private $method;
/** @var bool */
- private $useStderr = false;
+ private $doIncludeStderr = false;
+
+ /** @var bool */
+ private $doLogStderr = false;
/** @var bool */
private $everExecuted = false;
/** @var string|false */
private $cgroup = false;
+ /**
+ * bitfield with restrictions
+ *
+ * @var int
+ */
+ protected $restrictions = 0;
+
/**
* Constructor. Don't call directly, instead use Shell::command()
*
* @return $this
*/
public function includeStderr( $yesno = true ) {
- $this->useStderr = $yesno;
+ $this->doIncludeStderr = $yesno;
+
+ return $this;
+ }
+
+ /**
+ * When enabled, text sent to stderr will be logged with a level of 'error'.
+ *
+ * @param bool $yesno
+ * @return $this
+ */
+ public function logStderr( $yesno = true ) {
+ $this->doLogStderr = $yesno;
return $this;
}
}
/**
- * Executes command. Afterwards, getExitCode() and getOutput() can be used to access execution
- * results.
+ * Set additional restrictions for this request
*
- * @return Result
- * @throws Exception
- * @throws ProcOpenError
- * @throws ShellDisabledError
+ * @since 1.31
+ * @param int $restrictions
+ * @return $this
*/
- public function execute() {
- $this->everExecuted = true;
+ public function restrict( $restrictions ) {
+ $this->restrictions |= $restrictions;
- $profileMethod = $this->method ?: wfGetCaller();
+ return $this;
+ }
+
+ /**
+ * Bitfield helper on whether a specific restriction is enabled
+ *
+ * @param int $restriction
+ *
+ * @return bool
+ */
+ protected function hasRestriction( $restriction ) {
+ return ( $this->restrictions & $restriction ) === $restriction;
+ }
+ /**
+ * If called, only the files/directories that are
+ * whitelisted will be available to the shell command.
+ *
+ * limit.sh will always be whitelisted
+ *
+ * @param string[] $paths
+ *
+ * @return $this
+ */
+ public function whitelistPaths( array $paths ) {
+ // Default implementation is a no-op
+ return $this;
+ }
+
+ /**
+ * String together all the options and build the final command
+ * to execute
+ *
+ * @return array [ command, whether to use log pipe ]
+ */
+ protected function buildFinalCommand() {
$envcmd = '';
foreach ( $this->env as $k => $v ) {
if ( wfIsWindows() ) {
}
}
+ $useLogPipe = false;
$cmd = $envcmd . trim( $this->command );
- $useLogPipe = false;
if ( is_executable( '/bin/bash' ) ) {
$time = intval( $this->limits['time'] );
$wallTime = intval( $this->limits['walltime'] );
if ( $time > 0 || $mem > 0 || $filesize > 0 || $wallTime > 0 ) {
$cmd = '/bin/bash ' . escapeshellarg( __DIR__ . '/limit.sh' ) . ' ' .
- escapeshellarg( $cmd ) . ' ' .
- escapeshellarg(
- "MW_INCLUDE_STDERR=" . ( $this->useStderr ? '1' : '' ) . ';' .
- "MW_CPU_LIMIT=$time; " .
- 'MW_CGROUP=' . escapeshellarg( $this->cgroup ) . '; ' .
- "MW_MEM_LIMIT=$mem; " .
- "MW_FILE_SIZE_LIMIT=$filesize; " .
- "MW_WALL_CLOCK_LIMIT=$wallTime; " .
- "MW_USE_LOG_PIPE=yes"
- );
+ escapeshellarg( $cmd ) . ' ' .
+ escapeshellarg(
+ "MW_INCLUDE_STDERR=" . ( $this->doIncludeStderr ? '1' : '' ) . ';' .
+ "MW_CPU_LIMIT=$time; " .
+ 'MW_CGROUP=' . escapeshellarg( $this->cgroup ) . '; ' .
+ "MW_MEM_LIMIT=$mem; " .
+ "MW_FILE_SIZE_LIMIT=$filesize; " .
+ "MW_WALL_CLOCK_LIMIT=$wallTime; " .
+ "MW_USE_LOG_PIPE=yes"
+ );
$useLogPipe = true;
}
}
- if ( !$useLogPipe && $this->useStderr ) {
+ if ( !$useLogPipe && $this->doIncludeStderr ) {
$cmd .= ' 2>&1';
}
+
+ return [ $cmd, $useLogPipe ];
+ }
+
+ /**
+ * Executes command. Afterwards, getExitCode() and getOutput() can be used to access execution
+ * results.
+ *
+ * @return Result
+ * @throws Exception
+ * @throws ProcOpenError
+ * @throws ShellDisabledError
+ */
+ public function execute() {
+ $this->everExecuted = true;
+
+ $profileMethod = $this->method ?: wfGetCaller();
+
+ list( $cmd, $useLogPipe ) = $this->buildFinalCommand();
+
$this->logger->debug( __METHOD__ . ": $cmd" );
// Don't try to execute commands that exceed Linux's MAX_ARG_STRLEN.
$this->logger->warning( "$logMsg: {command}", [ 'command' => $cmd ] );
}
+ if ( $errBuffer && $this->doLogStderr ) {
+ $this->logger->error( "Error running {command}: {error}", [
+ 'command' => $cmd,
+ 'error' => $errBuffer,
+ 'exitcode' => $retval,
+ 'exception' => new Exception( 'Shell error' ),
+ ] );
+ }
+
return new Result( $retval, $outBuffer, $errBuffer );
}
}