use MediaWiki\ProcOpenError;
use MediaWiki\ShellDisabledError;
use Profiler;
+use Psr\Log\LoggerAwareTrait;
+use Psr\Log\NullLogger;
/**
* Class used for executing shell commands
* @since 1.30
*/
class Command {
+ use LoggerAwareTrait;
+
/** @var string */
private $command = '';
/** @var array */
- private $limits = [];
+ private $limits = [
+ // seconds
+ 'time' => 180,
+ // seconds
+ 'walltime' => 180,
+ // KB
+ 'memory' => 307200,
+ // KB
+ 'filesize' => 102400,
+ ];
/** @var string[] */
private $env = [];
/** @var bool */
private $everExecuted = false;
+ /** @var string|false */
+ private $cGroup = false;
+
/**
* Constructor. Don't call directly, instead use Shell::command()
+ *
+ * @throws ShellDisabledError
*/
public function __construct() {
if ( Shell::isDisabled() ) {
throw new ShellDisabledError();
}
+
+ $this->setLogger( new NullLogger() );
}
/**
* Sets execution limits
*
* @param array $limits Optional array with limits(filesize, memory, time, walltime).
- * This overrides the global wgMaxShell* limits.
* @return $this
*/
public function limits( array $limits ) {
- $this->limits = $limits;
+ $this->limits = $limits + $this->limits;
return $this;
}
return $this;
}
+ /**
+ * Sets cgroup for this command
+ *
+ * @param string|false $cgroup
+ * @return $this
+ */
+ public function cgroup( $cgroup ) {
+ $this->cGroup = $cgroup;
+
+ return $this;
+ }
+
/**
* Executes command. Afterwards, getExitCode() and getOutput() can be used to access execution
* results.
* @throws ShellDisabledError
*/
public function execute() {
- global $IP, $wgMaxShellMemory, $wgMaxShellFileSize, $wgMaxShellTime,
- $wgMaxShellWallClockTime, $wgShellCgroup;
+ global $IP;
$this->everExecuted = true;
$useLogPipe = false;
if ( is_executable( '/bin/bash' ) ) {
- $time = intval( isset( $this->limits['time'] ) ? $this->limits['time'] : $wgMaxShellTime );
- if ( isset( $this->limits['walltime'] ) ) {
- $wallTime = intval( $this->limits['walltime'] );
- } elseif ( isset( $this->limits['time'] ) ) {
- $wallTime = $time;
- } else {
- $wallTime = intval( $wgMaxShellWallClockTime );
- }
- $mem = intval( isset( $this->limits['memory'] ) ? $this->limits['memory'] : $wgMaxShellMemory );
- $filesize = intval( isset( $this->limits['filesize'] )
- ? $this->limits['filesize']
- : $wgMaxShellFileSize );
+ $time = intval( $this->limits['time'] );
+ $wallTime = intval( $this->limits['walltime'] );
+ // for b/c, wall time falls back to time
+ $wallTime = min( $time, $wallTime );
+ $mem = intval( $this->limits['memory'] );
+ $filesize = intval( $this->limits['filesize'] );
if ( $time > 0 || $mem > 0 || $filesize > 0 || $wallTime > 0 ) {
$cmd = '/bin/bash ' . escapeshellarg( "$IP/includes/limit.sh" ) . ' ' .
escapeshellarg(
"MW_INCLUDE_STDERR=" . ( $this->useStderr ? '1' : '' ) . ';' .
"MW_CPU_LIMIT=$time; " .
- 'MW_CGROUP=' . escapeshellarg( $wgShellCgroup ) . '; ' .
+ 'MW_CGROUP=' . escapeshellarg( $this->cGroup ) . '; ' .
"MW_MEM_LIMIT=$mem; " .
"MW_FILE_SIZE_LIMIT=$filesize; " .
"MW_WALL_CLOCK_LIMIT=$wallTime; " .
$scoped = Profiler::instance()->scopedProfileIn( __FUNCTION__ . '-' . $profileMethod );
$proc = proc_open( $cmd, $desc, $pipes );
if ( !$proc ) {
- wfDebugLog( 'exec', "proc_open() failed: $cmd" );
+ $this->logger->error( "proc_open() failed: {command}", [ 'command' => $cmd ] );
throw new ProcOpenError();
}
$outBuffer = $logBuffer = '';
$lines = explode( "\n", $logBuffer );
$logBuffer = array_pop( $lines );
foreach ( $lines as $line ) {
- wfDebugLog( 'exec', $line );
+ $this->logger->info( $line );
}
}
}
}
if ( $logMsg !== false ) {
- wfDebugLog( 'exec', "$logMsg: $cmd" );
+ $this->logger->warning( "$logMsg: {command}", [ 'command' => $cmd ] );
}
return new Result( $retval, $outBuffer );
namespace MediaWiki\Shell;
+use MediaWiki\Logger\LoggerFactory;
+use MediaWiki\MediaWikiServices;
+
/**
* Executes shell commands
*
class Shell {
/**
- * Returns a new instance of this class
+ * Returns a new instance of Command class
*
- * @param string|string[] $command If string, a properly shell-escaped command line,
- * or an array of unescaped arguments, in which case each value will be escaped
+ * @param string|string[] $command String or array of strings representing the command to
+ * be executed, each value will be escaped.
* Example: [ 'convert', '-font', 'font name' ] would produce "'convert' '-font' 'font name'"
* @return Command
*/
$args = reset( $args );
}
$command = new Command();
+ $config = MediaWikiServices::getInstance()->getMainConfig();
+
+ $limits = [
+ 'time' => $config->get( 'MaxShellTime' ),
+ 'walltime' => $config->get( 'MaxShellWallClockTime' ),
+ 'memory' => $config->get( 'MaxShellMemory' ),
+ 'filesize' => $config->get( 'MaxShellFileSize' ),
+ ];
+ $command->limits( $limits );
+ $command->cgroup( $config->get( 'ShellCgroup' ) );
+ $command->setLogger( LoggerFactory::getInstance( 'exec' ) );
+
return $command->params( $args );
}