Prevent user serializing the key

jderusse · jderusse · commit 1ec0630262e6 · 2020-10-03T14:03:42.000+02:00
diff --git a/src/Symfony/Component/Lock/Exception/UnserializableKeyException.php b/src/Symfony/Component/Lock/Exception/UnserializableKeyException.php
@@ -0,0 +1,23 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Lock\Exception;
+
+/**
+ * UnserializableKeyException is thrown when the key contains state that can no
+ * be serialized and the user try to serialize it.
+ * ie. Connection with a database, flock, semaphore, ...
+ *
+ * @author Jérémy Derussé <jeremy@derusse.com>
+ */
+class UnserializableKeyException extends \RuntimeException implements ExceptionInterface
+{
+}
diff --git a/src/Symfony/Component/Lock/Key.php b/src/Symfony/Component/Lock/Key.php
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Lock;
 
+use Symfony\Component\Lock\Exception\UnserializableKeyException;
+
 /**
  * Key is a container for the state of the locks in stores.
  *
@@ -21,6 +23,7 @@ final class Key
     private $resource;
     private $expiringTime;
     private $state = [];
+    private $serializable = true;
 
     public function __construct(string $resource)
     {
@@ -52,6 +55,11 @@ public function getState(string $stateKey)
         return $this->state[$stateKey];
     }
 
+    public function markUnserializable(): void
+    {
+        $this->serializable = false;
+    }
+
     public function resetLifetime()
     {
         $this->expiringTime = null;
@@ -83,4 +91,13 @@ public function isExpired(): bool
     {
         return null !== $this->expiringTime && $this->expiringTime <= microtime(true);
     }
+
+    public function __sleep(): array
+    {
+        if (!$this->serializable) {
+            throw new UnserializableKeyException('The key can not be serialized.');
+        }
+
+        return ['resource', 'expiringTime', 'state'];
+    }
 }
diff --git a/src/Symfony/Component/Lock/Store/FlockStore.php b/src/Symfony/Component/Lock/Store/FlockStore.php
@@ -125,6 +125,7 @@ private function lock(Key $key, bool $read, bool $blocking)
         }
 
         $key->setState(__CLASS__, [$read, $handle]);
+        $key->markUnserializable();
     }
 
     /**
diff --git a/src/Symfony/Component/Lock/Store/SemaphoreStore.php b/src/Symfony/Component/Lock/Store/SemaphoreStore.php
@@ -76,6 +76,7 @@ private function lock(Key $key, bool $blocking)
         }
 
         $key->setState(__CLASS__, $resource);
+        $key->markUnserializable();
     }
 
     /**
diff --git a/src/Symfony/Component/Lock/Store/ZookeeperStore.php b/src/Symfony/Component/Lock/Store/ZookeeperStore.php
@@ -65,6 +65,7 @@ public function save(Key $key)
         $token = $this->getUniqueToken($key);
 
         $this->createNewLock($resource, $token);
+        $key->markUnserializable();
 
         $this->checkNotExpired($key);
     }
diff --git a/src/Symfony/Component/Lock/Tests/KeyTest.php b/src/Symfony/Component/Lock/Tests/KeyTest.php
@@ -0,0 +1,42 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Lock\Tests;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\Lock\Exception\UnserializableKeyException;
+use Symfony\Component\Lock\Key;
+
+/**
+ * @author Jérémy Derussé <jeremy@derusse.com>
+ */
+class KeyTest extends TestCase
+{
+    public function testSerialize()
+    {
+        $key = new Key(__METHOD__);
+        $key->reduceLifetime(1);
+        $key->setState('foo', 'bar');
+
+        $copy = unserialize(serialize($key));
+        $this->assertSame($key->getState('foo'), $copy->getState('foo'));
+        $this->assertEqualsWithDelta($key->getRemainingLifetime(), $copy->getRemainingLifetime(), 0.001);
+    }
+
+    public function testUnserialize()
+    {
+        $key = new Key(__METHOD__);
+        $key->markUnserializable();
+
+        $this->expectException(UnserializableKeyException::class);
+        serialize($key);
+    }
+}
diff --git a/src/Symfony/Component/Lock/Tests/Store/FlockStoreTest.php b/src/Symfony/Component/Lock/Tests/Store/FlockStoreTest.php
@@ -22,6 +22,7 @@ class FlockStoreTest extends AbstractStoreTest
 {
     use BlockingStoreTestTrait;
     use SharedLockStoreTestTrait;
+    use UnserializableTestTrait;
 
     /**
      * {@inheritdoc}
diff --git a/src/Symfony/Component/Lock/Tests/Store/SemaphoreStoreTest.php b/src/Symfony/Component/Lock/Tests/Store/SemaphoreStoreTest.php
@@ -23,6 +23,7 @@
 class SemaphoreStoreTest extends AbstractStoreTest
 {
     use BlockingStoreTestTrait;
+    use UnserializableTestTrait;
 
     /**
      * {@inheritdoc}
diff --git a/src/Symfony/Component/Lock/Tests/Store/UnserializableTestTrait.php b/src/Symfony/Component/Lock/Tests/Store/UnserializableTestTrait.php
@@ -0,0 +1,42 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Lock\Tests\Store;
+
+use Symfony\Component\Lock\Exception\UnserializableKeyException;
+use Symfony\Component\Lock\Key;
+use Symfony\Component\Lock\PersistingStoreInterface;
+
+/**
+ * @author Jérémy Derussé <jeremy@derusse.com>
+ */
+trait UnserializableTestTrait
+{
+    /**
+     * @see AbstractStoreTest::getStore()
+     *
+     * @return PersistingStoreInterface
+     */
+    abstract protected function getStore();
+
+    public function testUnserializableKey()
+    {
+        $store = $this->getStore();
+
+        $key = new Key(uniqid(__METHOD__, true));
+
+        $store->save($key);
+        $this->assertTrue($store->exists($key));
+
+        $this->expectException(UnserializableKeyException::class);
+        serialize($key);
+    }
+}
diff --git a/src/Symfony/Component/Lock/Tests/Store/ZookeeperStoreTest.php b/src/Symfony/Component/Lock/Tests/Store/ZookeeperStoreTest.php
@@ -23,6 +23,8 @@
  */
 class ZookeeperStoreTest extends AbstractStoreTest
 {
+    use UnserializableTestTrait;
+
     /**
      * @return ZookeeperStore
      */

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,8 @@`
`11`	`11`
`12`	`12`	`namespace Symfony\Component\Lock;`
`13`	`13`
	`14`	`+use Symfony\Component\Lock\Exception\UnserializableKeyException;`
	`15`	`+`
`14`	`16`	`/**`
`15`	`17`	`* Key is a container for the state of the locks in stores.`
`16`	`18`	`*`
`@@ -21,6 +23,7 @@ final class Key`
`21`	`23`	`private $resource;`
`22`	`24`	`private $expiringTime;`
`23`	`25`	`private $state = [];`
	`26`	`+ private $serializable = true;`
`24`	`27`
`25`	`28`	`public function __construct(string $resource)`
`26`	`29`	`{`
`@@ -52,6 +55,11 @@ public function getState(string $stateKey)`
`52`	`55`	`return $this->state[$stateKey];`
`53`	`56`	`}`
`54`	`57`
	`58`	`+ public function markUnserializable(): void`
	`59`	`+ {`
	`60`	`+ $this->serializable = false;`
	`61`	`+ }`
	`62`	`+`
`55`	`63`	`public function resetLifetime()`
`56`	`64`	`{`
`57`	`65`	`$this->expiringTime = null;`
`@@ -83,4 +91,13 @@ public function isExpired(): bool`
`83`	`91`	`{`
`84`	`92`	`return null !== $this->expiringTime && $this->expiringTime <= microtime(true);`
`85`	`93`	`}`
	`94`	`+`
	`95`	`+ public function __sleep(): array`
	`96`	`+ {`
	`97`	`+ if (!$this->serializable) {`
	`98`	`+ throw new UnserializableKeyException('The key can not be serialized.');`
	`99`	`+ }`
	`100`	`+`
	`101`	`+ return ['resource', 'expiringTime', 'state'];`
	`102`	`+ }`
`86`	`103`	`}`
Original file line number	Diff line number	Diff line change
`@@ -125,6 +125,7 @@ private function lock(Key $key, bool $read, bool $blocking)`
`125`	`125`	`}`
`126`	`126`
`127`	`127`	`$key->setState(__CLASS__, [$read, $handle]);`
	`128`	`+ $key->markUnserializable();`
`128`	`129`	`}`
`129`	`130`
`130`	`131`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -76,6 +76,7 @@ private function lock(Key $key, bool $blocking)`
`76`	`76`	`}`
`77`	`77`
`78`	`78`	`$key->setState(__CLASS__, $resource);`
	`79`	`+ $key->markUnserializable();`
`79`	`80`	`}`
`80`	`81`
`81`	`82`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,7 @@ public function save(Key $key)`
`65`	`65`	`$token = $this->getUniqueToken($key);`
`66`	`66`
`67`	`67`	`$this->createNewLock($resource, $token);`
	`68`	`+ $key->markUnserializable();`
`68`	`69`
`69`	`70`	`$this->checkNotExpired($key);`
`70`	`71`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@ class FlockStoreTest extends AbstractStoreTest`
`22`	`22`	`{`
`23`	`23`	`use BlockingStoreTestTrait;`
`24`	`24`	`use SharedLockStoreTestTrait;`
	`25`	`+ use UnserializableTestTrait;`
`25`	`26`
`26`	`27`	`/**`
`27`	`28`	`* {@inheritdoc}`
Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,7 @@`
`23`	`23`	`class SemaphoreStoreTest extends AbstractStoreTest`
`24`	`24`	`{`
`25`	`25`	`use BlockingStoreTestTrait;`
	`26`	`+ use UnserializableTestTrait;`
`26`	`27`
`27`	`28`	`/**`
`28`	`29`	`* {@inheritdoc}`
Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,8 @@`
`23`	`23`	`*/`
`24`	`24`	`class ZookeeperStoreTest extends AbstractStoreTest`
`25`	`25`	`{`
	`26`	`+ use UnserializableTestTrait;`
	`27`	`+`
`26`	`28`	`/**`
`27`	`29`	`* @return ZookeeperStore`
`28`	`30`	`*/`