103 lines
3.5 KiB
PHP
103 lines
3.5 KiB
PHP
<?php
|
|
header('Content-Type: application/json');
|
|
|
|
$input = json_decode(file_get_contents('php://input'), true);
|
|
$code = $input['code'] ?? '';
|
|
$language = $input['language'] ?? 'python';
|
|
$timeout = min($input['timeout'] ?? 10, 30); // Max 30 secondes
|
|
|
|
if (empty($code)) {
|
|
echo json_encode(['error' => 'Code requis']);
|
|
exit;
|
|
}
|
|
|
|
// Sandbox directory
|
|
$sandboxDir = "/tmp/wevia_sandbox_" . uniqid();
|
|
mkdir($sandboxDir, 0755, true);
|
|
|
|
$result = ['success' => false, 'output' => '', 'error' => '', 'execution_time' => 0];
|
|
$startTime = microtime(true);
|
|
|
|
switch ($language) {
|
|
case 'python':
|
|
case 'python3':
|
|
$filename = "$sandboxDir/script.py";
|
|
file_put_contents($filename, $code);
|
|
|
|
// Exécuter avec timeout et restrictions
|
|
$cmd = "cd $sandboxDir && timeout {$timeout}s python3 -u script.py 2>&1";
|
|
exec($cmd, $output, $returnCode);
|
|
|
|
$result['output'] = implode("\n", $output);
|
|
$result['success'] = ($returnCode === 0);
|
|
$result['return_code'] = $returnCode;
|
|
break;
|
|
|
|
case 'javascript':
|
|
case 'js':
|
|
case 'node':
|
|
$filename = "$sandboxDir/script.js";
|
|
file_put_contents($filename, $code);
|
|
|
|
$cmd = "cd $sandboxDir && timeout {$timeout}s node script.js 2>&1";
|
|
exec($cmd, $output, $returnCode);
|
|
|
|
$result['output'] = implode("\n", $output);
|
|
$result['success'] = ($returnCode === 0);
|
|
$result['return_code'] = $returnCode;
|
|
break;
|
|
|
|
case 'php':
|
|
$filename = "$sandboxDir/script.php";
|
|
// Sécuriser le code PHP
|
|
$safeCode = "<?php\n" . str_replace(['exec', 'shell_exec', 'system', 'passthru', 'popen', 'proc_open', 'file_get_contents', 'file_put_contents', 'unlink', 'rmdir'], '', $code);
|
|
file_put_contents($filename, $safeCode);
|
|
|
|
$cmd = "cd $sandboxDir && timeout {$timeout}s php script.php 2>&1";
|
|
exec($cmd, $output, $returnCode);
|
|
|
|
$result['output'] = implode("\n", $output);
|
|
$result['success'] = ($returnCode === 0);
|
|
$result['return_code'] = $returnCode;
|
|
break;
|
|
|
|
case 'bash':
|
|
case 'shell':
|
|
// Très restreint pour bash
|
|
$safeCmds = ['echo', 'printf', 'date', 'cal', 'expr', 'seq', 'head', 'tail', 'wc', 'sort', 'uniq', 'grep', 'awk', 'sed'];
|
|
$firstWord = explode(' ', trim($code))[0];
|
|
|
|
if (!in_array($firstWord, $safeCmds)) {
|
|
$result['error'] = "Commande '$firstWord' non autorisée. Commandes permises: " . implode(', ', $safeCmds);
|
|
break;
|
|
}
|
|
|
|
$filename = "$sandboxDir/script.sh";
|
|
file_put_contents($filename, "#!/bin/bash\n" . $code);
|
|
chmod($filename, 0755);
|
|
|
|
$cmd = "cd $sandboxDir && timeout {$timeout}s bash script.sh 2>&1";
|
|
exec($cmd, $output, $returnCode);
|
|
|
|
$result['output'] = implode("\n", $output);
|
|
$result['success'] = ($returnCode === 0);
|
|
break;
|
|
|
|
case 'sql':
|
|
// Lecture seule sur une base de test
|
|
$result['error'] = "SQL execution désactivée pour sécurité. Utilisez l'interface DB directement.";
|
|
break;
|
|
|
|
default:
|
|
$result['error'] = "Langage '$language' non supporté. Supportés: python, javascript, php, bash";
|
|
}
|
|
|
|
$result['execution_time'] = round((microtime(true) - $startTime) * 1000);
|
|
$result['language'] = $language;
|
|
|
|
// Nettoyer le sandbox
|
|
exec("rm -rf $sandboxDir");
|
|
|
|
echo json_encode($result);
|
|
|