PageRenderTime 44ms CodeModel.GetById 20ms RepoModel.GetById 1ms app.codeStats 0ms

/lib/phpSec/Common/Exec.php

https://github.com/StarGest/phpSec
PHP | 122 lines | 50 code | 15 blank | 57 comment | 2 complexity | bc52f19d7cbfef3ab766bf3afb4c945d MD5 | raw file
    

  1. <?php namespace phpSec\Common;
    2. 

  2. /**
    3. 

  3.   phpSec - A PHP security library
    4. 

    5. 

  5.   @author    Audun Larsen <larsen@xqus.com>
    6. 

  6.   @copyright Copyright (c) Audun Larsen, 2011, 2012
    7. 

  7.   @link      https://github.com/phpsec/phpSec
    8. 

  8.   @license   http://opensource.org/licenses/mit-license.php The MIT License
    9. 

  9.   @package   phpSec
    10. 

  10.  */
    11. 

  11. use \phpSec\Common\Core;
    12. 

  12. 

  13. /**
    14. 

  14.  * Execute external programs in a safe(er) way.
    15. 

  15.  * @package phpSec
    16. 

  16.  */
    17. 

  17. class Exec {
    18. 

  18. 

  19.   const STDIN  = 0;
    20. 

  20.   const STDOUT = 1;
    21. 

  21.   const STDERR = 2;
    22. 

  22. 

  23.   private $descSpecs = array(
    24. 

  24.       self::STDIN  => array("pipe", "r"),
    25. 

  25.       self::STDOUT => array("pipe", "w"),
    26. 

  26.       self::STDERR => array("pipe", "w"),
    27. 

  27.     );
    28. 

  28. 

  29.   /**
    30. 

  30.    * Array containing additional ENV variables.
    31. 

  31.    */
    32. 

  32.   public $_env = array();
    33. 

  33. 

  34.   /**
    35. 

  35.    * Current Working Directory.
    36. 

  36.    * Defaults to where the script is located.
    37. 

  37.    */
    38. 

  38.   public $_cwd = null;
    39. 

  39. 

  40.   /**
    41. 

  41.    * Execute an external program.
    42. 

  42.    *
    43. 

  43.    * This method uses as PDO like syntax to build commands.
    44. 

  44.    *
    45. 

  45.    * @param string $cmd
    46. 

  46.    *   Command to execute. If you need to pass arguments to a command. A PDO like syntax can be used.
    47. 

  47.    *   For example: "ls -lsa %path".
    48. 

  48.    *
    49. 

  49.    * @param array $args
    50. 

  50.    *   An associative array containing the arguments to pass to $cmd.
    51. 

  51.    *   For example: array('%path' => '/home');
    52. 

  52.    *
    53. 

  53.    * @param string $stdin
    54. 

  54.    *   If the command requests input (e.g. a passphrase) this can be
    55. 

  55.    *   passed here. Note that if a command requires multiple feedbacks
    56. 

  56.    *   from a user this method can not be used.
    57. 

  57.    *
    58. 

  58.    * @return array
    59. 

  59.    *   Returns an array containing return value and results from STDOUT and STDERR.
    60. 

  60.    */
    61. 

  61.   public function run($cmd, $args = array(), $stdin = null) {
    62. 

  62. 

  63.     $cmd = $this->buildCommand($cmd, $args);
    64. 

  64. 

  65.     $process = proc_open($cmd, $this->descSpecs, $pipes, $this->_cwd, $this->_env);
    66. 

  66. 

  67.     if(is_resource($process)) {

    68. 

  68. 

  69.       /* Write stuff to STDIN, and close it. */

    70. 

  70.       fwrite($pipes[self::STDIN], $stdin);

    71. 

  71.       fclose($pipes[self::STDIN]);

    72. 

  72. 

  73.       /* Read STDOUT and STDERR. */

    74. 

  74.       $out['STDOUT'] = stream_get_contents($pipes[self::STDOUT]);
    75. 

  75.       $out['STDERR'] = stream_get_contents($pipes[self::STDERR]);

    76. 

  76. 

  77.       /* Close STDOUT and STDERR to aviod potential deadlocks. */
    78. 

  78.       fclose($pipes[self::STDOUT]);

    79. 

  79.       fclose($pipes[self::STDERR]);

    80. 

  80. 

  81.       /* Close process and get return value. */

    82. 

  82.       $out['return'] = proc_close($process);

    83. 

  83. 

  84.       return $out;

    85. 

  85.     }
    86. 

  86.     return false;
    87. 

  87.   }
    88. 

  88. 

  89.   /**
    90. 

  90.    * Builds a command that is safe to execute.
    91. 

  91.    *
    92. 

  92.    * @param string $cmd
    93. 

  93.    *   Base command (with placeholders) to execute.
    94. 

  94.    *
    95. 

  95.    * @param array $args
    96. 

  96.    *   An associative array containing data to filter.
    97. 

  97.    *
    98. 

  98.    * @return string
    99. 

  99.    *   Returns a command that is safe to execute.
    100. 

  100.    */
    101. 

  101.   private function buildCommand($cmd, $args = array()) {
    102. 

  102.     while(list($name, $data) = each($args)) {
    103. 

  103.     $safeData = false;
    104. 

  104.       $filterType = mb_substr($name, 0, 1);
    105. 

  105.       switch($filterType) {
    106. 

  106.         case '%':
    107. 

  107.           $safeData = escapeshellarg($data);
    108. 

  108.           break;
    109. 

  109.         case '!':
    110. 

  110.           $safeData = escapeshellcmd($data);
    111. 

  111.           break;
    112. 

  112.         default:
    113. 

  113.           throw new \phpSec\Exception\InvalidArgumentException('Unknown variable type');
    114. 

  114.           break;
    115. 

  115.       }
    116. 

  116.       if($safeData !== false) {
    117. 

  117.         $cmd = str_replace($name, $safeData, $cmd);
    118. 

  118.       }
    119. 

  119.     }
    120. 

  120.     return $cmd;
    121. 

  121.   }
    122. 

  122. }
    123. 

  123.