perf: move sandboxed environment to the C side (#2058)

This PR uses `zend_array_dup` to simplify and optimize the environment sandboxing
logic. It also guarantees no environment leakage on FrankenPHP restarts.

Author: AlliBalliBaba

caddy/caddy_test.go

@@ -61,6 +61,16 @@ func escapeMetricLabel(s string) string {
 	return strings.ReplaceAll(s, "\\", "\\\\")
 }
 
+func TestMain(m *testing.M) {
+	// setup custom environment vars for TestOsEnv
+	if os.Setenv("ENV1", "value1") != nil || os.Setenv("ENV2", "value2") != nil {
+		fmt.Println("Failed to set environment variables for tests")
+		os.Exit(1)
+	}
+
+	os.Exit(m.Run())
+}
+
 func TestPHP(t *testing.T) {
 	var wg sync.WaitGroup
 	tester := caddytest.NewTester(t)
@@ -957,9 +967,6 @@ func testSingleIniConfiguration(tester *caddytest.Tester, key string, value stri
 }
 
 func TestOsEnv(t *testing.T) {
-	require.NoError(t, os.Setenv("ENV1", "value1"))
-	require.NoError(t, os.Setenv("ENV2", "value2"))
-
 	tester := caddytest.NewTester(t)
 	tester.InitServer(`
 		{

caddy/mercure.go

@@ -5,13 +5,13 @@ package caddy
 import (
 	"encoding/json"
 	"errors"
-	"os"
 	"github.com/caddyserver/caddy/v2"
 	"github.com/caddyserver/caddy/v2/caddyconfig"
 	"github.com/caddyserver/caddy/v2/modules/caddyhttp"
 	"github.com/dunglas/frankenphp"
 	"github.com/dunglas/mercure"
 	mercureCaddy "github.com/dunglas/mercure/caddy"
+	"os"
 )
 
 func init() {
@@ -67,5 +67,5 @@ func createMercureRoute() (caddyhttp.Route, error) {
 		},
 	}
 
-	return mercureRoute, nil;
+	return mercureRoute, nil
 }

caddy/php-server.go

@@ -253,8 +253,8 @@ func cmdPHPServer(fs caddycmd.Flags) (int, error) {
 	if mercure {
 		mercureRoute, err := createMercureRoute()
 		if err != nil {
-        	return caddy.ExitCodeFailedStartup, err
-        }
+			return caddy.ExitCodeFailedStartup, err
+		}
 
 		subroute.Routes = append(caddyhttp.RouteList{mercureRoute}, subroute.Routes...)
 	}

env.go

@@ -3,114 +3,32 @@ package frankenphp
 // #cgo nocallback frankenphp_init_persistent_string
 // #cgo noescape frankenphp_init_persistent_string
 // #include "frankenphp.h"
-// #include <Zend/zend_API.h>
+// #include "types.h"
 import "C"
 import (
 	"os"
 	"strings"
-	"unsafe"
 )
 
-func initializeEnv() map[string]*C.zend_string {
-	env := os.Environ()
-	envMap := make(map[string]*C.zend_string, len(env))
-
-	for _, envVar := range env {
+//export go_init_os_env
+func go_init_os_env(mainThreadEnv *C.zend_array) {
+	for _, envVar := range os.Environ() {
 		key, val, _ := strings.Cut(envVar, "=")
-		envMap[key] = C.frankenphp_init_persistent_string(toUnsafeChar(val), C.size_t(len(val)))
-	}
-
-	return envMap
-}
-
-// get the main thread env or the thread specific env
-func getSandboxedEnv(thread *phpThread) map[string]*C.zend_string {
-	if thread.sandboxedEnv != nil {
-		return thread.sandboxedEnv
-	}
-
-	return mainThread.sandboxedEnv
-}
-
-func clearSandboxedEnv(thread *phpThread) {
-	if thread.sandboxedEnv == nil {
-		return
-	}
-
-	for key, val := range thread.sandboxedEnv {
-		valInMainThread, ok := mainThread.sandboxedEnv[key]
-		if !ok || val != valInMainThread {
-			C.free(unsafe.Pointer(val))
-		}
-	}
-
-	thread.sandboxedEnv = nil
-}
-
-// if an env var already exists, it needs to be freed
-func removeEnvFromThread(thread *phpThread, key string) {
-	valueInThread, existsInThread := thread.sandboxedEnv[key]
-	if !existsInThread {
-		return
-	}
-
-	valueInMainThread, ok := mainThread.sandboxedEnv[key]
-	if !ok || valueInThread != valueInMainThread {
-		C.free(unsafe.Pointer(valueInThread))
-	}
-
-	delete(thread.sandboxedEnv, key)
-}
-
-// copy the main thread env to the thread specific env
-func cloneSandboxedEnv(thread *phpThread) {
-	if thread.sandboxedEnv != nil {
-		return
-	}
-	thread.sandboxedEnv = make(map[string]*C.zend_string, len(mainThread.sandboxedEnv))
-	for key, value := range mainThread.sandboxedEnv {
-		thread.sandboxedEnv[key] = value
+		zkey := C.frankenphp_init_persistent_string(toUnsafeChar(key), C.size_t(len(key)))
+		zStr := C.frankenphp_init_persistent_string(toUnsafeChar(val), C.size_t(len(val)))
+		C.__hash_update_string__(mainThreadEnv, zkey, zStr)
 	}
 }
 
 //export go_putenv
-func go_putenv(threadIndex C.uintptr_t, str *C.char, length C.int) C.bool {
-	thread := phpThreads[threadIndex]
-	envString := C.GoStringN(str, length)
-	cloneSandboxedEnv(thread)
-
-	// Check if '=' is present in the string
-	if key, val, found := strings.Cut(envString, "="); found {
-		removeEnvFromThread(thread, key)
-		thread.sandboxedEnv[key] = C.frankenphp_init_persistent_string(toUnsafeChar(val), C.size_t(len(val)))
-		return os.Setenv(key, val) == nil
-	}
-
-	// No '=', unset the environment variable
-	removeEnvFromThread(thread, envString)
-	return os.Unsetenv(envString) == nil
-}
-
-//export go_getfullenv
-func go_getfullenv(threadIndex C.uintptr_t, trackVarsArray *C.zval) {
-	thread := phpThreads[threadIndex]
-	env := getSandboxedEnv(thread)
-
-	for key, val := range env {
-		C.add_assoc_str_ex(trackVarsArray, toUnsafeChar(key), C.size_t(len(key)), val)
-	}
-}
-
-//export go_getenv
-func go_getenv(threadIndex C.uintptr_t, name *C.char) (C.bool, *C.zend_string) {
-	thread := phpThreads[threadIndex]
+func go_putenv(name *C.char, nameLen C.int, val *C.char, valLen C.int) C.bool {
+	goName := C.GoStringN(name, nameLen)
 
-	// Get the environment variable value
-	envValue, exists := getSandboxedEnv(thread)[C.GoString(name)]
-	if !exists {
-		// Environment variable does not exist
-		return false, nil // Return 0 to indicate failure
+	if val == nil {
+		// If no "=" is present, unset the environment variable
+		return C.bool(os.Unsetenv(goName) == nil)
 	}
 
-	return true, envValue // Return 1 to indicate success
+	goVal := C.GoStringN(val, valLen)
+	return C.bool(os.Setenv(goName, goVal) == nil)
 }