27 use Psr\Log\LoggerInterface;
28 use Psr\Log\NullLogger;
29 use Shellbox\Command\UnboxedCommand;
30 use Shellbox\Command\UnboxedExecutor;
31 use Shellbox\Command\UnboxedResult;
32 use Wikimedia\ScopedCallback;
59 parent::__construct( $executor );
67 if ( !$this->everExecuted ) {
68 $context = [
'command' => $this->getCommandString() ];
69 $message = __CLASS__ .
" was instantiated, but execute() was never called.";
70 if ( $this->method ) {
71 $message .=
' Calling method: {method}.';
74 $message .=
' Command: {command}';
75 $this->logger->warning( $message,
$context );
81 if ( $this->executor ) {
82 $this->executor->setLogger(
$logger );
94 if ( !isset( $limits[
'walltime'] ) && isset( $limits[
'time'] ) ) {
97 $limits[
'walltime'] = $limits[
'time'];
99 if ( isset( $limits[
'filesize'] ) ) {
100 $this->fileSizeLimit( $limits[
'filesize'] * 1024 );
102 if ( isset( $limits[
'memory'] ) ) {
103 $this->memoryLimit( $limits[
'memory'] * 1024 );
105 if ( isset( $limits[
'time'] ) ) {
106 $this->cpuTimeLimit( $limits[
'time'] );
108 if ( isset( $limits[
'walltime'] ) ) {
109 $this->wallTimeLimit( $limits[
'walltime'] );
136 return $this->stdin( $inputString );
177 $this->privateUserNamespace( (
bool)( $restrictions &
Shell::NO_ROOT ) );
178 $this->firejailDefaultSeccomp( (
bool)( $restrictions &
Shell::SECCOMP ) );
183 $this->disabledSyscalls( [
'execve' ] );
185 $this->disabledSyscalls( [] );
188 $this->disallowedPaths( [ realpath( MW_CONFIG_FILE ) ] );
190 $this->disallowedPaths( [] );
192 if ( $restrictions === 0 ) {
193 $this->disableSandbox();
210 $this->allowedPaths( array_merge( $this->getAllowedPaths(), $paths ) );
224 $this->everExecuted =
true;
226 $scoped =
Profiler::instance()->scopedProfileIn( __FUNCTION__ .
'-' . $profileMethod );
227 $result = parent::execute();
228 ScopedCallback::consume( $scoped );
240 return "#Command: {$this->getCommandString()}";