Security policy wildcard support for methods/properties #3901
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…are and would throw an error immediately anyways
fabpot
requested changes
Dec 19, 2023
| * - Method/property can also be specified with a trailing wildcard to allow all methods/properties with a certain prefix, eg. `\DateTime => ['get*', ...]` in order to allow all methods/properties that start with `get`. | ||
| * | ||
| * @author Yaakov Saxon <ysaxon@gmail.com> | ||
| */ |
There was a problem hiding this comment.
Let's mark this class as@internal.
| */ | ||
| final class MemberMatcher | ||
| { | ||
| private $allowedMembers; |
There was a problem hiding this comment.
Suggested change
| private $allowedMembers; | |
| private array $allowedMembers; |
| final class MemberMatcher | ||
| { | ||
| private $allowedMembers; | ||
| private $cache = []; |
There was a problem hiding this comment.
Suggested change
| private $cache = []; | |
| private array $cache = []; |
|
|
||
| public function isAllowed($obj, string $member): bool | ||
| { | ||
| $cacheKey = get_class($obj) . "::" . $member; |
There was a problem hiding this comment.
Suggested change
| $cacheKey = get_class($obj) . "::" . $member; | |
| $cacheKey = get_class($obj).'::'.$member; |
| if ('*' === $class || $obj instanceof $class) { | ||
| foreach ($members as $allowedMember) { | ||
| if ('*' === $allowedMember) { | ||
| $this->cache[$cacheKey] = true; |
There was a problem hiding this comment.
Suggested change
| $this->cache[$cacheKey] = true; | |
| return $this->cache[$cacheKey]; |
Same below
|
|
||
| return true; | ||
| } | ||
| // if allowedMember ends with a *, check if the member starts with the allowedMember |
There was a problem hiding this comment.
Why do we only allow *to be at the end?
|
I forgot to mention that overall I'm not sold yet this is something I want in core. I very much prefer white-listing explicitly what is allowed. With |
|
Or maybe that's fine but we need to make it very clear in the docs that this should be used with caution (can you some docs for this new feature?). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Allows for flexible wildcard support in allowedMethods and allowedProperties in SecurityPolicy.
* => ['foo',...]in order to allow those methods/properties for all classes.\Foo\Bar\Baz => '*'in order to allow all methods/properties for that class.\Foo\Bar\Baz => ['get*', ...]in order to allow all Baz methods/properties that start withget.Here are some real examples of security policy items that previously had to be hardcoded that can now be expressed with wildcards: