MediaWiki  master
CommandFactory.php
Go to the documentation of this file.
1 <?php
21 namespace MediaWiki\Shell;
22 
26 
33  use LoggerAwareTrait;
34 
36  private $limits;
37 
39  private $cgroup;
40 
42  private $doLogStderr = false;
43 
48 
52  private $firejail;
53 
61  public function __construct( array $limits, $cgroup, $restrictionMethod ) {
62  $this->limits = $limits;
63  $this->cgroup = $cgroup;
64  if ( $restrictionMethod === 'autodetect' ) {
65  // On Linux systems check for firejail
66  if ( PHP_OS === 'Linux' && $this->findFirejail() !== false ) {
67  $this->restrictionMethod = 'firejail';
68  } else {
69  $this->restrictionMethod = false;
70  }
71  } else {
72  $this->restrictionMethod = $restrictionMethod;
73  }
74  $this->setLogger( new NullLogger() );
75  }
76 
77  private function findFirejail() {
78  if ( $this->firejail === null ) {
79  $this->firejail = ExecutableFinder::findInDefaultPaths( 'firejail' );
80  }
81 
82  return $this->firejail;
83  }
84 
91  public function logStderr( $yesno = true ) {
92  $this->doLogStderr = $yesno;
93  }
94 
100  public function create(): Command {
101  if ( $this->restrictionMethod === 'firejail' ) {
102  $command = new FirejailCommand( $this->findFirejail() );
103  $command->restrict( Shell::RESTRICT_DEFAULT );
104  } else {
105  $command = new Command();
106  }
107  $command->setLogger( $this->logger );
108 
109  return $command
110  ->limits( $this->limits )
111  ->cgroup( $this->cgroup )
112  ->logStderr( $this->doLogStderr );
113  }
114 }
const RESTRICT_DEFAULT
Apply a default set of restrictions for improved security out of the box.
Definition: Shell.php:100
__construct(array $limits, $cgroup, $restrictionMethod)
Constructor.
$command
Definition: cdb.php:65
create()
Instantiates a new Command.
Class used for executing shell commands.
Definition: Command.php:36
static findInDefaultPaths( $names, $versionInfo=false)
Same as locateExecutable(), but checks in getPossibleBinPaths() by default.
logStderr( $yesno=true)
When enabled, text sent to stderr will be logged with a level of &#39;error&#39;.
Factory facilitating dependency injection for Command.
Restricts execution of shell commands using firejail.
Copyright (C) 2017 Kunal Mehta legoktm@member.fsf.org
Definition: Command.php:21