From 8f095683d0ce6cf725abe93738075d33655af996 Mon Sep 17 00:00:00 2001 From: Robin Chalas Date: Tue, 2 Jan 2018 16:28:00 +0100 Subject: [PATCH 1/4] [Security] Fix fatal error on non string username --- .../SimpleFormAuthenticationListener.php | 17 ++++++---- ...namePasswordFormAuthenticationListener.php | 15 +++++---- ...PasswordFormAuthenticationListenerTest.php | 32 +++++++++++++++++++ 3 files changed, 51 insertions(+), 13 deletions(-) diff --git a/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php index cf61d83d43..9b6bfd1a3f 100644 --- a/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/SimpleFormAuthenticationListener.php @@ -15,6 +15,7 @@ use Symfony\Component\EventDispatcher\EventDispatcherInterface; use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderAdapter; use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Symfony\Component\Security\Core\Exception\InvalidArgumentException; use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException; use Symfony\Component\Security\Csrf\CsrfToken; @@ -107,15 +108,17 @@ class SimpleFormAuthenticationListener extends AbstractAuthenticationListener } } - if ($this->options['post_only']) { - $username = trim($request->request->get($this->options['username_parameter'], null, true)); - $password = $request->request->get($this->options['password_parameter'], null, true); - } else { - $username = trim($request->get($this->options['username_parameter'], null, true)); - $password = $request->get($this->options['password_parameter'], null, true); + $requestBag = $this->options['post_only'] ? $request->request : $request; + $username = $requestBag->get($this->options['username_parameter'], null, true); + $password = $requestBag->get($this->options['password_parameter'], null, true); + + if (!\is_string($username) || (\is_object($username) && !\method_exists($username, '__toString'))) { + throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($username))); } - if (strlen($username) > Security::MAX_USERNAME_LENGTH) { + $username = trim($username); + + if (\strlen($username) > Security::MAX_USERNAME_LENGTH) { throw new BadCredentialsException('Invalid username.'); } diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php index ba4329b0ea..edcd3f2ef3 100644 --- a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php @@ -15,6 +15,7 @@ use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderAdapter; use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface; use Symfony\Component\HttpFoundation\Request; use Psr\Log\LoggerInterface; +use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Symfony\Component\Security\Csrf\CsrfToken; use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface; @@ -84,14 +85,16 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL } } - if ($this->options['post_only']) { - $username = trim($request->request->get($this->options['username_parameter'], null, true)); - $password = $request->request->get($this->options['password_parameter'], null, true); - } else { - $username = trim($request->get($this->options['username_parameter'], null, true)); - $password = $request->get($this->options['password_parameter'], null, true); + $requestBag = $this->options['post_only'] ? $request->request : $request; + $username = $requestBag->get($this->options['username_parameter'], null, true); + $password = $requestBag->get($this->options['password_parameter'], null, true); + + if (!\is_string($username) || (\is_object($username) && !\method_exists($username, '__toString'))) { + throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($username))); } + $username = trim($username); + if (strlen($username) > Security::MAX_USERNAME_LENGTH) { throw new BadCredentialsException('Invalid username.'); } diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php index 62b4c48f92..2e99f70e7e 100644 --- a/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php +++ b/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php @@ -14,8 +14,15 @@ namespace Symfony\Component\Security\Tests\Http\Firewall; use PHPUnit\Framework\TestCase; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\HttpKernel\Event\GetResponseEvent; +use Symfony\Component\HttpKernel\HttpKernelInterface; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage; +use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler; +use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler; use Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener; use Symfony\Component\Security\Core\SecurityContextInterface; +use Symfony\Component\Security\Http\HttpUtils; +use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategy; class UsernamePasswordFormAuthenticationListenerTest extends TestCase { @@ -69,6 +76,31 @@ class UsernamePasswordFormAuthenticationListenerTest extends TestCase $listener->handle($event); } + /** + * @expectedException \Symfony\Component\HttpKernel\Exception\BadRequestHttpException + * @expectedExceptionMessage The key "_username" must be a string, "array" given. + */ + public function testHandleNonStringUsername() + { + $request = Request::create('/login_check', 'POST', array('_username' => array())); + $request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock()); + + $listener = new UsernamePasswordFormAuthenticationListener( + new TokenStorage(), + $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface')->getMock(), + new SessionAuthenticationStrategy(SessionAuthenticationStrategy::NONE), + $httpUtils = new HttpUtils(), + 'foo', + new DefaultAuthenticationSuccessHandler($httpUtils), + new DefaultAuthenticationFailureHandler($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $httpUtils), + array('require_previous_session' => false) + ); + + $event = new GetResponseEvent($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $request, HttpKernelInterface::MASTER_REQUEST); + + $listener->handle($event); + } + public function getUsernameForLength() { return array( From 0f79d09a100ab3dbff94cd4c6c04b6cfac227a37 Mon Sep 17 00:00:00 2001 From: Yanick Witschi Date: Mon, 15 Jan 2018 16:19:42 +0100 Subject: [PATCH 2/4] Fixed Request::__toString ignoring cookies --- src/Symfony/Component/HttpFoundation/Request.php | 14 +++++++++++++- .../Component/HttpFoundation/Tests/RequestTest.php | 12 +++++++++++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php index 7a24f1cf85..ce7258acd6 100644 --- a/src/Symfony/Component/HttpFoundation/Request.php +++ b/src/Symfony/Component/HttpFoundation/Request.php @@ -496,9 +496,21 @@ class Request return trigger_error($e, E_USER_ERROR); } + $cookieHeader = ''; + $cookies = array(); + + foreach ($this->cookies as $k => $v) { + $cookies[] = $k.'='.$v; + } + + if (!empty($cookies)) { + $cookieHeader = 'Cookie: '.implode('; ', $cookies)."\r\n"; + } + return sprintf('%s %s %s', $this->getMethod(), $this->getRequestUri(), $this->server->get('SERVER_PROTOCOL'))."\r\n". - $this->headers."\r\n". + $this->headers. + $cookieHeader."\r\n". $content; } diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php index 1b6426ae93..5dad405761 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php @@ -1454,8 +1454,18 @@ class RequestTest extends TestCase $request = new Request(); $request->headers->set('Accept-language', 'zh, en-us; q=0.8, en; q=0.6'); + $request->cookies->set('Foo', 'Bar'); - $this->assertContains('Accept-Language: zh, en-us; q=0.8, en; q=0.6', $request->__toString()); + $asString = (string) $request; + + $this->assertContains('Accept-Language: zh, en-us; q=0.8, en; q=0.6', $asString); + $this->assertContains('Cookie: Foo=Bar', $asString); + + $request->cookies->set('Another', 'Cookie'); + + $asString = (string) $request; + + $this->assertContains('Cookie: Foo=Bar; Another=Cookie', $asString); } public function testIsMethod() From d76a545c0196a05ae7df2883ea30412cd37b20c0 Mon Sep 17 00:00:00 2001 From: Pierre du Plessis Date: Mon, 15 Jan 2018 21:47:29 +0200 Subject: [PATCH 3/4] [Router] Skip anonymous classes when loading annotated routes --- .../Routing/Loader/AnnotationFileLoader.php | 10 ++++---- .../AnonymousClassInTrait.php | 24 +++++++++++++++++++ .../Tests/Loader/AnnotationFileLoaderTest.php | 11 +++++++++ 3 files changed, 40 insertions(+), 5 deletions(-) create mode 100644 src/Symfony/Component/Routing/Tests/Fixtures/OtherAnnotatedClasses/AnonymousClassInTrait.php diff --git a/src/Symfony/Component/Routing/Loader/AnnotationFileLoader.php b/src/Symfony/Component/Routing/Loader/AnnotationFileLoader.php index 9c5ab1b6ae..ea203d4fea 100644 --- a/src/Symfony/Component/Routing/Loader/AnnotationFileLoader.php +++ b/src/Symfony/Component/Routing/Loader/AnnotationFileLoader.php @@ -107,22 +107,22 @@ class AnnotationFileLoader extends FileLoader } if (T_CLASS === $token[0]) { - // Skip usage of ::class constant - $isClassConstant = false; + // Skip usage of ::class constant and anonymous classes + $skipClassToken = false; for ($j = $i - 1; $j > 0; --$j) { if (!isset($tokens[$j][1])) { break; } - if (T_DOUBLE_COLON === $tokens[$j][0]) { - $isClassConstant = true; + if (T_DOUBLE_COLON === $tokens[$j][0] || T_NEW === $tokens[$j][0]) { + $skipClassToken = true; break; } elseif (!in_array($tokens[$j][0], array(T_WHITESPACE, T_DOC_COMMENT, T_COMMENT))) { break; } } - if (!$isClassConstant) { + if (!$skipClassToken) { $class = true; } } diff --git a/src/Symfony/Component/Routing/Tests/Fixtures/OtherAnnotatedClasses/AnonymousClassInTrait.php b/src/Symfony/Component/Routing/Tests/Fixtures/OtherAnnotatedClasses/AnonymousClassInTrait.php new file mode 100644 index 0000000000..de87895649 --- /dev/null +++ b/src/Symfony/Component/Routing/Tests/Fixtures/OtherAnnotatedClasses/AnonymousClassInTrait.php @@ -0,0 +1,24 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Routing\Tests\Fixtures\OtherAnnotatedClasses; + +trait AnonymousClassInTrait +{ + public function test() + { + return new class() { + public function foo() + { + } + }; + } +} diff --git a/src/Symfony/Component/Routing/Tests/Loader/AnnotationFileLoaderTest.php b/src/Symfony/Component/Routing/Tests/Loader/AnnotationFileLoaderTest.php index a022af44be..7665f71fdc 100644 --- a/src/Symfony/Component/Routing/Tests/Loader/AnnotationFileLoaderTest.php +++ b/src/Symfony/Component/Routing/Tests/Loader/AnnotationFileLoaderTest.php @@ -58,6 +58,17 @@ class AnnotationFileLoaderTest extends AbstractAnnotationLoaderTest $this->loader->load(__DIR__.'/../Fixtures/OtherAnnotatedClasses/VariadicClass.php'); } + /** + * @requires PHP 7.0 + */ + public function testLoadAnonymousClass() + { + $this->reader->expects($this->never())->method('getClassAnnotation'); + $this->reader->expects($this->never())->method('getMethodAnnotations'); + + $this->loader->load(__DIR__.'/../Fixtures/OtherAnnotatedClasses/AnonymousClassInTrait.php'); + } + public function testSupports() { $fixture = __DIR__.'/../Fixtures/annotated.php'; From 10e33acf4241d13de88da7f2f5e29dde2e460f76 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Tue, 16 Jan 2018 18:32:27 +0100 Subject: [PATCH 4/4] [appveyor] set memory_limit=-1 --- appveyor.yml | 1 + .../Component/Security/Http/Firewall/ContextListener.php | 8 +++----- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/appveyor.yml b/appveyor.yml index 6d86996726..9ff140b0a2 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -31,6 +31,7 @@ install: - 7z x php_memcache-3.0.8-5.3-nts-vc9-x86.zip -y >nul - cd .. - copy /Y php.ini-development php.ini-min + - echo memory_limit=-1 >> php.ini-min - echo serialize_precision=14 >> php.ini-min - echo max_execution_time=1200 >> php.ini-min - echo date.timezone="America/Los_Angeles" >> php.ini-min diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php index 7a3483b2ec..2c315b9944 100644 --- a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php @@ -39,8 +39,6 @@ class ContextListener implements ListenerInterface private $dispatcher; private $registered; - private static $unserializeExceptionCode = 0x37313bc; - public function __construct(TokenStorageInterface $tokenStorage, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) { if (empty($contextKey)) { @@ -180,7 +178,7 @@ class ContextListener implements ListenerInterface $prevUnserializeHandler = ini_set('unserialize_callback_func', __CLASS__.'::handleUnserializeCallback'); $prevErrorHandler = set_error_handler(function ($type, $msg, $file, $line, $context = array()) use (&$prevErrorHandler) { if (__FILE__ === $file) { - throw new \UnexpectedValueException($msg, self::$unserializeExceptionCode); + throw new \UnexpectedValueException($msg, 0x37313bc); } return $prevErrorHandler ? $prevErrorHandler($type, $msg, $file, $line, $context) : false; @@ -194,7 +192,7 @@ class ContextListener implements ListenerInterface restore_error_handler(); ini_set('unserialize_callback_func', $prevUnserializeHandler); if ($e) { - if (!$e instanceof \UnexpectedValueException || self::$unserializeExceptionCode !== $e->getCode()) { + if (!$e instanceof \UnexpectedValueException || 0x37313bc !== $e->getCode()) { throw $e; } if ($this->logger) { @@ -210,6 +208,6 @@ class ContextListener implements ListenerInterface */ public static function handleUnserializeCallback($class) { - throw new \UnexpectedValueException('Class not found: '.$class, self::$unserializeExceptionCode); + throw new \UnexpectedValueException('Class not found: '.$class, 0x37313bc); } }