security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors …

…with side-effects from being unserialized (nicolas-grekas) This PR was merged into the 3.4 branch. Discussion ---------- [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - Reported for `FilesystemCommonTrait` at https://www.intigriti.com/company/submission/CfDJ8Pja6NZvkpNCmx5vVyiGSn7yW8c1j4H0-cnAhIk6fbstOMm028X-XD1kmSuQkGB2n0cRyyVrA2yAiLN_I0EVilaKVLSiSa0UXZJGfN1h85vmk5c2dBBpu619r1YQEIjcXA Commits ------- 4fb9752 Prevent destructors with side-effects from being unserialized
symfony · Apr 16, 2019 · d77e445 · d77e445
2 parents 0a4ed67 + 4fb9752
commit d77e445
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 0 deletions.
diff --git a/src/Symfony/Bridge/PhpUnit/Legacy/SymfonyTestsListenerTrait.php b/src/Symfony/Bridge/PhpUnit/Legacy/SymfonyTestsListenerTrait.php
@@ -83,6 +83,16 @@ public function __construct(array $mockedNamespaces = array())
         }
     }
 
+    public function __sleep()
+    {
+        throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
+    }
+
+    public function __wakeup()
+    {
+        throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
+    }
+
     public function __destruct()
     {
         if (0 < $this->state) {

diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Kernel/ConcreteMicroKernel.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Kernel/ConcreteMicroKernel.php
@@ -64,6 +64,16 @@ public function getLogDir()
         return $this->cacheDir;
     }
 
+    public function __sleep()
+    {
+        throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
+    }
+
+    public function __wakeup()
+    {
+        throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
+    }
+
     public function __destruct()
     {
         $fs = new Filesystem();

diff --git a/src/Symfony/Component/Cache/Traits/FilesystemCommonTrait.php b/src/Symfony/Component/Cache/Traits/FilesystemCommonTrait.php
@@ -116,6 +116,16 @@ public static function throwError($type, $message, $file, $line)
         throw new \ErrorException($message, 0, $type, $file, $line);
     }
 
+    public function __sleep()
+    {
+        throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
+    }
+
+    public function __wakeup()
+    {
+        throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
+    }
+
     public function __destruct()
     {
         if (method_exists(parent::class, '__destruct')) {