X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fshell%2FCommand.php;h=264c3b48ccccf3121f97866144197907b1a9f92a;hb=689c847a32e7fe8a0b3a559a88a627a252c5018e;hp=bd44ef8937dd7dbdf27a29720a49097140801106;hpb=32912b8c8d82b02c71a067de346e5990acc2f6dc;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/shell/Command.php b/includes/shell/Command.php index bd44ef8937..d6f95783f0 100644 --- a/includes/shell/Command.php +++ b/includes/shell/Command.php @@ -36,7 +36,7 @@ class Command { use LoggerAwareTrait; /** @var string */ - private $command = ''; + protected $command = ''; /** @var array */ private $limits = [ @@ -56,8 +56,14 @@ class Command { /** @var string */ private $method; + /** @var string|null */ + private $inputString; + + /** @var bool */ + private $doIncludeStderr = false; + /** @var bool */ - private $useStderr = false; + private $doLogStderr = false; /** @var bool */ private $everExecuted = false; @@ -65,6 +71,13 @@ class Command { /** @var string|false */ private $cgroup = false; + /** + * bitfield with restrictions + * + * @var int + */ + protected $restrictions = 0; + /** * Constructor. Don't call directly, instead use Shell::command() * @@ -96,6 +109,7 @@ class Command { /** * Adds parameters to the command. All parameters are sanitized via Shell::escape(). + * Null values are ignored. * * @param string|string[] $args,... * @return $this @@ -107,13 +121,14 @@ class Command { // treat it as a list of arguments $args = reset( $args ); } - $this->command .= ' ' . Shell::escape( $args ); + $this->command = trim( $this->command . ' ' . Shell::escape( $args ) ); return $this; } /** * Adds unsafe parameters to the command. These parameters are NOT sanitized in any way. + * Null values are ignored. * * @param string|string[] $args,... * @return $this @@ -125,7 +140,12 @@ class Command { // treat it as a list of arguments $args = reset( $args ); } - $this->command .= implode( ' ', $args ); + $args = array_filter( $args, + function ( $value ) { + return $value !== null; + } + ); + $this->command = trim( $this->command . ' ' . implode( ' ', $args ) ); return $this; } @@ -172,6 +192,18 @@ class Command { return $this; } + /** + * Sends the provided input to the command. + * When set to null (default), the command will use the standard input. + * @param string|null $inputString + * @return $this + */ + public function input( $inputString ) { + $this->inputString = is_null( $inputString ) ? null : (string)$inputString; + + return $this; + } + /** * Controls whether stderr should be included in stdout, including errors from limit.sh. * Default: don't include. @@ -180,7 +212,19 @@ class Command { * @return $this */ public function includeStderr( $yesno = true ) { - $this->useStderr = $yesno; + $this->doIncludeStderr = $yesno; + + return $this; + } + + /** + * When enabled, text sent to stderr will be logged with a level of 'error'. + * + * @param bool $yesno + * @return $this + */ + public function logStderr( $yesno = true ) { + $this->doLogStderr = $yesno; return $this; } @@ -198,19 +242,52 @@ class Command { } /** - * Executes command. Afterwards, getExitCode() and getOutput() can be used to access execution - * results. + * Set additional restrictions for this request * - * @return Result - * @throws Exception - * @throws ProcOpenError - * @throws ShellDisabledError + * @since 1.31 + * @param int $restrictions + * @return $this */ - public function execute() { - $this->everExecuted = true; + public function restrict( $restrictions ) { + $this->restrictions |= $restrictions; - $profileMethod = $this->method ?: wfGetCaller(); + return $this; + } + /** + * Bitfield helper on whether a specific restriction is enabled + * + * @param int $restriction + * + * @return bool + */ + protected function hasRestriction( $restriction ) { + return ( $this->restrictions & $restriction ) === $restriction; + } + + /** + * If called, only the files/directories that are + * whitelisted will be available to the shell command. + * + * limit.sh will always be whitelisted + * + * @param string[] $paths + * + * @return $this + */ + public function whitelistPaths( array $paths ) { + // Default implementation is a no-op + return $this; + } + + /** + * String together all the options and build the final command + * to execute + * + * @param string $command Already-escaped command to run + * @return array [ command, whether to use log pipe ] + */ + protected function buildFinalCommand( $command ) { $envcmd = ''; foreach ( $this->env as $k => $v ) { if ( wfIsWindows() ) { @@ -229,9 +306,9 @@ class Command { } } - $cmd = $envcmd . trim( $this->command ); - $useLogPipe = false; + $cmd = $envcmd . trim( $command ); + if ( is_executable( '/bin/bash' ) ) { $time = intval( $this->limits['time'] ); $wallTime = intval( $this->limits['walltime'] ); @@ -240,22 +317,42 @@ class Command { if ( $time > 0 || $mem > 0 || $filesize > 0 || $wallTime > 0 ) { $cmd = '/bin/bash ' . escapeshellarg( __DIR__ . '/limit.sh' ) . ' ' . - escapeshellarg( $cmd ) . ' ' . - escapeshellarg( - "MW_INCLUDE_STDERR=" . ( $this->useStderr ? '1' : '' ) . ';' . - "MW_CPU_LIMIT=$time; " . - 'MW_CGROUP=' . escapeshellarg( $this->cgroup ) . '; ' . - "MW_MEM_LIMIT=$mem; " . - "MW_FILE_SIZE_LIMIT=$filesize; " . - "MW_WALL_CLOCK_LIMIT=$wallTime; " . - "MW_USE_LOG_PIPE=yes" - ); + escapeshellarg( $cmd ) . ' ' . + escapeshellarg( + "MW_INCLUDE_STDERR=" . ( $this->doIncludeStderr ? '1' : '' ) . ';' . + "MW_CPU_LIMIT=$time; " . + 'MW_CGROUP=' . escapeshellarg( $this->cgroup ) . '; ' . + "MW_MEM_LIMIT=$mem; " . + "MW_FILE_SIZE_LIMIT=$filesize; " . + "MW_WALL_CLOCK_LIMIT=$wallTime; " . + "MW_USE_LOG_PIPE=yes" + ); $useLogPipe = true; } } - if ( !$useLogPipe && $this->useStderr ) { + if ( !$useLogPipe && $this->doIncludeStderr ) { $cmd .= ' 2>&1'; } + + return [ $cmd, $useLogPipe ]; + } + + /** + * Executes command. Afterwards, getExitCode() and getOutput() can be used to access execution + * results. + * + * @return Result + * @throws Exception + * @throws ProcOpenError + * @throws ShellDisabledError + */ + public function execute() { + $this->everExecuted = true; + + $profileMethod = $this->method ?: wfGetCaller(); + + list( $cmd, $useLogPipe ) = $this->buildFinalCommand( $this->command ); + $this->logger->debug( __METHOD__ . ": $cmd" ); // Don't try to execute commands that exceed Linux's MAX_ARG_STRLEN. @@ -268,7 +365,7 @@ class Command { } $desc = [ - 0 => [ 'file', 'php://stdin', 'r' ], + 0 => $this->inputString === null ? [ 'file', 'php://stdin', 'r' ] : [ 'pipe', 'r' ], 1 => [ 'pipe', 'w' ], 2 => [ 'pipe', 'w' ], ]; @@ -282,8 +379,13 @@ class Command { $this->logger->error( "proc_open() failed: {command}", [ 'command' => $cmd ] ); throw new ProcOpenError(); } - $outBuffer = $logBuffer = ''; - $errBuffer = null; + + $buffers = [ + 0 => $this->inputString, // input + 1 => '', // stdout + 2 => null, // stderr + 3 => '', // log + ]; $emptyArray = []; $status = false; $logMsg = false; @@ -302,11 +404,20 @@ class Command { $eintr = defined( 'SOCKET_EINTR' ) ? SOCKET_EINTR : 4; $eintrMessage = "stream_select(): unable to select [$eintr]"; + /* The select(2) system call only guarantees a "sufficiently small write" + * can be made without blocking. And on Linux the read might block too + * in certain cases, although I don't know if any of them can occur here. + * Regardless, set all the pipes to non-blocking to avoid T184171. + */ + foreach ( $pipes as $pipe ) { + stream_set_blocking( $pipe, false ); + } + $running = true; $timeout = null; $numReadyPipes = 0; - while ( $running === true || $numReadyPipes !== 0 ) { + while ( $pipes && ( $running === true || $numReadyPipes !== 0 ) ) { if ( $running ) { $status = proc_get_status( $proc ); // If the process has terminated, switch to nonblocking selects @@ -317,21 +428,26 @@ class Command { } } - $readyPipes = $pipes; - // clear get_last_error without actually raising an error // from http://php.net/manual/en/function.error-get-last.php#113518 // TODO replace with clear_last_error when requirements are bumped to PHP7 set_error_handler( function () { }, 0 ); - // @codingStandardsIgnoreStart Generic.PHP.NoSilencedErrors.Discouraged + // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged @trigger_error( '' ); - // @codingStandardsIgnoreEnd restore_error_handler(); - // @codingStandardsIgnoreStart Generic.PHP.NoSilencedErrors.Discouraged - $numReadyPipes = @stream_select( $readyPipes, $emptyArray, $emptyArray, $timeout ); - // @codingStandardsIgnoreEnd + $readPipes = wfArrayFilterByKey( $pipes, function ( $fd ) use ( $desc ) { + return $desc[$fd][0] === 'pipe' && $desc[$fd][1] === 'r'; + } ); + $writePipes = wfArrayFilterByKey( $pipes, function ( $fd ) use ( $desc ) { + return $desc[$fd][0] === 'pipe' && $desc[$fd][1] === 'w'; + } ); + // stream_select parameter names are from the POV of us being able to do the operation; + // proc_open desriptor types are from the POV of the process doing it. + // So $writePipes is passed as the $read parameter and $readPipes as $write. + // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged + $numReadyPipes = @stream_select( $writePipes, $readPipes, $emptyArray, $timeout ); if ( $numReadyPipes === false ) { $error = error_get_last(); if ( strncmp( $error['message'], $eintrMessage, strlen( $eintrMessage ) ) == 0 ) { @@ -342,31 +458,39 @@ class Command { break; } } - foreach ( $readyPipes as $fd => $pipe ) { - $block = fread( $pipe, 65536 ); - if ( $block === '' ) { - // End of file - fclose( $pipes[$fd] ); - unset( $pipes[$fd] ); - if ( !$pipes ) { - break 2; - } - } elseif ( $block === false ) { - // Read error - $logMsg = "Error reading from pipe"; + foreach ( $writePipes + $readPipes as $fd => $pipe ) { + // True if a pipe is unblocked for us to write into, false if for reading from + $isWrite = array_key_exists( $fd, $readPipes ); + + if ( $isWrite ) { + $res = fwrite( $pipe, $buffers[$fd], 65536 ); + } else { + $res = fread( $pipe, 65536 ); + } + + if ( $res === false ) { + $logMsg = 'Error ' . ( $isWrite ? 'writing to' : 'reading from' ) . ' pipe'; break 2; - } elseif ( $fd == 1 ) { - // From stdout - $outBuffer .= $block; - } elseif ( $fd == 2 ) { - // From stderr - $errBuffer .= $block; - } elseif ( $fd == 3 ) { - // From log FD - $logBuffer .= $block; - if ( strpos( $block, "\n" ) !== false ) { - $lines = explode( "\n", $logBuffer ); - $logBuffer = array_pop( $lines ); + } + + if ( $res === '' || $res === 0 ) { + // End of file? + if ( feof( $pipe ) ) { + fclose( $pipes[$fd] ); + unset( $pipes[$fd] ); + } + } elseif ( $isWrite ) { + $buffers[$fd] = (string)substr( $buffers[$fd], $res ); + if ( $buffers[$fd] === '' ) { + fclose( $pipes[$fd] ); + unset( $pipes[$fd] ); + } + } else { + $buffers[$fd] .= $res; + if ( $fd === 3 && strpos( $res, "\n" ) !== false ) { + // For the log FD, every line is a separate log entry. + $lines = explode( "\n", $buffers[3] ); + $buffers[3] = array_pop( $lines ); foreach ( $lines as $line ) { $this->logger->info( $line ); } @@ -411,6 +535,15 @@ class Command { $this->logger->warning( "$logMsg: {command}", [ 'command' => $cmd ] ); } - return new Result( $retval, $outBuffer, $errBuffer ); + if ( $buffers[2] && $this->doLogStderr ) { + $this->logger->error( "Error running {command}: {error}", [ + 'command' => $cmd, + 'error' => $buffers[2], + 'exitcode' => $retval, + 'exception' => new Exception( 'Shell error' ), + ] ); + } + + return new Result( $retval, $buffers[1], $buffers[2] ); } }