feature #23888 [DI] Validate env vars in config (ro0NL)

nicolas-grekas · nicolas-grekas · commit 95bb67b2196e · 2018-03-27T08:02:10.000+02:00
This PR was squashed before being merged into the 4.1-dev branch (closes #23888). Discussion ---------- [DI] Validate env vars in config | Q | A | ------------- | --- | Branch? | 4.1/master | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #22151, #25868 | License | MIT | Doc PR | symfony/symfony-docs#8382 This PR registers the env placeholders in `Config\BaseNode` with its default value or an empty string. It doesnt request real env vars during compilation, What it does is if a config value exactly matches a env placeholder, we validate/normalize the default value/empty string but we keep returning the env placeholder as usual. If a placeholder occurs in the middle of a string it also proceeds as usual. The latter to me is OK as you need to expect any string value during runtime anyway, including the empty string. Commits ------- 2c74fbc [DI] Validate env vars in config
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ CHANGELOG
  * added PSR-11 `ContainerBagInterface` and its `ContainerBag` implementation to access parameters as-a-service
  * added support for service's decorators autowiring
  * deprecated the `TypedReference::canBeAutoregistered()` and  `TypedReference::getRequiringClass()` methods
+ * environment variables are validated when used in extension configuration
 
 4.0.0
 -----
diff --git a/Compiler/MergeExtensionConfigurationPass.php b/Compiler/MergeExtensionConfigurationPass.php
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\DependencyInjection\Compiler;
 
+use Symfony\Component\Config\Definition\BaseNode;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Exception\LogicException;
 use Symfony\Component\DependencyInjection\Exception\RuntimeException;
@@ -37,6 +38,7 @@ public function process(ContainerBuilder $container)
         $definitions = $container->getDefinitions();
         $aliases = $container->getAliases();
         $exprLangProviders = $container->getExpressionLanguageProviders();
+        $configAvailable = class_exists(BaseNode::class);
 
         foreach ($container->getExtensions() as $extension) {
             if ($extension instanceof PrependExtensionInterface) {
@@ -53,6 +55,9 @@ public function process(ContainerBuilder $container)
             if ($resolvingBag instanceof EnvPlaceholderParameterBag && $extension instanceof Extension) {
                 // create a dedicated bag so that we can track env vars per-extension
                 $resolvingBag = new MergeExtensionConfigurationParameterBag($resolvingBag);
+                if ($configAvailable) {
+                    BaseNode::setPlaceholderUniquePrefix($resolvingBag->getEnvPlaceholderUniquePrefix());
+                }
             }
             $config = $resolvingBag->resolveValue($config);
 
@@ -75,6 +80,10 @@ public function process(ContainerBuilder $container)
                 }
 
                 throw $e;
+            } finally {
+                if ($configAvailable) {
+                    BaseNode::resetPlaceholders();
+                }
             }
 
             if ($resolvingBag instanceof MergeExtensionConfigurationParameterBag) {
@@ -132,6 +141,11 @@ public function getEnvPlaceholders()
     {
         return null !== $this->processedEnvPlaceholders ? $this->processedEnvPlaceholders : parent::getEnvPlaceholders();
     }
+
+    public function getUnusedEnvPlaceholders(): array
+    {
+        return null === $this->processedEnvPlaceholders ? array() : array_diff_key(parent::getEnvPlaceholders(), $this->processedEnvPlaceholders);
+    }
 }
 
 /**
diff --git a/Compiler/PassConfig.php b/Compiler/PassConfig.php
@@ -49,6 +49,7 @@ public function __construct()
         );
 
         $this->optimizationPasses = array(array(
+            new ValidateEnvPlaceholdersPass(),
             new ResolveChildDefinitionsPass(),
             new ServiceLocatorTagPass(),
             new DecoratorServicePass(),
diff --git a/Compiler/ValidateEnvPlaceholdersPass.php b/Compiler/ValidateEnvPlaceholdersPass.php
@@ -0,0 +1,100 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\DependencyInjection\Compiler;
+
+use Symfony\Component\Config\Definition\BaseNode;
+use Symfony\Component\Config\Definition\Processor;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Exception\LogicException;
+use Symfony\Component\DependencyInjection\Extension\ConfigurationExtensionInterface;
+use Symfony\Component\DependencyInjection\ParameterBag\EnvPlaceholderParameterBag;
+use Symfony\Component\DependencyInjection\ParameterBag\ParameterBag;
+
+/**
+ * Validates environment variable placeholders used in extension configuration with dummy values.
+ *
+ * @author Roland Franssen <franssen.roland@gmail.com>
+ */
+class ValidateEnvPlaceholdersPass implements CompilerPassInterface
+{
+    private static $typeFixtures = array('array' => array(), 'bool' => false, 'float' => 0.0, 'int' => 0, 'string' => '');
+
+    /**
+     * {@inheritdoc}
+     */
+    public function process(ContainerBuilder $container)
+    {
+        if (!class_exists(BaseNode::class) || !$extensions = $container->getExtensions()) {
+            return;
+        }
+
+        $resolvingBag = $container->getParameterBag();
+        if (!$resolvingBag instanceof EnvPlaceholderParameterBag) {
+            return;
+        }
+
+        $defaultBag = new ParameterBag($container->getParameterBag()->all());
+        $envTypes = $resolvingBag->getProvidedTypes();
+        try {
+            foreach ($resolvingBag->getEnvPlaceholders() + $resolvingBag->getUnusedEnvPlaceholders() as $env => $placeholders) {
+                $prefix = (false === $i = strpos($env, ':')) ? 'string' : substr($env, 0, $i);
+                $types = $envTypes[$prefix] ?? array('string');
+                $default = ($hasEnv = (false === $i && $defaultBag->has("env($env)"))) ? $defaultBag->get("env($env)") : null;
+
+                if (null !== $default && !in_array($type = self::getType($default), $types, true)) {
+                    throw new LogicException(sprintf('Invalid type for env parameter "env(%s)". Expected "%s", but got "%s".', $env, implode('", "', $types), $type));
+                }
+
+                $values = array();
+                foreach ($types as $type) {
+                    $values[$type] = $hasEnv ? $default : self::$typeFixtures[$type] ?? null;
+                }
+                foreach ($placeholders as $placeholder) {
+                    BaseNode::setPlaceholder($placeholder, $values);
+                }
+            }
+
+            $processor = new Processor();
+
+            foreach ($extensions as $name => $extension) {
+                if (!$extension instanceof ConfigurationExtensionInterface || !$config = $container->getExtensionConfig($name)) {
+                    // this extension has no semantic configuration or was not called
+                    continue;
+                }
+
+                $config = $resolvingBag->resolveValue($config);
+
+                if (null === $configuration = $extension->getConfiguration($config, $container)) {
+                    continue;
+                }
+
+                $processor->processConfiguration($configuration, $config);
+            }
+        } finally {
+            BaseNode::resetPlaceholders();
+        }
+    }
+
+    private static function getType($value): string
+    {
+        switch ($type = \gettype($value)) {
+            case 'boolean':
+                return 'bool';
+            case 'double':
+                return 'float';
+            case 'integer':
+                return 'int';
+        }
+
+        return $type;
+    }
+}
diff --git a/ParameterBag/EnvPlaceholderParameterBag.php b/ParameterBag/EnvPlaceholderParameterBag.php
@@ -19,7 +19,9 @@
  */
 class EnvPlaceholderParameterBag extends ParameterBag
 {
+    private $envPlaceholderUniquePrefix;
     private $envPlaceholders = array();
+    private $unusedEnvPlaceholders = array();
     private $providedTypes = array();
 
     /**
@@ -35,6 +37,11 @@ public function get($name)
                     return $placeholder; // return first result
                 }
             }
+            if (isset($this->unusedEnvPlaceholders[$env])) {
+                foreach ($this->unusedEnvPlaceholders[$env] as $placeholder) {
+                    return $placeholder; // return first result
+                }
+            }
             if (!preg_match('/^(?:\w++:)*+\w++$/', $env)) {
                 throw new InvalidArgumentException(sprintf('Invalid %s name: only "word" characters are allowed.', $name));
             }
@@ -48,7 +55,7 @@ public function get($name)
             }
 
             $uniqueName = md5($name.uniqid(mt_rand(), true));
-            $placeholder = sprintf('env_%s_%s', str_replace(':', '_', $env), $uniqueName);
+            $placeholder = sprintf('%s_%s_%s', $this->getEnvPlaceholderUniquePrefix(), str_replace(':', '_', $env), $uniqueName);
             $this->envPlaceholders[$env][$placeholder] = $placeholder;
 
             return $placeholder;
@@ -57,6 +64,14 @@ public function get($name)
         return parent::get($name);
     }
 
+    /**
+     * Gets the common env placeholder prefix for env vars created by this bag.
+     */
+    public function getEnvPlaceholderUniquePrefix(): string
+    {
+        return $this->envPlaceholderUniquePrefix ?? $this->envPlaceholderUniquePrefix = 'env_'.bin2hex(random_bytes(8));
+    }
+
     /**
      * Returns the map of env vars used in the resolved parameter values to their placeholders.
      *
@@ -67,6 +82,11 @@ public function getEnvPlaceholders()
         return $this->envPlaceholders;
     }
 
+    public function getUnusedEnvPlaceholders(): array
+    {
+        return $this->unusedEnvPlaceholders;
+    }
+
     /**
      * Merges the env placeholders of another EnvPlaceholderParameterBag.
      */
@@ -79,6 +99,14 @@ public function mergeEnvPlaceholders(self $bag)
                 $this->envPlaceholders[$env] += $placeholders;
             }
         }
+
+        if ($newUnusedPlaceholders = $bag->getUnusedEnvPlaceholders()) {
+            $this->unusedEnvPlaceholders += $newUnusedPlaceholders;
+
+            foreach ($newUnusedPlaceholders as $env => $placeholders) {
+                $this->unusedEnvPlaceholders[$env] += $placeholders;
+            }
+        }
     }
 
     /**
diff --git a/Tests/Compiler/ValidateEnvPlaceholdersPassTest.php b/Tests/Compiler/ValidateEnvPlaceholdersPassTest.php
diff --git a/composer.json b/composer.json
