Code Coverage for /src/src/Shellbox.php

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	33.33% covered (danger)	33.33%	3 / 9	CRAP	67.90% covered (warning)	67.90%	55 / 81
Shellbox	0.00% covered (danger)	0.00%	0 / 1	33.33% covered (danger)	33.33%	3 / 9	69.02	67.90% covered (warning)	67.90%	55 / 81
createBoxedExecutor				100.00% covered (success)	100.00%	1 / 1	2	100.00% covered (success)	100.00%	10 / 10
createUnboxedExecutor				0.00% covered (danger)	0.00%	0 / 1	6	0.00% covered (danger)	0.00%	0 / 5
createTempDirManager				0.00% covered (danger)	0.00%	0 / 1	2.06	75.00% covered (warning)	75.00%	3 / 4
escape				0.00% covered (danger)	0.00%	0 / 1	26.12	50.00% covered (danger)	50.00%	14 / 28
getMaxCmdLength				0.00% covered (danger)	0.00%	0 / 1	2.03	80.00% covered (warning)	80.00%	4 / 5
getUniqueString				100.00% covered (success)	100.00%	1 / 1	1	100.00% covered (success)	100.00%	1 / 1
jsonEncode				100.00% covered (success)	100.00%	1 / 1	2	100.00% covered (success)	100.00%	8 / 8
jsonDecode				0.00% covered (danger)	0.00%	0 / 1	2.26	60.00% covered (warning)	60.00%	3 / 5
normalizePath				0.00% covered (danger)	0.00%	0 / 1	9.65	80.00% covered (warning)	80.00%	12 / 15

1	<?php
2
3	namespace Shellbox;
4
5	use Psr\Log\LoggerInterface;
6	use Shellbox\Command\LocalBoxedExecutor;
7	use Shellbox\Command\UnboxedExecutor;
8
9	/**
10	* Static factories and miscellaneous utility functions
11	*/
12	class Shellbox {
13	/**
14	* Create a LocalBoxedExecutor from a configuration array. This can be used
15	* to run commands locally, without the client/server split.
16	*
17	* @param array $config Associative array of configuration parameters:
18	* - tempDir: The parent directory in which a temporary directory may be created
19	* - useSystemd: If true, systemd-run will be used
20	* - useBashWrapper: If true, limit.sh will be used
21	* - useFirejail: If true, firejail will be used
22	* - firejailPath: The path to the firejail binary
23	* - firejailProfile: The path to the firejail profile
24	* - cgroup: A writable cgroup path which can be used for manual memory
25	* limiting
26	* @param LoggerInterface\|null $logger
27	* @return LocalBoxedExecutor
28	*/
29	public static function createBoxedExecutor( $config = [], LoggerInterface $logger = null ) {
30	$tempDirManager = self::createTempDirManager( $config['tempDir'] ?? null );
31	$unboxedExecutor = new UnboxedExecutor;
32	$unboxedExecutor->setTempDirManager( $tempDirManager );
33	$unboxedExecutor->addWrappersFromConfiguration( $config );
34	$executor = new LocalBoxedExecutor( $unboxedExecutor, $tempDirManager );
35	if ( $logger ) {
36	$executor->setLogger( $logger );
37	$unboxedExecutor->setLogger( $logger );
38	$tempDirManager->setLogger( $logger );
39	}
40	return $executor;
41	}
42
43	/**
44	* Create an UnboxedExecutor from a configuration array. This can be used
45	* to run commands locally, without temporary directory setup or the
46	* client/server split.
47	*
48	* A temporary directory is only needed if the command runs on Windows.
49	*
50	* @param array $config Associative array of configuration parameters:
51	* - tempDir: The parent directory in which a temporary directory may be created
52	* - useSystemd: If true, systemd-run will be used
53	* - useBashWrapper: If true, limit.sh will be used
54	* - useFirejail: If true, firejail will be used
55	* - firejailPath: The path to the firejail binary
56	* - firejailProfile: The path to the firejail profile
57	* - cgroup: A writable cgroup path which can be used for manual memory
58	* limiting
59	* @param LoggerInterface\|null $logger
60	* @return UnboxedExecutor
61	*/
62	public static function createUnboxedExecutor( $config = [], LoggerInterface $logger = null ) {
63	$executor = new UnboxedExecutor( $config['tempDir'] ?? null );
64	$executor->addWrappersFromConfiguration( $config );
65	if ( $logger ) {
66	$executor->setLogger( $logger );
67	}
68	return $executor;
69	}
70
71	/**
72	* Create a TempDirManager from a shared base path (e.g. /tmp)
73	*
74	* @param string\|null $tempDirBase
75	* @return TempDirManager
76	*/
77	public static function createTempDirManager( $tempDirBase = null ) {
78	if ( $tempDirBase === null ) {
79	$tempDirBase = sys_get_temp_dir();
80	}
81	return new TempDirManager(
82	$tempDirBase . '/shellbox-' . self::getUniqueString()
83	);
84	}
85
86	/**
87	* Escape arguments for the shell
88	*
89	* @param mixed\|mixed[] ...$args strings to escape and glue together, or a single
90	* array of strings parameter. Null values are ignored.
91	* @return string
92	*/
93	public static function escape( ...$args ): string {
94	if ( count( $args ) === 1 && is_array( $args[0] ) ) {
95	// If only one argument has been passed, and that argument is an array,
96	// treat it as a list of arguments
97	$args = $args[0];
98	}
99
100	$first = true;
101	$retVal = '';
102	foreach ( $args as $arg ) {
103	if ( $arg === null ) {
104	continue;
105	}
106	$arg = (string)$arg;
107	if ( !$first ) {
108	$retVal .= ' ';
109	} else {
110	$first = false;
111	}
112
113	if ( PHP_OS_FAMILY === 'Windows' ) {
114	// Escaping for an MSVC-style command line parser and CMD.EXE
115	// Refs:
116	// * phpcs:ignore Generic.Files.LineLength.TooLong
117	// * https://web.archive.org/web/20020708081031/http://mailman.lyra.org/pipermail/scite-interest/2002-March/000436.html
118	// * https://technet.microsoft.com/en-us/library/cc723564.aspx
119	// * T15518
120	// * CR r63214
121	// Double the backslashes before any double quotes. Escape the double quotes.
122	$tokens = preg_split( '/(\\\\*")/', $arg, -1, PREG_SPLIT_DELIM_CAPTURE );
123	$arg = '';
124	$iteration = 0;
125	foreach ( $tokens as $token ) {
126	if ( $iteration % 2 == 1 ) {
127	// Delimiter, a double quote preceded by zero or more slashes
128	$arg .= str_replace( '\\', '\\\\', substr( $token, 0, -1 ) ) . '\\"';
129	} elseif ( $iteration % 4 == 2 ) {
130	// ^ in $token will be outside quotes, need to be escaped
131	$arg .= str_replace( '^', '^^', $token );
132	} else { // $iteration % 4 == 0
133	// ^ in $token will appear inside double quotes, so leave as is
134	$arg .= $token;
135	}
136	$iteration++;
137	}
138	// Double the backslashes before the end of the string, because
139	// we will soon add a quote
140	$m = [];
141	if ( preg_match( '/^(.*?)(\\\\+)$/', $arg, $m ) ) {
142	$arg = $m[1] . str_replace( '\\', '\\\\', $m[2] );
143	}
144
145	// Add surrounding quotes
146	$retVal .= '"' . $arg . '"';
147	} else {
148	// In PHP 8.0+, the locale is "C" unless setlocale() has been
149	// called, regardless of the environment. So escapeshellarg()
150	// will strip non-ASCII bytes to avoid misinterpretation by a
151	// shell that uses GBK or a similar character set. So we roll
152	// our own, but UnboxedExecutor will filter the environment to
153	// avoid misinterpretation.
154	$retVal .= "'" . str_replace( "'", "'\\''", $arg ) . "'";
155	}
156	}
157	return $retVal;
158	}
159
160	/**
161	* Get the platform's maximum command length in bytes, minus a safety margin.
162	*
163	* @return int
164	*/
165	public static function getMaxCmdLength() {
166	if ( PHP_OS_FAMILY === 'Windows' ) {
167	// phpcs:ignore Generic.Files.LineLength.TooLong
168	// Ref: https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessa
169	$max = 32767;
170	} else {
171	// Ref: MAX_ARG_STRLEN in linux/binfmts.h
172	$max = 131072;
173	}
174	// In case there is a hidden extra wrapper
175	$max -= 200;
176	return $max;
177	}
178
179	/**
180	* Get a random string from a CSPRNG.
181	*
182	* @return string
183	* @throws \Exception
184	*/
185	public static function getUniqueString() {
186	return bin2hex( random_bytes( 8 ) );
187	}
188
189	/**
190	* JSON encode with our preferred options
191	* @param mixed $value
192	* @return string
193	*/
194	public static function jsonEncode( $value ) {
195	$json = json_encode( $value,
196	JSON_PRETTY_PRINT \| JSON_UNESCAPED_SLASHES \|
197	JSON_UNESCAPED_UNICODE );
198	if ( $json === false ) {
199	throw new ShellboxError( "The supplied value cannot be converted " .
200	"to JSON. Try transferring it as a file." );
201	}
202	$json .= "\n";
203	return $json;
204	}
205
206	/**
207	* Throwing wrapper for JSON decode with our preferred options.
208	*
209	* @param string $json
210	* @return mixed
211	*/
212	public static function jsonDecode( $json ) {
213	// phpcs:ignore Generic.PHP.NoSilencedErrors
214	$value = @json_decode( $json, true, 512 );
215	if ( $value === null ) {
216	throw new ShellboxError( 'Received invalid JSON: ' .
217	json_last_error_msg() );
218	}
219	return $value;
220	}
221
222	/**
223	* Validate a relative path for path traversal safety and cross-platform
224	* file name compliance. Under Windows, the path may contain backslashes,
225	* which will be replaced with slashes.
226	*
227	* @param string $path
228	* @return string
229	* @throws ShellboxError
230	*/
231	public static function normalizePath( $path ) {
232	$windowsReservedNames = [
233	'CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4',
234	'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3',
235	'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9'
236	];
237
238	if ( DIRECTORY_SEPARATOR === '\\' ) {
239	$path = str_replace( '\\', '/', $path );
240	}
241	if ( preg_match( '/[\\x00-\x1f\x7f-\xff<>:"\|?*$!\[\];&(){}\\\'\0]/', $path ) ) {
242	throw new ShellboxError( "Relative path contains invalid characters" );
243	}
244	foreach ( explode( '/', $path ) as $component ) {
245	if ( $component === ''
246	\|\| $component === '.'
247	\|\| $component === '..'
248	\|\| substr( $component, -1 ) === ':'
249	) {
250	throw new ShellboxError( "Invalid relative file path \"$path\"" );
251	}
252	$firstPart = substr( $component, 0, strcspn( $component, '.' ) );
253	if ( in_array( strtoupper( $firstPart ), $windowsReservedNames ) ) {
254	throw new ShellboxError( "Relative path contains Windows reserved name" );
255	}
256	}
257	return $path;
258	}
259
260	}