetpack product discussion

• Asana task: 1202197114468150

Does this pull request change what data or activity we track or use?

• No

Testing instructions:

• Checkout this branch.
• Fire up your Jurassic Tube instance.
• To verify the actions.php killswitch define check:
  • Add var_dump( ’Testing main killswitch’ ); die(); directly after the closing curly brace of the killswitch define check.
  • Load your site, and confirm that the WAF code runs and that the Testing main killswitch string is displayed.
  • Define the DISABLE_JETPACK_WAF constant as true, either in advance of the check in actions.php or within your wp-config.php.
  • Reload your site, and confirm that we've bailed on the WAF code and that WordPress now loads and functions as expected.
• To verify the bootstrap.php killswitch define check:
  • Add . "var_dump( 'Testing standalone killswitch' ); die();\n” as the initial line for the $code variable in the generate() method in class-waf-standalone-bootstrap.php.
  • Run jetpack docker wp jetpack-waf mode normal to set the WAF mode and generate/update the bootstrap file.
  • Confirm that the wp-contents/jetpack-waf folder exists and contains a bootstrap.php file with the contents of the $code variable, including the new testing additions.
  • Visit your .htaccess file and add the following code to trigger standalone mode php_value auto_prepend_file “/var/www/html/wp-content/jetpack-waf/bootstrap.php”.
  • Load your site and confirm that the bootstrap file has run and that the Testing standalone killswitch string is displayed.
  • Remove and replace the testing string beneath the killswitch define check.
  • Re-run the CLI command to update mode and verify that changes have been applied to the bootstrap file.
  • Load the site and confirm the string remains visible.
  • Edit the bootstrap file to define the DISABLE_JETPACK_WAF constant as true.
  • Reload the site and confirm that WordPress now loads and runs as expected, instead of the bootstrap code.

[github-actions]

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

• ✅ Include a description of your PR changes.
  
• ✅ All commits were linted before commit.
  
• ✅ Add a "[Status]" label (In Progress, Needs Team Review, ...).
  
• ✅ Add testing instructions.
  
• ✅ Specify whether this PR includes any changes to data or privacy.
  
• ✅ Add changelog entries to affected projects
  

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

---

The e2e test report can be found here. Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available.

---

Once your PR is ready for review, check one last time that all required checks (other than "Required review") appearing at the bottom of this PR are passing or skipped.
Then, add the "[Status] Needs Team review" label and ask someone from your team review the code.
Once you’ve done so, switch to the "[Status] Needs Review" label; someone from Jetpack Crew will then review this PR and merge it to be included in the next Jetpack release.

---

Jetpack plugin:

• Next scheduled release: June 7, 2022.
• Scheduled code freeze: May 31, 2022.

[singerb]

Code looks good, very thorough PR description! May need some updates for version stuff depending on what merges first.

[singerb]

Still looks good, should merge now assuming checks pass.