dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
shell: annotate return types
[lhc/web/wiklou.git] / includes / shell / Command.php
1 <?php
2 /**
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License along
14 * with this program; if not, write to the Free Software Foundation, Inc.,
15 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 * http://www.gnu.org/copyleft/gpl.html
17 *
18 * @file
19 */
20
21 namespace MediaWiki\Shell;
22
23 use Exception;
24 use MediaWiki\ProcOpenError;
25 use MediaWiki\ShellDisabledError;
26 use Profiler;
27 use Psr\Log\LoggerAwareTrait;
28 use Psr\Log\NullLogger;
29
30 /**
31 * Class used for executing shell commands
32 *
33 * @since 1.30
34 */
35 class Command {
36 use LoggerAwareTrait;
37
38 /** @var string */
39 protected $command = '';
40
41 /** @var array */
42 private $limits = [
43 // seconds
44 'time' => 180,
45 // seconds
46 'walltime' => 180,
47 // KB
48 'memory' => 307200,
49 // KB
50 'filesize' => 102400,
51 ];
52
53 /** @var string[] */
54 private $env = [];
55
56 /** @var string */
57 private $method;
58
59 /** @var string|null */
60 private $inputString;
61
62 /** @var bool */
63 private $doIncludeStderr = false;
64
65 /** @var bool */
66 private $doLogStderr = false;
67
68 /** @var bool */
69 private $everExecuted = false;
70
71 /** @var string|false */
72 private $cgroup = false;
73
74 /**
75 * bitfield with restrictions
76 *
77 * @var int
78 */
79 protected $restrictions = 0;
80
81 /**
82 * Constructor. Don't call directly, instead use Shell::command()
83 *
84 * @throws ShellDisabledError
85 */
86 public function __construct() {
87 if ( Shell::isDisabled() ) {
88 throw new ShellDisabledError();
89 }
90
91 $this->setLogger( new NullLogger() );
92 }
93
94 /**
95 * Destructor. Makes sure programmer didn't forget to execute the command after all
96 */
97 public function __destruct() {
98 if ( !$this->everExecuted ) {
99 $context = [ 'command' => $this->command ];
100 $message = __CLASS__ . " was instantiated, but execute() was never called.";
101 if ( $this->method ) {
102 $message .= ' Calling method: {method}.';
103 $context['method'] = $this->method;
104 }
105 $message .= ' Command: {command}';
106 $this->logger->warning( $message, $context );
107 }
108 }
109
110 /**
111 * Adds parameters to the command. All parameters are sanitized via Shell::escape().
112 * Null values are ignored.
113 *
114 * @param string|string[] ...$args
115 * @return $this
116 */
117 public function params( ...$args ): Command {
118 if ( count( $args ) === 1 && is_array( reset( $args ) ) ) {
119 // If only one argument has been passed, and that argument is an array,
120 // treat it as a list of arguments
121 $args = reset( $args );
122 }
123 $this->command = trim( $this->command . ' ' . Shell::escape( $args ) );
124
125 return $this;
126 }
127
128 /**
129 * Adds unsafe parameters to the command. These parameters are NOT sanitized in any way.
130 * Null values are ignored.
131 *
132 * @param string|string[] ...$args
133 * @return $this
134 */
135 public function unsafeParams( ...$args ): Command {
136 if ( count( $args ) === 1 && is_array( reset( $args ) ) ) {
137 // If only one argument has been passed, and that argument is an array,
138 // treat it as a list of arguments
139 $args = reset( $args );
140 }
141 $args = array_filter( $args,
142 function ( $value ) {
143 return $value !== null;
144 }
145 );
146 $this->command = trim( $this->command . ' ' . implode( ' ', $args ) );
147
148 return $this;
149 }
150
151 /**
152 * Sets execution limits
153 *
154 * @param array $limits Associative array of limits. Keys (all optional):
155 * filesize (for ulimit -f), memory, time, walltime.
156 * @return $this
157 */
158 public function limits( array $limits ): Command {
159 if ( !isset( $limits['walltime'] ) && isset( $limits['time'] ) ) {
160 // Emulate the behavior of old wfShellExec() where walltime fell back on time
161 // if the latter was overridden and the former wasn't
162 $limits['walltime'] = $limits['time'];
163 }
164 $this->limits = $limits + $this->limits;
165
166 return $this;
167 }
168
169 /**
170 * Sets environment variables which should be added to the executed command environment
171 *
172 * @param string[] $env array of variable name => value
173 * @return $this
174 */
175 public function environment( array $env ): Command {
176 $this->env = $env;
177
178 return $this;
179 }
180
181 /**
182 * Sets calling function for profiler. By default, the caller for execute() will be used.
183 *
184 * @param string $method
185 * @return $this
186 */
187 public function profileMethod( $method ): Command {
188 $this->method = $method;
189
190 return $this;
191 }
192
193 /**
194 * Sends the provided input to the command.
195 * When set to null (default), the command will use the standard input.
196 * @param string|null $inputString
197 * @return $this
198 */
199 public function input( $inputString ): Command {
200 $this->inputString = is_null( $inputString ) ? null : (string)$inputString;
201
202 return $this;
203 }
204
205 /**
206 * Controls whether stderr should be included in stdout, including errors from limit.sh.
207 * Default: don't include.
208 *
209 * @param bool $yesno
210 * @return $this
211 */
212 public function includeStderr( $yesno = true ): Command {
213 $this->doIncludeStderr = $yesno;
214
215 return $this;
216 }
217
218 /**
219 * When enabled, text sent to stderr will be logged with a level of 'error'.
220 *
221 * @param bool $yesno
222 * @return $this
223 */
224 public function logStderr( $yesno = true ): Command {
225 $this->doLogStderr = $yesno;
226
227 return $this;
228 }
229
230 /**
231 * Sets cgroup for this command
232 *
233 * @param string|false $cgroup Absolute file path to the cgroup, or false to not use a cgroup
234 * @return $this
235 */
236 public function cgroup( $cgroup ): Command {
237 $this->cgroup = $cgroup;
238
239 return $this;
240 }
241
242 /**
243 * Set additional restrictions for this request
244 *
245 * @since 1.31
246 * @param int $restrictions
247 * @return $this
248 */
249 public function restrict( $restrictions ): Command {
250 $this->restrictions |= $restrictions;
251
252 return $this;
253 }
254
255 /**
256 * Bitfield helper on whether a specific restriction is enabled
257 *
258 * @param int $restriction
259 *
260 * @return bool
261 */
262 protected function hasRestriction( $restriction ) {
263 return ( $this->restrictions & $restriction ) === $restriction;
264 }
265
266 /**
267 * If called, only the files/directories that are
268 * whitelisted will be available to the shell command.
269 *
270 * limit.sh will always be whitelisted
271 *
272 * @param string[] $paths
273 *
274 * @return $this
275 */
276 public function whitelistPaths( array $paths ): Command {
277 // Default implementation is a no-op
278 return $this;
279 }
280
281 /**
282 * String together all the options and build the final command
283 * to execute
284 *
285 * @param string $command Already-escaped command to run
286 * @return array [ command, whether to use log pipe ]
287 */
288 protected function buildFinalCommand( $command ) {
289 $envcmd = '';
290 foreach ( $this->env as $k => $v ) {
291 if ( wfIsWindows() ) {
292 /* Surrounding a set in quotes (method used by wfEscapeShellArg) makes the quotes themselves
293 * appear in the environment variable, so we must use carat escaping as documented in
294 * https://technet.microsoft.com/en-us/library/cc723564.aspx
295 * Note however that the quote isn't listed there, but is needed, and the parentheses
296 * are listed there but doesn't appear to need it.
297 */
298 $envcmd .= "set $k=" . preg_replace( '/([&|()<>^"])/', '^\\1', $v ) . '&& ';
299 } else {
300 /* Assume this is a POSIX shell, thus required to accept variable assignments before the command
301 * http://www.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_09_01
302 */
303 $envcmd .= "$k=" . escapeshellarg( $v ) . ' ';
304 }
305 }
306
307 $useLogPipe = false;
308 $cmd = $envcmd . trim( $command );
309
310 if ( is_executable( '/bin/bash' ) ) {
311 $time = intval( $this->limits['time'] );
312 $wallTime = intval( $this->limits['walltime'] );
313 $mem = intval( $this->limits['memory'] );
314 $filesize = intval( $this->limits['filesize'] );
315
316 if ( $time > 0 || $mem > 0 || $filesize > 0 || $wallTime > 0 ) {
317 $cmd = '/bin/bash ' . escapeshellarg( __DIR__ . '/limit.sh' ) . ' ' .
318 escapeshellarg( $cmd ) . ' ' .
319 escapeshellarg(
320 "MW_INCLUDE_STDERR=" . ( $this->doIncludeStderr ? '1' : '' ) . ';' .
321 "MW_CPU_LIMIT=$time; " .
322 'MW_CGROUP=' . escapeshellarg( $this->cgroup ) . '; ' .
323 "MW_MEM_LIMIT=$mem; " .
324 "MW_FILE_SIZE_LIMIT=$filesize; " .
325 "MW_WALL_CLOCK_LIMIT=$wallTime; " .
326 "MW_USE_LOG_PIPE=yes"
327 );
328 $useLogPipe = true;
329 }
330 }
331 if ( !$useLogPipe && $this->doIncludeStderr ) {
332 $cmd .= ' 2>&1';
333 }
334
335 return [ $cmd, $useLogPipe ];
336 }
337
338 /**
339 * Executes command. Afterwards, getExitCode() and getOutput() can be used to access execution
340 * results.
341 *
342 * @return Result
343 * @throws Exception
344 * @throws ProcOpenError
345 * @throws ShellDisabledError
346 */
347 public function execute() {
348 $this->everExecuted = true;
349
350 $profileMethod = $this->method ?: wfGetCaller();
351
352 list( $cmd, $useLogPipe ) = $this->buildFinalCommand( $this->command );
353
354 $this->logger->debug( __METHOD__ . ": $cmd" );
355
356 // Don't try to execute commands that exceed Linux's MAX_ARG_STRLEN.
357 // Other platforms may be more accomodating, but we don't want to be
358 // accomodating, because very long commands probably include user
359 // input. See T129506.
360 if ( strlen( $cmd ) > SHELL_MAX_ARG_STRLEN ) {
361 throw new Exception( __METHOD__ .
362 '(): total length of $cmd must not exceed SHELL_MAX_ARG_STRLEN' );
363 }
364
365 $desc = [
366 0 => $this->inputString === null ? [ 'file', 'php://stdin', 'r' ] : [ 'pipe', 'r' ],
367 1 => [ 'pipe', 'w' ],
368 2 => [ 'pipe', 'w' ],
369 ];
370 if ( $useLogPipe ) {
371 $desc[3] = [ 'pipe', 'w' ];
372 }
373 $pipes = null;
374 $scoped = Profiler::instance()->scopedProfileIn( __FUNCTION__ . '-' . $profileMethod );
375 $proc = proc_open( $cmd, $desc, $pipes );
376 if ( !$proc ) {
377 $this->logger->error( "proc_open() failed: {command}", [ 'command' => $cmd ] );
378 throw new ProcOpenError();
379 }
380
381 $buffers = [
382 0 => $this->inputString, // input
383 1 => '', // stdout
384 2 => null, // stderr
385 3 => '', // log
386 ];
387 $emptyArray = [];
388 $status = false;
389 $logMsg = false;
390
391 /* According to the documentation, it is possible for stream_select()
392 * to fail due to EINTR. I haven't managed to induce this in testing
393 * despite sending various signals. If it did happen, the error
394 * message would take the form:
395 *
396 * stream_select(): unable to select [4]: Interrupted system call (max_fd=5)
397 *
398 * where [4] is the value of the macro EINTR and "Interrupted system
399 * call" is string which according to the Linux manual is "possibly"
400 * localised according to LC_MESSAGES.
401 */
402 $eintr = defined( 'SOCKET_EINTR' ) ? SOCKET_EINTR : 4;
403 $eintrMessage = "stream_select(): unable to select [$eintr]";
404
405 /* The select(2) system call only guarantees a "sufficiently small write"
406 * can be made without blocking. And on Linux the read might block too
407 * in certain cases, although I don't know if any of them can occur here.
408 * Regardless, set all the pipes to non-blocking to avoid T184171.
409 */
410 foreach ( $pipes as $pipe ) {
411 stream_set_blocking( $pipe, false );
412 }
413
414 $running = true;
415 $timeout = null;
416 $numReadyPipes = 0;
417
418 while ( $pipes && ( $running === true || $numReadyPipes !== 0 ) ) {
419 if ( $running ) {
420 $status = proc_get_status( $proc );
421 // If the process has terminated, switch to nonblocking selects
422 // for getting any data still waiting to be read.
423 if ( !$status['running'] ) {
424 $running = false;
425 $timeout = 0;
426 }
427 }
428
429 // clear get_last_error without actually raising an error
430 // from https://www.php.net/manual/en/function.error-get-last.php#113518
431 // TODO replace with clear_last_error when requirements are bumped to PHP7
432 set_error_handler( function () {
433 }, 0 );
434 \Wikimedia\suppressWarnings();
435 trigger_error( '' );
436 \Wikimedia\restoreWarnings();
437 restore_error_handler();
438
439 $readPipes = array_filter( $pipes, function ( $fd ) use ( $desc ) {
440 return $desc[$fd][0] === 'pipe' && $desc[$fd][1] === 'r';
441 }, ARRAY_FILTER_USE_KEY );
442 $writePipes = array_filter( $pipes, function ( $fd ) use ( $desc ) {
443 return $desc[$fd][0] === 'pipe' && $desc[$fd][1] === 'w';
444 }, ARRAY_FILTER_USE_KEY );
445 // stream_select parameter names are from the POV of us being able to do the operation;
446 // proc_open desriptor types are from the POV of the process doing it.
447 // So $writePipes is passed as the $read parameter and $readPipes as $write.
448 // phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
449 $numReadyPipes = @stream_select( $writePipes, $readPipes, $emptyArray, $timeout );
450 if ( $numReadyPipes === false ) {
451 $error = error_get_last();
452 if ( strncmp( $error['message'], $eintrMessage, strlen( $eintrMessage ) ) == 0 ) {
453 continue;
454 } else {
455 trigger_error( $error['message'], E_USER_WARNING );
456 $logMsg = $error['message'];
457 break;
458 }
459 }
460 foreach ( $writePipes + $readPipes as $fd => $pipe ) {
461 // True if a pipe is unblocked for us to write into, false if for reading from
462 $isWrite = array_key_exists( $fd, $readPipes );
463
464 if ( $isWrite ) {
465 // Don't bother writing if the buffer is empty
466 if ( $buffers[$fd] === '' ) {
467 fclose( $pipes[$fd] );
468 unset( $pipes[$fd] );
469 continue;
470 }
471 $res = fwrite( $pipe, $buffers[$fd], 65536 );
472 } else {
473 $res = fread( $pipe, 65536 );
474 }
475
476 if ( $res === false ) {
477 $logMsg = 'Error ' . ( $isWrite ? 'writing to' : 'reading from' ) . ' pipe';
478 break 2;
479 }
480
481 if ( $res === '' || $res === 0 ) {
482 // End of file?
483 if ( feof( $pipe ) ) {
484 fclose( $pipes[$fd] );
485 unset( $pipes[$fd] );
486 }
487 } elseif ( $isWrite ) {
488 $buffers[$fd] = (string)substr( $buffers[$fd], $res );
489 if ( $buffers[$fd] === '' ) {
490 fclose( $pipes[$fd] );
491 unset( $pipes[$fd] );
492 }
493 } else {
494 $buffers[$fd] .= $res;
495 if ( $fd === 3 && strpos( $res, "\n" ) !== false ) {
496 // For the log FD, every line is a separate log entry.
497 $lines = explode( "\n", $buffers[3] );
498 $buffers[3] = array_pop( $lines );
499 foreach ( $lines as $line ) {
500 $this->logger->info( $line );
501 }
502 }
503 }
504 }
505 }
506
507 foreach ( $pipes as $pipe ) {
508 fclose( $pipe );
509 }
510
511 // Use the status previously collected if possible, since proc_get_status()
512 // just calls waitpid() which will not return anything useful the second time.
513 if ( $running ) {
514 $status = proc_get_status( $proc );
515 }
516
517 if ( $logMsg !== false ) {
518 // Read/select error
519 $retval = -1;
520 proc_close( $proc );
521 } elseif ( $status['signaled'] ) {
522 $logMsg = "Exited with signal {$status['termsig']}";
523 $retval = 128 + $status['termsig'];
524 proc_close( $proc );
525 } else {
526 if ( $status['running'] ) {
527 $retval = proc_close( $proc );
528 } else {
529 $retval = $status['exitcode'];
530 proc_close( $proc );
531 }
532 if ( $retval == 127 ) {
533 $logMsg = "Possibly missing executable file";
534 } elseif ( $retval >= 129 && $retval <= 192 ) {
535 $logMsg = "Probably exited with signal " . ( $retval - 128 );
536 }
537 }
538
539 if ( $logMsg !== false ) {
540 $this->logger->warning( "$logMsg: {command}", [ 'command' => $cmd ] );
541 }
542
543 if ( $buffers[2] && $this->doLogStderr ) {
544 $this->logger->error( "Error running {command}: {error}", [
545 'command' => $cmd,
546 'error' => $buffers[2],
547 'exitcode' => $retval,
548 'exception' => new Exception( 'Shell error' ),
549 ] );
550 }
551
552 return new Result( $retval, $buffers[1], $buffers[2] );
553 }
554
555 /**
556 * Returns the final command line before environment/limiting, etc are applied.
557 * Use string conversion only for debugging, don't try to pass this to
558 * some other execution medium.
559 *
560 * @return string
561 */
562 public function __toString() {
563 return "#Command: {$this->command}";
564 }
565 }
Wiklou, le Wiki du Wiklou