The Wayback Machine - https://web.archive.org/web/20250524080316/https://github.com/symfony/symfony/issues/49171
Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Add a way to disable or remove some cli commands depending of runtime environment #49171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
shouze opened this issue Jan 31, 2023 · 6 comments
Closed

Add a way to disable or remove some cli commands depending of runtime environment #49171

shouze opened this issue Jan 31, 2023 · 6 comments
Labels
Console Feature FrameworkBundle Stalled

Comments

@shouze
Copy link

shouze commented Jan 31, 2023

Description

Having all the cli commands of a Symfony app available on production deployed artifact can be at least a security risk, especially for commands that can write/generate files, but also those that can lead/expose sensible information. So have a way to at least disable them would be great.

Moreover, they're useless in production so removing them would a a great bonus. Think about serverless deployment platforms where smallest as possible artifacts are recommanded to have the best performance and surface of attack.

Example

I have no example but I've found APP_RUNTIME_ENV/kernel.runtime_environment introduced in 5.2.0 that triggers an error in WebProfilerBundle. That could be the minimum behavior to implement if we cannot disable those commands at first iteration.

Then the feature could evovle to:

  • disabling those commands (thanks to a php attribute like the When one, but scoped to runtime environment too?)
  • removing them : I have no idea on how to achieve that, excepting through a sort of packaging/bundling process? Not sure, maybe a flex recipe?
@alessandro-podo
Copy link

use Symfony\Component\DependencyInjection\Attribute\When;
you can use #[When('<env>')] as an Attribute for your commands

@shouze
Copy link
Author

shouze commented Feb 1, 2023

use Symfony\Component\DependencyInjection\Attribute\When;

you can use #[When('<env>')] as an Attribute for your commands

Of course! But I'm talking about all commands bundled into Symfony, like messenger, framework-bundle, var-dumper ones, and so on. Otherwise I didn't open an issue.

@GromNaN
Copy link
Member

GromNaN commented Feb 1, 2023
edited
Loading

Since this commands are declared as services, you can remove service definition using a compiler pass.

It might be an interesting feature to add to the FrameworkBundle: list in the config the services to remove.

@carsonbot
Copy link

Thank you for this suggestion.
There has not been a lot of activity here for a while. Would you still like to see this feature?

@carsonbot
Copy link

Friendly reminder that this issue exists. If I don't hear anything I'll close this.

@carsonbot
Copy link

Hey,

I didn't hear anything so I'm going to close it. Feel free to comment if this is still relevant, I can always reopen!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Console Feature FrameworkBundle Stalled
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@shouze @GromNaN @xabbuh @carsonbot @alessandro-podo
Morty Proxy This is a proxified and sanitized view of the page, visit original site.