X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fshell%2FShell.php;h=05463dbf35a738152a8813b672d4912a9fc929f5;hb=983173f3be216070d7bcd2c0930dfe86e39f5b5b;hp=f2c96aeb994fa6a34ed1d1f7ae6274e70840635a;hpb=f8e202e0fbd62ac26cfa9ae2695ebc081b08226f;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/shell/Shell.php b/includes/shell/Shell.php
index f2c96aeb99..05463dbf35 100644
--- a/includes/shell/Shell.php
+++ b/includes/shell/Shell.php
@@ -22,7 +22,6 @@
 
 namespace MediaWiki\Shell;
 
-use MediaWiki\Logger\LoggerFactory;
 use MediaWiki\MediaWikiServices;
 
 /**
@@ -38,9 +37,68 @@ use MediaWiki\MediaWikiServices;
  *
  *  ... = $result->getExitCode();
  *  ... = $result->getStdout();
+ *  ... = $result->getStderr();
  */
 class Shell {
 
+	/**
+	 * Apply a default set of restrictions for improved
+	 * security out of the box.
+	 *
+	 * Equal to NO_ROOT | SECCOMP | PRIVATE_DEV | NO_LOCALSETTINGS
+	 *
+	 * @note This value will change over time to provide increased security
+	 *       by default, and is not guaranteed to be backwards-compatible.
+	 * @since 1.31
+	 */
+	const RESTRICT_DEFAULT = 39;
+
+	/**
+	 * Disallow any root access. Any setuid binaries
+	 * will be run without elevated access.
+	 *
+	 * @since 1.31
+	 */
+	const NO_ROOT = 1;
+
+	/**
+	 * Use seccomp to block dangerous syscalls
+	 * @see <https://en.wikipedia.org/wiki/seccomp>
+	 *
+	 * @since 1.31
+	 */
+	const SECCOMP = 2;
+
+	/**
+	 * Create a private /dev
+	 *
+	 * @since 1.31
+	 */
+	const PRIVATE_DEV = 4;
+
+	/**
+	 * Restrict the request to have no
+	 * network access
+	 *
+	 * @since 1.31
+	 */
+	const NO_NETWORK = 8;
+
+	/**
+	 * Deny execve syscall with seccomp
+	 * @see <https://en.wikipedia.org/wiki/exec_(system_call)>
+	 *
+	 * @since 1.31
+	 */
+	const NO_EXECVE = 16;
+
+	/**
+	 * Deny access to LocalSettings.php (MW_CONFIG_FILE)
+	 *
+	 * @since 1.31
+	 */
+	const NO_LOCALSETTINGS = 32;
+
 	/**
 	 * Returns a new instance of Command class
 	 *
@@ -56,18 +114,9 @@ class Shell {
 			// treat it as a list of arguments
 			$args = reset( $args );
 		}
-		$command = new Command();
-		$config = MediaWikiServices::getInstance()->getMainConfig();
-
-		$limits = [
-			'time' => $config->get( 'MaxShellTime' ),
-			'walltime' => $config->get( 'MaxShellWallClockTime' ),
-			'memory' => $config->get( 'MaxShellMemory' ),
-			'filesize' => $config->get( 'MaxShellFileSize' ),
-		];
-		$command->limits( $limits );
-		$command->cgroup( $config->get( 'ShellCgroup' ) );
-		$command->setLogger( LoggerFactory::getInstance( 'exec' ) );
+		$command = MediaWikiServices::getInstance()
+			->getShellCommandFactory()
+			->create();
 
 		return $command->params( $args );
 	}
@@ -100,7 +149,7 @@ class Shell {
 	 * PHP 5.2.6+ (bug backported to earlier distro releases of PHP).
 	 *
 	 * @param string $args,... strings to escape and glue together, or a single array of
-	 *     strings parameter
+	 *     strings parameter. Null values are ignored.
 	 * @return string
 	 */
 	public static function escape( /* ... */ ) {
@@ -114,6 +163,9 @@ class Shell {
 		$first = true;
 		$retVal = '';
 		foreach ( $args as $arg ) {
+			if ( $arg === null ) {
+				continue;
+			}
 			if ( !$first ) {
 				$retVal .= ' ';
 			} else {
@@ -122,14 +174,12 @@ class Shell {
 
 			if ( wfIsWindows() ) {
 				// Escaping for an MSVC-style command line parser and CMD.EXE
-				// @codingStandardsIgnoreStart For long URLs
 				// Refs:
 				//  * https://web.archive.org/web/20020708081031/http://mailman.lyra.org/pipermail/scite-interest/2002-March/000436.html
 				//  * https://technet.microsoft.com/en-us/library/cc723564.aspx
 				//  * T15518
 				//  * CR r63214
 				// Double the backslashes before any double quotes. Escape the double quotes.
-				// @codingStandardsIgnoreEnd
 				$tokens = preg_split( '/(\\\\*")/', $arg, -1, PREG_SPLIT_DELIM_CAPTURE );
 				$arg = '';
 				$iteration = 0;