8000 [Process] Strong args escaping on Windows + deprecate compat settings by nicolas-grekas · Pull Request #21347 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[Process] Strong args escaping on Windows + deprecate compat settings #21347

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

[Process] Strong args escaping on Windows + deprecate compat settings #21347

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ script:
- if [[ ! $deps && ! $PHP = hhvm* ]]; then echo "$COMPONENTS" | parallel --gnu '$PHPUNIT --exclude-group tty,benchmark,intl-data {}'"$REPORT"; fi
- if [[ ! $deps && ! $PHP = hhvm* ]]; then echo -e "\\nRunning tests requiring tty"; $PHPUNIT --group tty; fi
- if [[ ! $deps && $PHP = hhvm* ]]; then $PHPUNIT --exclude-group benchmark,intl-data; fi
- if [[ ! $deps && $PHP = ${MIN_PHP%.*} ]]; then echo -e "1\\n0" | xargs -I{} sh -c 'echo "\\nPHP --enable-sigchild enhanced={}" && ENHANCE_SIGCHLD={} php-$MIN_PHP/sapi/cli/php .phpunit/phpunit-4.8/phpunit --colors=always src/Symfony/Component/Process/'; fi
- if [[ ! $deps && $PHP = ${MIN_PHP%.*} ]]; then echo -e "1\\n0" | xargs -I{} sh -c 'echo "\\nPHP --enable-sigchild enhanced={}" && SYMFONY_DEPRECATIONS_HELPER=weak ENHANCE_SIGCHLD={} php-$MIN_PHP/sapi/cli/php .phpunit/phpunit-4.8/phpunit --colors=always src/Symfony/Component/Process/'; fi
- if [[ $deps = high ]]; then echo "$COMPONENTS" | parallel --gnu -j10% 'cd {}; composer update --no-progress --ansi; $PHPUNIT --exclude-group tty,benchmark,intl-data'$LEGACY"$REPORT"; fi
- if [[ $deps = low ]]; then echo "$COMPONENTS" | parallel --gnu -j10% 'cd {}; composer update --no-progress --ansi --prefer-lowest --prefer-stable; $PHPUNIT --exclude-group tty,benchmark,intl-data'"$REPORT"; fi
# Test the PhpUnit bridge using the original phpunit script
Expand Down
11 changes: 11 additions & 0 deletions UPGRADE-3.3.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,17 @@ HttpKernel
* The `Psr6CacheClearer::addPool()` method has been deprecated. Pass an array of pools indexed
by name to the constructor instead.

Process
-------

* On Windows, `!VAR!` expansion inside escaped arguments is deprecated.

* Not inheriting environment variables is deprecated.

* Configuring `proc_open()` options is deprecated.

* Configuring Windows and sigchild compatibility is deprecated - they will be always enabled in 4.0.

Security
--------

Expand Down
11 changes: 11 additions & 0 deletions UPGRADE-4.0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,17 @@ HttpKernel
* The `Psr6CacheClearer::addPool()` method has been removed. Pass an array of pools indexed
by name to the constructor instead.

Process
-------

* On Windows, `!VAR!` variables are not expanded anymore in escaped arguments.

* Environment variables are always inherited in sub-processes.

* Configuring `proc_open()` options has been removed.

* Configuring Windows and sigchild compatibility is not possible anymore - they are always enabled.

Security
--------

Expand Down
5 changes: 4 additions & 1 deletion src/Symfony/Component/Console/Tests/Helper/ProcessHelperTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
use Symfony\Component\Console\Output\StreamOutput;
use Symfony\Component\Console\Helper\ProcessHelper;
use Symfony\Component\Process\Process;
use Symfony\Component\Process\ProcessUtils;

class ProcessHelperTest extends \PHPUnit_Framework_TestCase
{
Expand Down Expand Up @@ -84,7 +85,9 @@ public function provideCommandsAndOutput()

$errorMessage = 'An error occurred';
if ('\\' === DIRECTORY_SEPARATOR) {
$successOutputProcessDebug = str_replace("'", '"', $successOutputProcessDebug);
$args = array('php', '-r', 'echo 42;');
$args = array_map(array(ProcessUtils::class, 'escapeArgument'), $args);
$successOutputProcessDebug = str_replace("'php' '-r' 'echo 42;'", implode(' ', $args), $successOutputProcessDebug);
}

return array(
Expand Down
9 changes: 9 additions & 0 deletions src/Symfony/Component/Process/CHANGELOG.md
View file
Open in desktop
8000
Original file line number Diff line number Diff line change
@@ -1,6 +1,15 @@
CHANGELOG
=========

3.3.0
-----

* deprecated `!VAR!` expansion inside escaped arguments
* deprecated not inheriting environment variables
* deprecated configuring `proc_open()` options
* deprecated configuring enhanced Windows compatibility
* deprecated configuring enhanced sigchild compatibility

2.5.0
-----

Expand Down
5 changes: 4 additions & 1 deletion src/Symfony/Component/Process/PhpProcess.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ class PhpProcess extends Process
* @param int $timeout The timeout in seconds
* @param array $options An array of options for proc_open
*/
public function __construct($script, $cwd = null, array $env = null, $timeout = 60, array $options = array())
public function __construct($script, $cwd = null, array $env = null, $timeout = 60, array $options = null)
{
$executableFinder = new PhpExecutableFinder();
if (false === $php = $executableFinder->find()) {
Expand All @@ -52,6 +52,9 @@ public function __construct($script, $cwd = null, array $env = null, $timeout =
// command with exec
$php = 'exec '.$php;
}
if (null !== $options) {
@trigger_error(sprintf('The $options parameter of the %s constructor is deprecated since version 3.3 and will be removed in 4.0.', __CLASS__), E_USER_DEPRECATED);
}

parent::__construct($php, $cwd, $env, $script, $timeout, $options);
}
Expand Down
125 changes: 99 additions & 26 deletions src/Symfony/Component/Process/Process.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ class Process implements \IteratorAggregate
private $lastOutputTime;
private $timeout;
private $idleTimeout;
private $options;
private $options = array('suppress_errors' => true);
private $exitcode;
private $fallbackStatus = array();
private $processInformation;
Expand Down Expand Up @@ -145,7 +145,7 @@ class Process implements \IteratorAggregate
*
* @throws RuntimeException When proc_open is not installed
*/
public function __construct($commandline, $cwd = null, array $env = null, $input = null, $timeout = 60, array $options = array())
public function __construct($commandline, $cwd = null, array $env = null, $input = null, $timeout = 60, array $options = null)
{
if (!function_exists('proc_open')) {
throw new RuntimeException('The Process class relies on proc_open, which is not available on your PHP installation.');
Expand All @@ -171,7 +171,10 @@ public function __construct($commandline, $cwd = null, array $env = null, $input
$this->pty = false;
$this->enhanceWindowsCompatibility = true;
$this->enhanceSigchildCompatibility = '\\' !== DIRECTORY_SEPARATOR && $this->isSigchildEnabled();
$this->options = array_replace(array('suppress_errors' => true, 'binary_pipes' => true), $options);
if (null !== $options) {
@trigger_error(sprintf('The $options parameter of the %s constructor is deprecated since version 3.3 and will be removed in 4.0.', __CLASS__), E_USER_DEPRECATED);
$this->options = array_replace($this->options, $options);
}
}

public function __destruct()
Expand Down Expand Up @@ -268,47 +271,40 @@ public function start(callable $callback = null)
$descriptors = $this->getDescriptors();

$commandline = $this->commandline;
$envline = '';

if (null !== $this->env && $this->inheritEnv) {
if ('\\' === DIRECTORY_SEPARATOR && !empty($this->options['bypass_shell']) && !$this->enhanceWindowsCompatibility) {
throw new LogicException('The "bypass_shell" option must be false to inherit environment variables while enhanced Windows compatibility is off');
}
$env = '\\' === DIRECTORY_SEPARATOR ? '(SET %s)&&' : 'export %s;';
foreach ($this->env as $k => $v) {
$envline .= sprintf($env, ProcessUtils::escapeArgument("$k=$v"));
$env = $this->env;
$envBackup = array();
if (null !== $env && $this->inheritEnv) {
foreach ($env as $k => $v) {
$envBackup[$k] = getenv($v);
putenv(false === $v || null === $v ? $k : "$k=$v");
}
$env = null;
} else {
$env = $this->env;
} elseif (null !== $env) {
@trigger_error(sprintf('Not inheriting environment variables is deprecated since Symfony 3.3 and will always happen in 4.0. Set "Process::inheritEnvironmentVariables()" to true instead.', __METHOD__), E_USER_DEPRECATED);
}
if ('\\' === DIRECTORY_SEPARATOR && $this->enhanceWindowsCompatibility) {
$commandline = 'cmd /V:ON /E:ON /D /C "('.$envline.$commandline.')';
foreach ($this->processPipes->getFiles() as $offset => $filename) {
$commandline .= ' '.$offset.'>'.ProcessUtils::escapeArgument($filename);
}
$commandline .= '"';

if (!isset($this->options['bypass_shell'])) {
$this->options['bypass_shell'] = true;
}
$this->options['bypass_shell'] = true;
$commandline = $this->prepareWindowsCommandLine($commandline, $envBackup);
} elseif (!$this->useFileHandles && $this->enhanceSigchildCompatibility && $this->isSigchildEnabled()) {
// last exit code is output on the fourth pipe and caught to work around --enable-sigchild
$descriptors[3] = array('pipe', 'w');

// See https://unix.stackexchange.com/questions/71205/background-process-pipe-input
$commandline = $envline.'{ ('.$this->commandline.') <&3 3<&- 3>/dev/null & } 3<&0;';
$commandline = '{ ('.$this->commandline.') <&3 3<&- 3>/dev/null & } 3<&0;';
$commandline .= 'pid=$!; echo $pid >&3; wait $pid; code=$?; echo $code >&3; exit $code';

// Workaround for the bug, when PTS functionality is enabled.
// @see : https://bugs.php.net/69442
$ptsWorkaround = fopen(__FILE__, 'r');
} elseif ('' !== $envline) {
$commandline = $envline.$commandline;
}

$this->process = proc_open($commandline, $descriptors, $this->processPipes->pipes, $this->cwd, $env, $this->options);

foreach ($envBackup as $k => $v) {
putenv(false === $v ? $k : "$k=$v");
}

if (!is_resource($this->process)) {
throw new RuntimeException('Unable to launch a new process.');
}
Expand Down Expand Up @@ -1089,6 +1085,7 @@ public function getEnv()
*
* An environment variable value should be a string.
* If it is an array, the variable is ignored.
* If it is false, it will be removed when env vars are otherwise inherited.
*
* That happens in PHP when 'argv' is registered into
* the $_ENV array for instance.
Expand All @@ -1106,7 +1103,7 @@ public function setEnv(array $env)

$this->env = array();
foreach ($env as $key => $value) {
$this->env[$key] = (string) $value;
$this->env[$key] = $value;
}

return $this;
Expand Down Expand Up @@ -1148,9 +1145,13 @@ public function setInput($input)
* Gets the options for proc_open.
*
* @return array The current options
*
* @deprecated since version 3.3, to be removed in 4.0.
*/
public function getOptions()
{
@trigger_error(sprintf('The %s() method is deprecated since version 3.3 and will be removed in 4.0.', __METHOD__), E_USER_DEPRECATED);

return $this->options;
}

Expand All @@ -1160,9 +1161,13 @@ public function getOptions()
* @param array $options The new options
*
* @return self The current Process instance
*
* @deprecated since version 3.3, to be removed in 4.0.
*/
public function setOptions(array $options)
{
@trigger_error(sprintf('The %s() method is deprecated since version 3.3 and will be removed in 4.0.', __METHOD__), E_USER_DEPRECATED);

$this->options = $options;

return $this;
Expand All @@ -1174,9 +1179,13 @@ public function setOptions(array $options)
* This is true by default.
*
* @return bool
*
* @deprecated since version 3.3, to be removed in 4.0. Enhanced Windows compatibility will always be enabled.
*/
public function getEnhanceWindowsCompatibility()
{
@trigger_error(sprintf('The %s() method is deprecated since version 3.3 and will be removed in 4.0. Enhanced Windows compatibility will always be enabled.', __METHOD__), E_USER_DEPRECATED);

return $this->enhanceWindowsCompatibility;
}

Expand All @@ -1186,9 +1195,13 @@ public function getEnhanceWindowsCompatibility()
* @param bool $enhance
*
* @return self The current Process instance
*
* @deprecated since version 3.3, to be removed in 4.0. Enhanced Windows compatibility will always be enabled.
*/
public function setEnhanceWindowsCompatibility($enhance)
{
@trigger_error(sprintf('The %s() method is deprecated since version 3.3 and will be removed in 4.0. Enhanced Windows compatibility will always be enabled.', __METHOD__), E_USER_DEPRECATED);

$this->enhanceWindowsCompatibility = (bool) $enhance;

return $this;
Expand All @@ -1198,9 +1211,13 @@ public function setEnhanceWindowsCompatibility($enhance)
* Returns whether sigchild compatibility mode is activated or not.
*
* @return bool
*
* @deprecated since version 3.3, to be removed in 4.0. Sigchild compatibility will always be enabled.
*/
public function getEnhanceSigchildCompatibility()
{
@trigger_error(sprintf('The %s() method is deprecated since version 3.3 and will be removed in 4.0. Sigchild compatibility will always be enabled.', __METHOD__), E_USER_DEPRECATED);

return $this->enhanceSigchildCompatibility;
}

Expand All @@ -1214,9 +1231,13 @@ public function getEnhanceSigchildCompatibility()
* @param bool $enhance
*
* @return self The current Process instance
*
* @deprecated since version 3.3, to be removed in 4.0.
*/
public function setEnhanceSigchildCompatibility($enhance)
{
@trigger_error(sprintf('The %s() method is deprecated since version 3.3 and will be removed in 4.0. Sigchild compatibility will always be enabled.', __METHOD__), E_USER_DEPRECATED);

$this->enhanceSigchildCompatibility = (bool) $enhance;

return $this;
Expand All @@ -1231,6 +1252,10 @@ public function setEnhanceSigchildCompatibility($enhance)
*/
public function inheritEnvironmentVariables($inheritEnv = true)
{
if (!$inheritEnv) {
@trigger_error(sprintf('Not inheriting environment variables is deprecated since Symfony 3.3 and will always happen in 4.0. Set "Process::inheritEnvironmentVariables()" to true instead.', __METHOD__), E_USER_DEPRECATED);
}

$this->inheritEnv = (bool) $inheritEnv;

return $this;
Expand All @@ -1240,9 +1265,13 @@ public function inheritEnvironmentVariables($inheritEnv = true)
* Returns whether environment variables will be inherited or not.
*
* @return bool
*
* @deprecated since version 3.3, to be removed in 4.0. Environment variables will always be inherited.
*/
public function areEnvironmentVariablesInherited()
{
@trigger_error(sprintf('The %s() method is deprecated since version 3.3 and will be removed in 4.0. Environment variables will always be inherited.', __METHOD__), E_USER_DEPRECATED);

return $this->inheritEnv;
}

Expand Down Expand Up @@ -1561,6 +1590,50 @@ private function doSignal($signal, $throwException)
return true;
}

private function prepareWindowsCommandLine($cmd, array &$envBackup)
{
$uid = uniqid('', true);
$varCount = 0;
$varCache = array();
$cmd = preg_replace_callback(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sweet

'/"(
[^"%!^]*+
(?:
(?: !LF! | "(?:\^[%!^])?+" )
[^"%!^]*+
)++
)"/x',
function ($m) use (&$envBackup, &$varCache, &$varCount, $uid) {
if (isset($varCache[$m[0]])) {
return $varCache[$m[0]];
}
if (false !== strpos($value = $m[1], "\0")) {
$value = str_replace("\0", '?', $value);
}
if (false === strpbrk($value, "\"%!\n")) {
return '"'.$value.'"';
}

$value = str_replace(array('!LF!', '"^!"', '"^%"', '"^^"', '""'), array("\n", '!', '%', '^', '"'), $value);
$value = preg_replace('/(\\\\*)"/', '$1$1\\"', $value);

$var = $uid.++$varCount;
putenv("$var=\"$value\"");
$envBackup[$var] = false;

return $varCache[$m[0]] = '!'.$var.'!';
},
$cmd
);

$cmd = 'cmd /V:ON /E:ON /D /C ('.str_replace("\n", ' ', $cmd).')';
foreach ($this->processPipes->getFiles() as $offset => $filename) {
$cmd .= ' '.$offset.'>"'.$filename.'"';
}

return $cmd;
}

/**
* Ensures the process is running or terminated, throws a LogicException if the process has a not started.
*
Expand Down
Loading
0