Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 6ab5fd0

Browse files
author
Martynas Narbutas
committed
[Security] AbstractVoter method supportsAttribute gives false positive if attribute is zero (0)
1 parent 5f4d8e9 commit 6ab5fd0

File tree

2 files changed

+72
-1
lines changed

2 files changed

+72
-1
lines changed

src/Symfony/Component/Security/Core/Authorization/Voter/AbstractVoter.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ abstract class AbstractVoter implements VoterInterface
2626
*/
2727
public function supportsAttribute($attribute)
2828
{
29-
return in_array($attribute, $this->getSupportedAttributes());
29+
return in_array($attribute, $this->getSupportedAttributes(), true);
3030
}
3131

3232
/**

src/Symfony/Component/Security/Core/Tests/Authorization/Voter/AbstractVoterTest.php

Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,13 +16,19 @@
1616

1717
class AbstractVoterTest extends \PHPUnit_Framework_TestCase
1818
{
19+
/**
20+
* @var TokenInterface
21+
*/
1922
protected $token;
2023

2124
protected function setUp()
2225
{
2326
$this->token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
2427
}
2528

29+
/**
30+
* @return array
31+
*/
2632
public function getTests()
2733
{
2834
return array(
@@ -53,6 +59,71 @@ public function testVote(array $attributes, $expectedVote, $object, $message)
5359

5460
$this->assertEquals($expectedVote, $voter->vote($this->token, $object, $attributes), $message);
5561
}
62+
63+
/**
64+
* @return array
65+
*/
66+
public function getSupportsAttributeData()
67+
{
68+
return array(
69+
'positive_edit' => array(
70+
'expected' => true,
71+
'attribute' => 'EDIT',
72+
'message' => 'expected TRUE given as attribute EDIT is supported',
73+
),
74+
'positive_create' => array(
75+
'expected' => true,
76+
'attribute' => 'CREATE',
77+
'message' => 'expected TRUE as given attribute CREATE is supported',
78+
),
79+
80+
'negative_read' => array(
81+
'expected' => false,
82+
'attribute' => 'READ',
83+
'message' => 'expected FALSE as given attribute READ is not supported',
84+
),
85+
'negative_random' => array(
86+
'expected' => false,
87+
'attribute' => 'random',
88+
'message' => 'expected FALSE as given attribute "random" is not supported',
89+
),
90+
'negative_string_0' => array(
91+
'expected' => false,
92+
'attribute' => '0',
93+
'message' => 'expected FALSE as given attribute "0" is not supported',
94+
),
95+
// this set of data gives false positive if in_array is not used with strict flag set to 'true'
96+
'negative_int_0' => array(
97+
'expected' => false,
98+
'attribute' => 0,
99+
'message' => 'expected FALSE as given attribute 0 is not string',
100+
),
101+
'negative_int_1' => array(
102+
'expected' => false,
103+
'attribute' => 1,
104+
'message' => 'expected FALSE as given attribute 1 is not string',
105+
),
106+
'negative_int_7' => array(
107+
'expected' => false,
108+
'attribute' => 7,
109+
'message' => 'expected FALSE as attribute 7 is not string',
110+
),
111+
);
112+
}
113+
114+
/**
115+
* @dataProvider getSupportsAttributeData
116+
*
117+
* @param bool $expected
118+
* @param string $attribute
119+
* @param string $message
120+
*/
121+
public function testSupportsAttribute($expected, $attribute, $message)
122+
{
123+
$voter = new AbstractVoterTest_Voter();
124+
125+
$this->assertEquals($expected, $voter->supportsAttribute($attribute), $message);
126+
}
56127
}
57128

58129
class AbstractVoterTest_Voter extends AbstractVoter

0 commit comments

Comments
 (0)