Restricts execution of shell commands using firejail. More...
Public Member Functions | ||||
| __construct ( $firejail) | ||||
| params (... $args) | ||||
| Reject any parameters that start with –output to prevent exploitation of a firejail RCE (CVE-2020-17367 and CVE-2020-17368) | ||||
| whitelistPaths (array $paths) | ||||
If called, only the files/directories that are whitelisted will be available to the shell command.limit.sh will always be whitelisted
| ||||
 Public Member Functions inherited from MediaWiki\Shell\Command | ||||
| __construct () | ||||
| Don't call directly, instead use Shell::command() | ||||
| __destruct () | ||||
| Makes sure the programmer didn't forget to execute the command after all. | ||||
| __toString () | ||||
| Returns the final command line before environment/limiting, etc are applied. | ||||
| cgroup ( $cgroup) | ||||
| Sets cgroup for this command. | ||||
| environment (array $env) | ||||
| Sets environment variables which should be added to the executed command environment. | ||||
| execute () | ||||
| Executes command. | ||||
| includeStderr ( $yesno=true) | ||||
| Controls whether stderr should be included in stdout, including errors from limit.sh. | ||||
| input ( $inputString) | ||||
| Sends the provided input to the command. | ||||
| limits (array $limits) | ||||
| Sets execution limits. | ||||
| logStderr ( $yesno=true) | ||||
| When enabled, text sent to stderr will be logged with a level of 'error'. | ||||
| profileMethod ( $method) | ||||
| Sets calling function for profiler. | ||||
| restrict ( $restrictions) | ||||
| Set restrictions for this request, overwriting any previously set restrictions. | ||||
| unsafeParams (... $args) | ||||
| Adds unsafe parameters to the command. | ||||
Protected Member Functions | ||||
| buildFinalCommand ( $command) | ||||
String together all the options and build the final command to execute.
| ||||
| Protected Member Functions inherited from MediaWiki\Shell\Command | ||||
| hasRestriction ( $restriction) | ||||
| Bitfield helper on whether a specific restriction is enabled. | ||||
Private Attributes | |
| string | $firejail |
| Path to firejail. | |
| string[] | $whitelistedPaths = [] |
Additional Inherited Members | |
| Protected Attributes inherited from MediaWiki\Shell\Command | |
| string | $command = '' |
| int | $restrictions = 0 |
| Bitfield with restrictions. | |
Detailed Description
Restricts execution of shell commands using firejail.
- See also
- https://firejail.wordpress.com/
- Since
- 1.31
Definition at line 31 of file FirejailCommand.php.
Constructor & Destructor Documentation
◆ __construct()
| MediaWiki\Shell\FirejailCommand::__construct | ( | $firejail | ) |
- Parameters
-
string $firejail Path to firejail
Definition at line 46 of file FirejailCommand.php.
References MediaWiki\Shell\FirejailCommand\$firejail.
Member Function Documentation
◆ buildFinalCommand()
|
protected |
String together all the options and build the final command to execute.
- Parameters
-
string $command Already-escaped command to run
- Returns
- array [ command, whether to use log pipe ]
Reimplemented from MediaWiki\Shell\Command.
Definition at line 94 of file FirejailCommand.php.
◆ params()
| MediaWiki\Shell\FirejailCommand::params | ( | $args | ) |
Reject any parameters that start with –output to prevent exploitation of a firejail RCE (CVE-2020-17367 and CVE-2020-17368)
- Parameters
-
string|string[] ...$args
- Returns
- $this
Reimplemented from MediaWiki\Shell\Command.
Definition at line 58 of file FirejailCommand.php.
References $args.
◆ whitelistPaths()
| MediaWiki\Shell\FirejailCommand::whitelistPaths | ( | array | $paths | ) |
If called, only the files/directories that are whitelisted will be available to the shell command.limit.sh will always be whitelisted
- Parameters
-
string[] $paths
- Returns
- $this
Reimplemented from MediaWiki\Shell\Command.
Definition at line 86 of file FirejailCommand.php.
Member Data Documentation
◆ $firejail
|
private |
Path to firejail.
Definition at line 36 of file FirejailCommand.php.
Referenced by MediaWiki\Shell\FirejailCommand\__construct().
◆ $whitelistedPaths
|
private |
Definition at line 41 of file FirejailCommand.php.
The documentation for this class was generated from the following file:
- includes/shell/FirejailCommand.php
