Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with ExecutableFinder with file paths in basedir #11421

Closed
jess-sol opened this issue Jul 19, 2014 · 1 comment
Closed

Issue with ExecutableFinder with file paths in basedir #11421

jess-sol opened this issue Jul 19, 2014 · 1 comment
Labels
Bug Process

Comments

@jess-sol
Copy link

The Process component has an ExecutableFinder class which fails in a specific set of circumstances. Below are the steps to recreate the issue.

  1. Set a basedir, make sure one of the paths is to an executable (i.e. /usr/local/bin/someexec)
  2. Attempt to locate the executable.
$execFinder = new Symfony\Component\Process\ExecutableFinder;
echo $execFinder->find('someexec', false);

Because a basedir is set, the ExectuableFinder will enumerate the basedir paths looking for the executable. If the basedir path being enumerated is a directory it is added to an array of directories to search through, if it's a file the name of the file is compared against the name of the executable being searched for. If the names match, it is returned.

The issue occurs because the code being used to compare a filename found in the basedir to the name of the executable being searched for is flawed. Currently the code looks similar to this:

$file = str_replace(dirname($path), '', $path);
if ($file == $name && is_executable($path)) {
    return $path;
}

(Snippet Found Here)

If $path is equal to /usr/local/bin/someexec then dirname($path) will equal /usr/local/bin; this means $file equals /someexec which can never match the executable name which is just someexec.
There are two potential fixes: wrap the assigned $file value with ltrim($file, DIRECTORY_SEPARATOR), or replace the $file = ... line with $file = basename($path);.

I'll make a quick pull request for it if one of the current maintainers agrees this is a bug, and I'm not just doing something wrong.
@jakzal
Copy link
Contributor

jakzal commented Jul 19, 2014

@ben-rosio Looks like a bug to me. Good spot!

@jess-sol jess-sol mentioned this issue Jul 19, 2014
Merged
fabpot added a commit that referenced this issue Jul 25, 2014
@fabpot
bug #11425 Fix issue described in #11421 (Ben, ben-rosio)
045cbc5 
This PR was merged into the 2.3 branch.

Discussion
----------

Fix issue described in #11421

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #11421
| License       | MIT
| Doc PR        | NA

This pull request fixes the issue described in #11421.  It also adds a test for the issue.  The issue is present in 2.0 forward, but I decided to fix it on the 2.3 branch so that I could also write a test for it (2.0 had no tests for the Process component, and 2.1 and 2.2 didn't have tests for the `ExecutableFinder` class).

Commits
-------

4cf50e8 Bring code into standard
9f4313c [Process] Add test to verify fix for issue #11421
02eb765 [Process] Fixes issue #11421
@fabpot fabpot closed this as completed Jul 25, 2014
romainneutron added a commit that referenced this issue Jul 25, 2014
@romainneutron
bug #11436 fix signal handling in wait() on calls to stop() (xabbuh, …
c548bd8 
…romainneutron)

This PR was merged into the 2.3 branch.

Discussion
----------

fix signal handling in wait() on calls to stop()

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #11286
| License       | MIT
| Doc PR        |

``wait()`` throws an exception when the process was terminated by a signal. This should not happen when the termination was requested by calling the ``stop()`` method (for example, inside a callback which is passed to ``wait()``).

Commits
-------

5939d34 [Process] Fix unit tests in sigchild environment
eb68662 [Process] fix signal handling in wait()
94ffc4f bug #11469  [BrowserKit] Fixed server HTTP_HOST port uri conversion (bcremer, fabpot)
103fd88 [BrowserKit] refactor code and fix unquoted regex
f401ab9 Fixed server HTTP_HOST port uri conversion
045cbc5 bug #11425 Fix issue described in #11421 (Ben, ben-rosio)
f5bfa9b bug #11423 Pass a Scope instance instead of a scope name when cloning a container in the GrahpvizDumper (jakzal)
3177be5 minor #11464 [Translator] Use quote to surround invalid locale (lyrixx)
c9742ef [Translator] Use quote to surround invalid locale
4dbe0e1 bug #11120 [2.3][Process] Reduce I/O load on Windows platform (romainneutron)
797d814 bug #11342 [2.3][Form] Check if IntlDateFormatter constructor returned a valid object before using it (romainneutron)
0b5348e minor #11441 [Translator] Optimize assertLocale regexp (Jérémy Derussé)
537c39b Optimize assertLocale regexp
4cf50e8 Bring code into standard
9f4313c [Process] Add test to verify fix for issue #11421
02eb765 [Process] Fixes issue #11421
6787669 [DependencyInjection] Pass a Scope instance instead of a scope name.
9572918 bug #11411 [Validator] Backported #11410 to 2.3: Object initializers are called only once per object (webmozart)
291cbf9 [Validator] Backported #11410 to 2.3: Object initializers are called only once per object
efab884 bug #11403 [Translator][FrameworkBundle] Added @ to the list of allowed chars in Translator (takeit)
3176f8b [Translator][FrameworkBundle] Added @ to the list of allowed chars in Translator
91e32f8 bug #11381 [2.3] [Process] Use correct test for empty string in UnixPipes (whs, romainneutron)
45df2f3 minor #11397 [2.3][Process] Fix unit tests on Windows platform (romainneutron)
cec0a45 [Process] Adjust PR #11264, make it Windows compatible and fix CS
d418935 [Process] Fix unit tests on Windows platform
ff0bb01 [Process] Reduce I/O load on Windows platform
ace5a29 bumped Symfony version to 2.3.19
75e07e6 updated VERSION for 2.3.18
4a12f4d update CONTRIBUTORS for 2.3.18
98b891d updated CHANGELOG for 2.3.18
06a80fb Validate locales sets intos translator
06fc97e feature #11367 [HttpFoundation] Fix to prevent magic bytes injection in JSONP responses... (CVE-2014-4671) (Andrew Moore)
3c54659 minor #11387 [2.3] [Validator] Fix UserPassword validator translation (redstar504)
73d50ed Fix UserPassword validator translation
93a970c bug #11386 Remove Spaceless Blocks from Twig Form Templates (chrisguitarguy)
8f9ed3e Remove Spaceless Blocks from Twig Form Templates
9e1ea4a [Process] Use correct test for empty string in UnixPipes
6af3d05 [HttpFoundation] Fix to prevent magic bytes injection in JSONP responses (Prevents CVE-2014-4671)
ebf967d [Form] Check if IntlDateFormatter constructor returned a valid object before using it
fabpot added a commit that referenced this issue Jul 28, 2014
@fabpot
Merge branch '2.3' into 2.4
4413dac 
* 2.3:
  Update validators.eu.xlf
  fixed CS
  remove unused imports
  Unify null comparisons
  [EventDispatcher] don't count empty listeners
  [Process] Fix unit tests in sigchild environment
  [Process] fix signal handling in wait()
  [BrowserKit] refactor code and fix unquoted regex
  Fixed server HTTP_HOST port uri conversion
  Bring code into standard
  [Process] Add test to verify fix for issue #11421
  [Process] Fixes issue #11421
  [DependencyInjection] Pass a Scope instance instead of a scope name.

Conflicts:
	src/Symfony/Component/EventDispatcher/Tests/EventDispatcherTest.php
fabpot added a commit that referenced this issue Jul 28, 2014
@fabpot
Merge branch '2.4' into 2.5
7e175ef 
* 2.4:
  Update validators.eu.xlf
  fixed CS
  remove unused imports
  [Routing] simplify the XML schema file
  Unify null comparisons
  [EventDispatcher] don't count empty listeners
  [Process] Fix unit tests in sigchild environment
  [Process] fix signal handling in wait()
  [BrowserKit] refactor code and fix unquoted regex
  Fixed server HTTP_HOST port uri conversion
  [MonologBridge] fixed Console handler priorities
  Bring code into standard
  [Process] Add test to verify fix for issue #11421
  [Process] Fixes issue #11421
  [DependencyInjection] Pass a Scope instance instead of a scope name.

Conflicts:
	src/Symfony/Bundle/FrameworkBundle/Test/WebTestCase.php
	src/Symfony/Component/DependencyInjection/Tests/Dumper/GraphvizDumperTest.php
	src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorCollectionTest.php
fabpot added a commit that referenced this issue Jul 28, 2014
@fabpot
Merge branch '2.5'
3e21c4d 
* 2.5:
  Update validators.eu.xlf
  fixed CS
  remove unused imports
  [Validator] Added markObjectAsInitialized() and isObjectInitialized() to ExecutionContextInterface
  [Validator] Fixed doc block
  [Routing] simplify the XML schema file
  Unify null comparisons
  [EventDispatcher] don't count empty listeners
  [Process] Fix unit tests in sigchild environment
  [Process] fix signal handling in wait()
  [BrowserKit] refactor code and fix unquoted regex
  Fixed server HTTP_HOST port uri conversion
  [HttpFoundation] moved test file to the right directory
  [Validator] Made sure that context changes don't leak out of (Contextual)ValidatorInterface
  [MonologBridge] fixed Console handler priorities
  Bring code into standard
  [Process] Add test to verify fix for issue #11421
  [Process] Fixes issue #11421
  [DependencyInjection] Pass a Scope instance instead of a scope name.
ostrolucky pushed a commit to ostrolucky/symfony that referenced this issue Mar 25, 2018
@fabpot
Merge branch '2.3' into 2.4
2b64667 
* 2.3:
  Update validators.eu.xlf
  fixed CS
  remove unused imports
  Unify null comparisons
  [EventDispatcher] don't count empty listeners
  [Process] Fix unit tests in sigchild environment
  [Process] fix signal handling in wait()
  [BrowserKit] refactor code and fix unquoted regex
  Fixed server HTTP_HOST port uri conversion
  Bring code into standard
  [Process] Add test to verify fix for issue symfony#11421
  [Process] Fixes issue symfony#11421
  [DependencyInjection] Pass a Scope instance instead of a scope name.

Conflicts:
	src/Symfony/Component/EventDispatcher/Tests/EventDispatcherTest.php
ostrolucky pushed a commit to ostrolucky/symfony that referenced this issue Mar 25, 2018
@fabpot
Merge branch '2.4' into 2.5
1d5f927 
* 2.4:
  Update validators.eu.xlf
  fixed CS
  remove unused imports
  [Routing] simplify the XML schema file
  Unify null comparisons
  [EventDispatcher] don't count empty listeners
  [Process] Fix unit tests in sigchild environment
  [Process] fix signal handling in wait()
  [BrowserKit] refactor code and fix unquoted regex
  Fixed server HTTP_HOST port uri conversion
  [MonologBridge] fixed Console handler priorities
  Bring code into standard
  [Process] Add test to verify fix for issue symfony#11421
  [Process] Fixes issue symfony#11421
  [DependencyInjection] Pass a Scope instance instead of a scope name.

Conflicts:
	src/Symfony/Bundle/FrameworkBundle/Test/WebTestCase.php
	src/Symfony/Component/DependencyInjection/Tests/Dumper/GraphvizDumperTest.php
	src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorCollectionTest.php
ostrolucky pushed a commit to ostrolucky/symfony that referenced this issue Mar 25, 2018
@fabpot
Merge branch '2.5'
3b979bb 
* 2.5:
  Update validators.eu.xlf
  fixed CS
  remove unused imports
  [Validator] Added markObjectAsInitialized() and isObjectInitialized() to ExecutionContextInterface
  [Validator] Fixed doc block
  [Routing] simplify the XML schema file
  Unify null comparisons
  [EventDispatcher] don't count empty listeners
  [Process] Fix unit tests in sigchild environment
  [Process] fix signal handling in wait()
  [BrowserKit] refactor code and fix unquoted regex
  Fixed server HTTP_HOST port uri conversion
  [HttpFoundation] moved test file to the right directory
  [Validator] Made sure that context changes don't leak out of (Contextual)ValidatorInterface
  [MonologBridge] fixed Console handler priorities
  Bring code into standard
  [Process] Add test to verify fix for issue symfony#11421
  [Process] Fixes issue symfony#11421
  [DependencyInjection] Pass a Scope instance instead of a scope name.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Process
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fabpot @jakzal @jess-sol