search

phpro / grumphp

A PHP code-quality tool
MIT License
4.11k stars 429 forks source link

Override open_basedir only for grumphp test #1116

Closed devbysb closed 2 weeks ago

devbysb commented 6 months ago
Q A
Version 2.2.0
Bug? no
New feature? no
Question? yes
Documentation? no
Related tickets

Hi is it possible to override php open_basedir to add /usr/bin for running git command (git blacklist). I have restrict open_basedir to only my project. I'm using php in docker and a docker compose file.

A possible solution is to add an other container only for execute grumphp. Do you have other solution ?

Thank you :)

My configuration

# grumphp.yml
grumphp:
    git_hook_variables:
        EXEC_GRUMPHP_COMMAND: docker-compose exec -T php php
    hooks_dir: ~
    hooks_preset: local
    stop_on_failure: true
    ignore_unstaged_changes: false
    hide_circumvention_tip: false
    process_timeout: 180
    parallel:
        enabled: false
    ascii:
        failed: ~
        succeeded: ~
    tasks:
        composer: ~
        git_blacklist:
            keywords:
                - "die("
                - "var_dump("
                - "dd("
                - "exit;"
            triggered_by: ['php']
            regexp_type: G
            match_word: true
        git_commit_message:
            allow_empty_message: false
            enforce_capitalized_subject: false
            enforce_no_subject_trailing_period: false
            enforce_single_lined_subject: false
            max_body_width: 120
            max_subject_width: 120
            multiline: true
            additional_modifiers: ''
        phpcsfixer2:
            allow_risky: true
            cache_file: '.php_cs.cache'
            config: .php-cs-fixer.dist.php
            rules: []
            using_cache: false
            config_contains_finder: true
            verbose: true
            diff: false
            triggered_by: ['php']
        phpunitbridge: ~
        securitychecker_enlightn:
            lockfile: ./composer.lock
        twigcs:
            path: '.'
            severity: 'warning'
            display: 'all'
            ruleset: 'FriendsOfTwig\Twigcs\Ruleset\Official'
            triggered_by: ['twig']
            exclude: ["vendor"]
        doctrine_schema_validate:
            skip_mapping: false
            skip_sync: false
            triggered_by: [ 'php', 'xml', 'yml' ]
    testsuites: []
    extensions:
        - JonMldr\GrumPhpDoctrineTask\ExtensionLoader

Steps to reproduce:

# set php.ini
open_basedir="/app/:/tmp/"

# Run GrumPHP:
git add -A && git commit -m"Test"
# or
./vendor/bin/grumphp run
# OR in my case
docker-compose exec -T php php ./vendor/bin/grumphp run

Result:

Warning: is_executable(): open_basedir restriction in effect. File(/usr/bin/git) is not within the allowed path(s): (/app/:/tmp/) in /app/vendor/symfony/process/ExecutableFinder.php on line 76
veewee commented 6 months ago

GrumPHP does not set any php ini settings for you. Would it be an option to set this at PHP CLI level?

Something like:

EXEC_GRUMPHP_COMMAND: docker-compose exec -T php php -d 'open_basedir=/'
veewee commented 2 weeks ago

Closing because of inactivity