search

phpro / grumphp

A PHP code-quality tool
MIT License
4.15k stars 431 forks source link

Override open_basedir only for grumphp test #1116

Closed devbysb closed 5 months ago

devbysb commented 11 months ago
Q A
Version 2.2.0
Bug? no
New feature? no
Question? yes
Documentation? no
Related tickets

Hi is it possible to override php open_basedir to add /usr/bin for running git command (git blacklist). I have restrict open_basedir to only my project. I'm using php in docker and a docker compose file.

A possible solution is to add an other container only for execute grumphp. Do you have other solution ?

Thank you :)

My configuration

# grumphp.yml
grumphp:
    git_hook_variables:
        EXEC_GRUMPHP_COMMAND: docker-compose exec -T php php
    hooks_dir: ~
    hooks_preset: local
    stop_on_failure: true
    ignore_unstaged_changes: false
    hide_circumvention_tip: false
    process_timeout: 180
    parallel:
        enabled: false
    ascii:
        failed: ~
        succeeded: ~
    tasks:
        composer: ~
        git_blacklist:
            keywords:
                - "die("
                - "var_dump("
                - "dd("
                - "exit;"
            triggered_by: ['php']
            regexp_type: G
            match_word: true
        git_commit_message:
            allow_empty_message: false
            enforce_capitalized_subject: false
            enforce_no_subject_trailing_period: false
            enforce_single_lined_subject: false
            max_body_width: 120
            max_subject_width: 120
            multiline: true
            additional_modifiers: ''
        phpcsfixer2:
            allow_risky: true
            cache_file: '.php_cs.cache'
            config: .php-cs-fixer.dist.php
            rules: []
            using_cache: false
            config_contains_finder: true
            verbose: true
            diff: false
            triggered_by: ['php']
        phpunitbridge: ~
        securitychecker_enlightn:
            lockfile: ./composer.lock
        twigcs:
            path: '.'
            severity: 'warning'
            display: 'all'
            ruleset: 'FriendsOfTwig\Twigcs\Ruleset\Official'
            triggered_by: ['twig']
            exclude: ["vendor"]
        doctrine_schema_validate:
            skip_mapping: false
            skip_sync: false
            triggered_by: [ 'php', 'xml', 'yml' ]
    testsuites: []
    extensions:
        - JonMldr\GrumPhpDoctrineTask\ExtensionLoader

Steps to reproduce:

# set php.ini
open_basedir="/app/:/tmp/"

# Run GrumPHP:
git add -A && git commit -m"Test"
# or
./vendor/bin/grumphp run
# OR in my case
docker-compose exec -T php php ./vendor/bin/grumphp run

Result:

Warning: is_executable(): open_basedir restriction in effect. File(/usr/bin/git) is not within the allowed path(s): (/app/:/tmp/) in /app/vendor/symfony/process/ExecutableFinder.php on line 76
veewee commented 11 months ago

GrumPHP does not set any php ini settings for you. Would it be an option to set this at PHP CLI level?

Something like:

EXEC_GRUMPHP_COMMAND: docker-compose exec -T php php -d 'open_basedir=/'
veewee commented 5 months ago

Closing because of inactivity