private $method;
/** @var bool */
- private $useStderr = false;
+ private $doIncludeStderr = false;
+
+ /** @var bool */
+ private $doLogStderr = false;
/** @var bool */
private $everExecuted = false;
/** @var string|false */
- private $cGroup = false;
+ private $cgroup = false;
+
+ /**
+ * bitfield with restrictions
+ *
+ * @var int
+ */
+ protected $restrictions = 0;
/**
* Constructor. Don't call directly, instead use Shell::command()
*/
public function __destruct() {
if ( !$this->everExecuted ) {
+ $context = [ 'command' => $this->command ];
$message = __CLASS__ . " was instantiated, but execute() was never called.";
if ( $this->method ) {
- $message .= " Calling method: {$this->method}.";
+ $message .= ' Calling method: {method}.';
+ $context['method'] = $this->method;
}
- $message .= " Command: {$this->command}";
- trigger_error( $message, E_USER_NOTICE );
+ $message .= ' Command: {command}';
+ $this->logger->warning( $message, $context );
}
}
/**
* Adds parameters to the command. All parameters are sanitized via Shell::escape().
+ * Null values are ignored.
*
* @param string|string[] $args,...
* @return $this
// treat it as a list of arguments
$args = reset( $args );
}
- $this->command .= ' ' . Shell::escape( $args );
+ $this->command = trim( $this->command . ' ' . Shell::escape( $args ) );
return $this;
}
/**
* Adds unsafe parameters to the command. These parameters are NOT sanitized in any way.
+ * Null values are ignored.
*
* @param string|string[] $args,...
* @return $this
// treat it as a list of arguments
$args = reset( $args );
}
- $this->command .= implode( ' ', $args );
+ $args = array_filter( $args,
+ function ( $value ) {
+ return $value !== null;
+ }
+ );
+ $this->command = trim( $this->command . ' ' . implode( ' ', $args ) );
return $this;
}
/**
* Sets execution limits
*
- * @param array $limits Optional array with limits(filesize, memory, time, walltime).
+ * @param array $limits Associative array of limits. Keys (all optional):
+ * filesize (for ulimit -f), memory, time, walltime.
* @return $this
*/
public function limits( array $limits ) {
* @return $this
*/
public function includeStderr( $yesno = true ) {
- $this->useStderr = $yesno;
+ $this->doIncludeStderr = $yesno;
+
+ return $this;
+ }
+
+ /**
+ * When enabled, text sent to stderr will be logged with a level of 'error'.
+ *
+ * @param bool $yesno
+ * @return $this
+ */
+ public function logStderr( $yesno = true ) {
+ $this->doLogStderr = $yesno;
return $this;
}
/**
* Sets cgroup for this command
*
- * @param string|false $cgroup
+ * @param string|false $cgroup Absolute file path to the cgroup, or false to not use a cgroup
* @return $this
*/
public function cgroup( $cgroup ) {
- $this->cGroup = $cgroup;
+ $this->cgroup = $cgroup;
return $this;
}
/**
- * Executes command. Afterwards, getExitCode() and getOutput() can be used to access execution
- * results.
+ * Set additional restrictions for this request
*
- * @return Result
- * @throws Exception
- * @throws ProcOpenError
- * @throws ShellDisabledError
+ * @since 1.31
+ * @param int $restrictions
+ * @return $this
*/
- public function execute() {
- $this->everExecuted = true;
+ public function restrict( $restrictions ) {
+ $this->restrictions |= $restrictions;
- $profileMethod = $this->method ?: wfGetCaller();
+ return $this;
+ }
+
+ /**
+ * Bitfield helper on whether a specific restriction is enabled
+ *
+ * @param int $restriction
+ *
+ * @return bool
+ */
+ protected function hasRestriction( $restriction ) {
+ return ( $this->restrictions & $restriction ) === $restriction;
+ }
+ /**
+ * If called, only the files/directories that are
+ * whitelisted will be available to the shell command.
+ *
+ * limit.sh will always be whitelisted
+ *
+ * @param string[] $paths
+ *
+ * @return $this
+ */
+ public function whitelistPaths( array $paths ) {
+ // Default implementation is a no-op
+ return $this;
+ }
+
+ /**
+ * String together all the options and build the final command
+ * to execute
+ *
+ * @return array [ command, whether to use log pipe ]
+ */
+ protected function buildFinalCommand() {
$envcmd = '';
foreach ( $this->env as $k => $v ) {
if ( wfIsWindows() ) {
}
}
+ $useLogPipe = false;
$cmd = $envcmd . trim( $this->command );
- $useLogPipe = false;
if ( is_executable( '/bin/bash' ) ) {
$time = intval( $this->limits['time'] );
$wallTime = intval( $this->limits['walltime'] );
if ( $time > 0 || $mem > 0 || $filesize > 0 || $wallTime > 0 ) {
$cmd = '/bin/bash ' . escapeshellarg( __DIR__ . '/limit.sh' ) . ' ' .
- escapeshellarg( $cmd ) . ' ' .
- escapeshellarg(
- "MW_INCLUDE_STDERR=" . ( $this->useStderr ? '1' : '' ) . ';' .
- "MW_CPU_LIMIT=$time; " .
- 'MW_CGROUP=' . escapeshellarg( $this->cGroup ) . '; ' .
- "MW_MEM_LIMIT=$mem; " .
- "MW_FILE_SIZE_LIMIT=$filesize; " .
- "MW_WALL_CLOCK_LIMIT=$wallTime; " .
- "MW_USE_LOG_PIPE=yes"
- );
+ escapeshellarg( $cmd ) . ' ' .
+ escapeshellarg(
+ "MW_INCLUDE_STDERR=" . ( $this->doIncludeStderr ? '1' : '' ) . ';' .
+ "MW_CPU_LIMIT=$time; " .
+ 'MW_CGROUP=' . escapeshellarg( $this->cgroup ) . '; ' .
+ "MW_MEM_LIMIT=$mem; " .
+ "MW_FILE_SIZE_LIMIT=$filesize; " .
+ "MW_WALL_CLOCK_LIMIT=$wallTime; " .
+ "MW_USE_LOG_PIPE=yes"
+ );
$useLogPipe = true;
}
}
- if ( !$useLogPipe && $this->useStderr ) {
+ if ( !$useLogPipe && $this->doIncludeStderr ) {
$cmd .= ' 2>&1';
}
- wfDebug( __METHOD__ . ": $cmd\n" );
+
+ return [ $cmd, $useLogPipe ];
+ }
+
+ /**
+ * Executes command. Afterwards, getExitCode() and getOutput() can be used to access execution
+ * results.
+ *
+ * @return Result
+ * @throws Exception
+ * @throws ProcOpenError
+ * @throws ShellDisabledError
+ */
+ public function execute() {
+ $this->everExecuted = true;
+
+ $profileMethod = $this->method ?: wfGetCaller();
+
+ list( $cmd, $useLogPipe ) = $this->buildFinalCommand();
+
+ $this->logger->debug( __METHOD__ . ": $cmd" );
// Don't try to execute commands that exceed Linux's MAX_ARG_STRLEN.
// Other platforms may be more accomodating, but we don't want to be
$this->logger->warning( "$logMsg: {command}", [ 'command' => $cmd ] );
}
+ if ( $errBuffer && $this->doLogStderr ) {
+ $this->logger->error( "Error running {command}: {error}", [
+ 'command' => $cmd,
+ 'error' => $errBuffer,
+ 'exitcode' => $retval,
+ 'exception' => new Exception( 'Shell error' ),
+ ] );
+ }
+
return new Result( $retval, $outBuffer, $errBuffer );
}
}