Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Override open_basedir only for grumphp test #1116

Open
devbysb opened this issue Dec 13, 2023 · 1 comment
Open

Override open_basedir only for grumphp test #1116

devbysb opened this issue Dec 13, 2023 · 1 comment

Comments

@devbysb
Copy link

devbysb commented Dec 13, 2023

Q A
Version 2.2.0
Bug? no
New feature? no
Question? yes
Documentation? no
Related tickets

Hi is it possible to override php open_basedir to add /usr/bin for running git command (git blacklist).
I have restrict open_basedir to only my project.
I'm using php in docker and a docker compose file.

A possible solution is to add an other container only for execute grumphp.
Do you have other solution ?

Thank you :)

My configuration

# grumphp.yml
grumphp:
    git_hook_variables:
        EXEC_GRUMPHP_COMMAND: docker-compose exec -T php php
    hooks_dir: ~
    hooks_preset: local
    stop_on_failure: true
    ignore_unstaged_changes: false
    hide_circumvention_tip: false
    process_timeout: 180
    parallel:
        enabled: false
    ascii:
        failed: ~
        succeeded: ~
    tasks:
        composer: ~
        git_blacklist:
            keywords:
                - "die("
                - "var_dump("
                - "dd("
                - "exit;"
            triggered_by: ['php']
            regexp_type: G
            match_word: true
        git_commit_message:
            allow_empty_message: false
            enforce_capitalized_subject: false
            enforce_no_subject_trailing_period: false
            enforce_single_lined_subject: false
            max_body_width: 120
            max_subject_width: 120
            multiline: true
            additional_modifiers: ''
        phpcsfixer2:
            allow_risky: true
            cache_file: '.php_cs.cache'
            config: .php-cs-fixer.dist.php
            rules: []
            using_cache: false
            config_contains_finder: true
            verbose: true
            diff: false
            triggered_by: ['php']
        phpunitbridge: ~
        securitychecker_enlightn:
            lockfile: ./composer.lock
        twigcs:
            path: '.'
            severity: 'warning'
            display: 'all'
            ruleset: 'FriendsOfTwig\Twigcs\Ruleset\Official'
            triggered_by: ['twig']
            exclude: ["vendor"]
        doctrine_schema_validate:
            skip_mapping: false
            skip_sync: false
            triggered_by: [ 'php', 'xml', 'yml' ]
    testsuites: []
    extensions:
        - JonMldr\GrumPhpDoctrineTask\ExtensionLoader

Steps to reproduce:

# set php.ini
open_basedir="/app/:/tmp/"

# Run GrumPHP:
git add -A && git commit -m"Test"
# or
./vendor/bin/grumphp run
# OR in my case
docker-compose exec -T php php ./vendor/bin/grumphp run

Result:

Warning: is_executable(): open_basedir restriction in effect. File(/usr/bin/git) is not within the allowed path(s): (/app/:/tmp/) in /app/vendor/symfony/process/ExecutableFinder.php on line 76
@veewee
Copy link
Contributor

veewee commented Dec 14, 2023

GrumPHP does not set any php ini settings for you.
Would it be an option to set this at PHP CLI level?

Something like:

EXEC_GRUMPHP_COMMAND: docker-compose exec -T php php -d 'open_basedir=/'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@veewee @devbysb