Bug #31677
Using current.securityContext Policies.yaml entities section triggers Parser Error
Status: | Resolved | Start date: | 2011-11-08 | |
---|---|---|---|---|
Priority: | Must have | Due date: | ||
Assigned To: | - | % Done: | 100% |
|
Category: | Security | |||
Target version: | TYPO3 Flow Base Distribution - 1.1 | |||
PHP Version: | Complexity: | |||
Has patch: | No | Affected Flow version: | Git master |
Description
If you use some Content Security Rule like:
resources:
entities:
DigiComp_Fairdrive_Domain_Model_Disposition:
DigiComp_Fairdrive_ForeignDispositions: this.createdfrom != current.securityContext.party
FLOW3 will crash completely with:
: Parse error: syntax error, unexpected $end in [...]FLOW3/Data/Temporary/Development/Cache/Code/FLOW3_Object_Classes/TYPO3_FLOW3_Security_Aspect_PersistenceQueryRewritingAspect_Original.php(374) : eval()'d code
Related issues
Associated revisions
[BUGFIX] Fix content security current.globalObject expansion
Using for example current.securityContext in Policy.yaml made
FLOW3 crash completely in "eval'd" code.
This fixes the crash and removes the eval code by using the
TYPO3\FLOW3\Object\ObjectManager.
Change-Id: I0a5e0b13339b8571ef043da7dbe34b1c9285deed
Fixes: #31677
Releases: 1.1
History
#1 Updated by Mr. Hudson over 3 years ago
- Status changed from New to Under Review
Patch set 1 of change I0a5e0b13339b8571ef043da7dbe34b1c9285deed has been pushed to the review server.
It is available at http://review.typo3.org/6596
#2 Updated by Mr. Hudson over 3 years ago
Patch set 2 of change I0a5e0b13339b8571ef043da7dbe34b1c9285deed has been pushed to the review server.
It is available at http://review.typo3.org/6596
#3 Updated by Mr. Hudson over 3 years ago
Patch set 3 of change I0a5e0b13339b8571ef043da7dbe34b1c9285deed has been pushed to the review server.
It is available at http://review.typo3.org/6596
#4 Updated by Mr. Hudson over 3 years ago
Patch set 4 of change I0a5e0b13339b8571ef043da7dbe34b1c9285deed has been pushed to the review server.
It is available at http://review.typo3.org/6596
#5 Updated by Christopher Hlubek over 3 years ago
Moving over the test discussion here:
We already have functional tests for persistence with entities and repositories in the TYPO3\FLOW3\Tests\Functional\Persistence\Fixtures
namespace. Also the Configuration in TYPO3.FLOW3/Configuration/Testing/Policy.yaml
could be used for testing (with some comment about the usage).
I think a functional test for content security would best go into a new testcase TYPO3\FLOW3\Tests\Functional\Security\ContentSecurityTest
. Take a look at the MethodSecurityTest
for a hint about how to authorize different roles in a functional test.
To run a functional test you have to use the FunctionalTests.xml
PHPUnit configuration in Build/Common/PhpUnit
. For example in the FLOW3 package directory you can call phpunit -c ../../../Build/Common/PhpUnit/FunctionalTests.xml Tests/Functional
to run the functional tests.
The test should first cause the error (without your change) and then pass after your fix.
#6 Updated by Gerrit Code Review over 3 years ago
Patch set 5 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596
#7 Updated by Gerrit Code Review over 3 years ago
Patch set 6 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596
#8 Updated by Gerrit Code Review over 3 years ago
Patch set 7 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596
#9 Updated by Gerrit Code Review over 3 years ago
Patch set 8 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596
#10 Updated by Gerrit Code Review over 3 years ago
Patch set 9 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596
#11 Updated by Gerrit Code Review over 3 years ago
Patch set 10 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596
#12 Updated by Rens Admiraal over 3 years ago
- Target version set to 1.1
#13 Updated by Gerrit Code Review over 3 years ago
Patch set 11 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596
#14 Updated by Gerrit Code Review over 3 years ago
Patch set 12 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596
#15 Updated by Gerrit Code Review over 3 years ago
Patch set 13 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596
#16 Updated by Ferdinand Kuhl over 3 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset a5a90def350b789e0758982b97bd9d27b20576a5.