public function test_ShouldNotAccessShell() { $this->setExpectedException(paslandau\PhpSandbox\SandboxException::class); // $parser = (new ParserFactory())->create(ParserFactory::PREFER_PHP7); $parser = new Parser(new Lexer()); $printer = new Standard(); $visitor = new WhitelistVisitor([], [PhpParser\Node\Stmt\Return_::class]); // PhpParser\Node\Expr\ShellExec::class <<< is not allowed $sandbox = new Sandbox($visitor, $parser, $printer); $code = ' return `echo foo`; '; $sandbox->validate($code); $res = $sandbox->execute($code); $this->assertNotEquals("foo\n", $res); }
<?php use Monolog\Handler\StreamHandler; use Monolog\Logger; use paslandau\PageRank\Calculation\PageRank; use paslandau\PageRank\Calculation\ResultFormatter; use paslandau\PageRank\Import\CsvImporter; use paslandau\PhpSandbox\Sandbox; use paslandau\PhpSandbox\WhitelistVisitor; use PhpParser\ParserFactory; use PhpParser\PrettyPrinter\Standard; use Symfony\Component\Yaml\Parser; require_once __DIR__ . "/bootstrap.php"; $parser = (new ParserFactory())->create(ParserFactory::PREFER_PHP7); $printer = new Standard(); $visitor = new WhitelistVisitor(); $sandbox = new Sandbox($visitor, $parser, $printer); $code = ' $a = 1+1; return $a; '; try { $sandbox->validate($code); $res = $sandbox->executeWithArgs($code); echo "Result: '{$res["result"]}'\n'"; echo "Args:\n" . print_r($res["args"], true); } catch (Exception $e) { echo "[" . get_class($e) . "] " . $e->getMessage(); }