(issue #1) Add a whitelist of commands that a person can run

This commit attempts to do a check on whether the command is safe to excute before really running the command. Not a fix, but an initial checkin for development testing purposes.
dcshzj · Nov 12, 2012 · bcb39a0 · bcb39a0
1 parent 9b12743
commit bcb39a0
Showing 1 changed file with 24 additions and 1 deletion.
diff --git a/SpecialHostStats.php b/SpecialHostStats.php
@@ -7,17 +7,32 @@
  */
 
 class SpecialHostStats extends SpecialPage {
+	protected $cmdwhitelist;
+
 	public function __construct() {
 		parent::__construct( 'HostStats' );
 	}
 
 	public function execute( $par ) {
 		global $wgHostStatsCommands;
 		$this->setHeaders();
+		$this->whitelistedcmds();
+		$commands = array();
+		foreach ( $wgHostStatsCommands as $cmd ) {
+			if ( in_array( $cmd, $this->cmdwhitelist ) ) {
+				array_push( $cmd, $commands );
+			} else {
+				# Reject those unsafe commands and log it to hoststats
+				wfDebugLog( "hoststats", "Rejected running command '" . 
+					$cmd . "' as it is unsafe, please remove it from " . 
+					"\$wgHostStatsCommands!" );
+				continue;
+			}
+		}
 		$this->getOutput()->setPageTitle( wfMessage( 'hoststats-title' )->escaped() );
 		$outpage = wfMessage( 'hoststats-intro' )->escaped();
 		$outpage .= "\n";
-		foreach ( $wgHostStatsCommands as $cmd ) {
+		foreach ( $commands as $cmd ) {
 			$outpage .= '<h3>' . $cmd . '</h3>';
 			$outpage .= "\n<pre>\n" . $this->query( $cmd ) . "</pre>";
 		}
@@ -28,4 +43,12 @@ protected function query( $query ) {
 		$output = wfShellExec( $query );
 		return $output;
 	}
+
+	protected function whitelistedcmds() {
+		$this->cmdwhitelist = array(
+			'df',
+			'whoami',
+			'hostname',
+		);
+	}
 }