X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fshell%2FShell.php;h=6e4fd02a13b9960722c0ff0a2f3ede9d997a228b;hb=fbbb79b1937d41fd572dd24eaa46adb1a40f2c6e;hp=c293ff2110ebc069d387dee1ad169c5edbeaa152;hpb=7320a9577e882fbeacb1772977fbfecf8aa5424d;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/shell/Shell.php b/includes/shell/Shell.php
index c293ff2110..6e4fd02a13 100644
--- a/includes/shell/Shell.php
+++ b/includes/shell/Shell.php
@@ -22,6 +22,8 @@
 
 namespace MediaWiki\Shell;
 
+use MediaWiki\MediaWikiServices;
+
 /**
  * Executes shell commands
  *
@@ -35,14 +37,66 @@ namespace MediaWiki\Shell;
  *
  *  ... = $result->getExitCode();
  *  ... = $result->getStdout();
+ *  ... = $result->getStderr();
  */
 class Shell {
 
 	/**
-	 * Returns a new instance of this class
+	 * Apply a default set of restrictions for improved
+	 * security out of the box.
+	 *
+	 * Equal to NO_ROOT | SECCOMP | PRIVATE_DEV
+	 *
+	 * @note This value will change over time to provide increased security
+	 *       by default, and is not guaranteed to be backwards-compatible.
+	 * @since 1.31
+	 */
+	const RESTRICT_DEFAULT = 7;
+
+	/**
+	 * Disallow any root access. Any setuid binaries
+	 * will be run without elevated access.
+	 *
+	 * @since 1.31
+	 */
+	const NO_ROOT = 1;
+
+	/**
+	 * Use seccomp to block dangerous syscalls
+	 * @see <https://en.wikipedia.org/wiki/seccomp>
+	 *
+	 * @since 1.31
+	 */
+	const SECCOMP = 2;
+
+	/**
+	 * Create a private /dev
 	 *
-	 * @param string|string[] $command If string, a properly shell-escaped command line,
-	 *   or an array of unescaped arguments, in which case each value will be escaped
+	 * @since 1.31
+	 */
+	const PRIVATE_DEV = 4;
+
+	/**
+	 * Restrict the request to have no
+	 * network access
+	 *
+	 * @since 1.31
+	 */
+	const NO_NETWORK = 8;
+
+	/**
+	 * Deny execve syscall with seccomp
+	 * @see <https://en.wikipedia.org/wiki/exec_(system_call)>
+	 *
+	 * @since 1.31
+	 */
+	const NO_EXECVE = 16;
+
+	/**
+	 * Returns a new instance of Command class
+	 *
+	 * @param string|string[] $command String or array of strings representing the command to
+	 * be executed, each value will be escaped.
 	 *   Example:   [ 'convert', '-font', 'font name' ] would produce "'convert' '-font' 'font name'"
 	 * @return Command
 	 */
@@ -53,7 +107,10 @@ class Shell {
 			// treat it as a list of arguments
 			$args = reset( $args );
 		}
-		$command = new Command();
+		$command = MediaWikiServices::getInstance()
+			->getShellCommandFactory()
+			->create();
+
 		return $command->params( $args );
 	}
 
@@ -107,14 +164,12 @@ class Shell {
 
 			if ( wfIsWindows() ) {
 				// Escaping for an MSVC-style command line parser and CMD.EXE
-				// @codingStandardsIgnoreStart For long URLs
 				// Refs:
 				//  * https://web.archive.org/web/20020708081031/http://mailman.lyra.org/pipermail/scite-interest/2002-March/000436.html
 				//  * https://technet.microsoft.com/en-us/library/cc723564.aspx
 				//  * T15518
 				//  * CR r63214
 				// Double the backslashes before any double quotes. Escape the double quotes.
-				// @codingStandardsIgnoreEnd
 				$tokens = preg_split( '/(\\\\*")/', $arg, -1, PREG_SPLIT_DELIM_CAPTURE );
 				$arg = '';
 				$iteration = 0;