composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-28 04:58:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)

Browse Source 
Upgrade all Symfony components to last security fix (~6.4.0)
This commit is contained in:
Benjamin Dalsass
2025-08-06 08:54:56 +02:00
committed by GitHub
parent 603340b852
commit cdbcd14767
608 changed files with 5020 additions and 3793 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
lib/symfony/dependency-injection/Compiler/CheckExceptionOnInvalidReferenceBehaviorPass.php
View File

@@ -60,15 +60,7 @@ class CheckExceptionOnInvalidReferenceBehaviorPass extends AbstractRecursivePass
if (isset($this->serviceLocatorContextIds[$currentId])) {
$currentId = $this->serviceLocatorContextIds[$currentId];
$locator = $this->container->getDefinition($this->currentId)->getFactory()[0];
foreach ($locator->getArgument(0) as $k => $v) {
if ($v->getValues()[0] === $value) {
if ($k !== $id) {
$currentId = $k.'" in the container provided to "'.$currentId;
}
throw new ServiceNotFoundException($id, $currentId, null, $this->getAlternatives($id));
}
}
$this->throwServiceNotFoundException($value, $currentId, $locator->getArgument(0));
}
if ('.' === $currentId[0] && $graph->hasNode($currentId)) {
@@ -82,14 +74,21 @@ class CheckExceptionOnInvalidReferenceBehaviorPass extends AbstractRecursivePass
$currentId = $sourceId;
break;
}
if (isset($this->serviceLocatorContextIds[$sourceId])) {
$currentId = $this->serviceLocatorContextIds[$sourceId];
$locator = $this->container->getDefinition($this->currentId);
$this->throwServiceNotFoundException($value, $currentId, $locator->getArgument(0));
}
}
}
throw new ServiceNotFoundException($id, $currentId, null, $this->getAlternatives($id));
$this->throwServiceNotFoundException($value, $currentId, $value);
}
private function getAlternatives(string $id): array
private function throwServiceNotFoundException(Reference $ref, string $sourceId, $value): void
{
$id = (string) $ref;
$alternatives = [];
foreach ($this->container->getServiceIds() as $knownId) {
if ('' === $knownId || '.' === $knownId[0] || $knownId === $this->currentId) {
@@ -102,6 +101,28 @@ class CheckExceptionOnInvalidReferenceBehaviorPass extends AbstractRecursivePass
}
}
return $alternatives;
$pass = new class() extends AbstractRecursivePass {
public Reference $ref;
public string $sourceId;
public array $alternatives;
public function processValue(mixed $value, bool $isRoot = false): mixed
{
if ($this->ref !== $value) {
return parent::processValue($value, $isRoot);
}
$sourceId = $this->sourceId;
if (null !== $this->currentId && $this->currentId !== (string) $value) {
$sourceId = $this->currentId.'" in the container provided to "'.$sourceId;
}
throw new ServiceNotFoundException((string) $value, $sourceId, null, $this->alternatives);
}
};
$pass->ref = $ref;
$pass->sourceId = $sourceId;
$pass->alternatives = $alternatives;
$pass->processValue($value, true);
}
}