REL1_31/php/phpunit_2includes_2shell_2FirejailCommandTest_8php_source.html

<?php


use MediaWiki\Shell\FirejailCommand;

use MediaWiki\Shell\Shell;

use Wikimedia\TestingAccessWrapper;


class FirejailCommandTest extends PHPUnit\Framework\TestCase {


    use MediaWikiCoversValidator;


    public function provideBuildFinalCommand() {

        global $IP;

        // phpcs:ignore Generic.Files.LineLength

        $env = "'MW_INCLUDE_STDERR=;MW_CPU_LIMIT=180; MW_CGROUP='\'''\''; MW_MEM_LIMIT=307200; MW_FILE_SIZE_LIMIT=102400; MW_WALL_CLOCK_LIMIT=180; MW_USE_LOG_PIPE=yes'";

        $limit = "/bin/bash '$IP/includes/shell/limit.sh'";

        $profile = "--profile=$IP/includes/shell/firejail.profile";

        $blacklist = '--blacklist=' . realpath( MW_CONFIG_FILE );

        $default = "$blacklist --noroot --seccomp --private-dev";

        return [

            [

                'No restrictions',

                'ls', 0, "$limit ''\''ls'\''' $env"

            ],

            [

                'default restriction',

                'ls', Shell::RESTRICT_DEFAULT,

                "$limit 'firejail --quiet $profile $default -- '\''ls'\''' $env"

            ],

            [

                'no network',

                'ls', Shell::NO_NETWORK,

                "$limit 'firejail --quiet $profile --net=none -- '\''ls'\''' $env"

            ],

            [

                'default restriction & no network',

                'ls', Shell::RESTRICT_DEFAULT | Shell::NO_NETWORK,

                "$limit 'firejail --quiet $profile $default --net=none -- '\''ls'\''' $env"

            ],

            [

                'seccomp',

                'ls', Shell::SECCOMP,

                "$limit 'firejail --quiet $profile --seccomp -- '\''ls'\''' $env"

            ],

            [

                'seccomp & no execve',

                'ls', Shell::SECCOMP | Shell::NO_EXECVE,

                "$limit 'firejail --quiet $profile --shell=none --seccomp=execve -- '\''ls'\''' $env"

            ],

        ];

    }


    public function testBuildFinalCommand( $desc, $params, $flags, $expected ) {

        $command = new FirejailCommand( 'firejail' );

        $command

            ->params( $params )

            ->restrict( $flags );

        $wrapper = TestingAccessWrapper::newFromObject( $command );

        $output = $wrapper->buildFinalCommand( $wrapper->command );

        $this->assertEquals( $expected, $output[0], $desc );

    }


    public function testParamsOutput() {

        $this->expectException( RuntimeException::class );

        ( new FirejailCommand( 'firejail' ) )->params( 'echo', 'a', '--output=/tmp/fjout', ';id' );

    }


}


$command
$command
Definition cdb.php:65

FirejailCommandTest
Definition FirejailCommandTest.php:26

FirejailCommandTest\testParamsOutput
testParamsOutput()
\MediaWiki\Shell\FirejailCommand::params
Definition FirejailCommandTest.php:88

FirejailCommandTest\testBuildFinalCommand
testBuildFinalCommand( $desc, $params, $flags, $expected)
\MediaWiki\Shell\FirejailCommand::buildFinalCommand() provideBuildFinalCommand
Definition FirejailCommandTest.php:75

FirejailCommandTest\provideBuildFinalCommand
provideBuildFinalCommand()
Definition FirejailCommandTest.php:30

MediaWiki\Shell\FirejailCommand
Restricts execution of shell commands using firejail.
Definition FirejailCommand.php:31

MediaWiki\Shell\Shell
Executes shell commands.
Definition Shell.php:44

$output
static configuration should be added through ResourceLoaderGetConfigVars instead can be used to get the real title after the basic globals have been set but before ordinary actions take place $output
Definition hooks.txt:2255

$IP
$IP
Definition update.php:3

$params
$params
Definition styleTest.css.php:40