Skip to content

Commit

Permalink
bug #34383 [DI] Use reproducible entropy to generate env placeholders…
Browse files Browse the repository at this point in the history 
… (nicolas-grekas)

This PR was merged into the 4.3 branch.

Discussion
----------

[DI] Use reproducible entropy to generate env placeholders

| Q             | A
| ------------- | ---
| Branch?       | 4.3
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | -
| License       | MIT
| Doc PR        | -

Bound arguments typically reference env vars, which are turned into random placeholders right now.
When this randomness is used in a hash to generate the internal name of a service locator, the hash is totally random.

This breaks reproducible builds.

This PR replaces true randomness with reproducible entropy.

Commits
-------

600ae33 [DI] Use reproducible entropy to generate env placeholders
  • Loading branch information
@fabpot
fabpot committed Nov 15, 2019
2 parents d863fc2 + 600ae33 commit 8522a88
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions src/Symfony/Component/DependencyInjection/ParameterBag/EnvPlaceholderParameterBag.php
View file
Expand Up @@ -24,6 +24,8 @@ class EnvPlaceholderParameterBag extends ParameterBag
private $unusedEnvPlaceholders = [];
private $providedTypes = [];

private static $counter = 0;

/**
* {@inheritdoc}
*/
Expand Down Expand Up @@ -57,7 +59,7 @@ public function get($name)
}
}

$uniqueName = md5($name.uniqid(mt_rand(), true));
$uniqueName = md5($name.'_'.self::$counter++);
$placeholder = sprintf('%s_%s_%s', $this->getEnvPlaceholderUniquePrefix(), str_replace(':', '_', $env), $uniqueName);
$this->envPlaceholders[$env][$placeholder] = $placeholder;

Expand All @@ -72,7 +74,13 @@ public function get($name)
*/
public function getEnvPlaceholderUniquePrefix(): string
{
return $this->envPlaceholderUniquePrefix ?? $this->envPlaceholderUniquePrefix = 'env_'.bin2hex(random_bytes(8));
if (null === $this->envPlaceholderUniquePrefix) {
$reproducibleEntropy = unserialize(serialize($this->parameters));
array_walk_recursive($reproducibleEntropy, function (&$v) { $v = null; });
$this->envPlaceholderUniquePrefix = 'env_'.substr(md5(serialize($reproducibleEntropy)), -16);
}

return $this->envPlaceholderUniquePrefix;
}

/**
Expand Down

0 comments on commit 8522a88

Please sign in to comment.