security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized (nicolas-grekas)

nicolas-grekas · nicolas-grekas · commit a43a2f6c465a · 2019-04-16T11:03:16.000+02:00
This PR was merged into the 3.4 branch. Discussion ---------- [Cache][PHPUnit Bridge] Prevent destructors with side-effects from being unserialized | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - Reported for `FilesystemCommonTrait` at https://www.intigriti.com/company/submission/CfDJ8Pja6NZvkpNCmx5vVyiGSn7yW8c1j4H0-cnAhIk6fbstOMm028X-XD1kmSuQkGB2n0cRyyVrA2yAiLN_I0EVilaKVLSiSa0UXZJGfN1h85vmk5c2dBBpu619r1YQEIjcXA Commits ------- 4fb9752816 Prevent destructors with side-effects from being unserialized
diff --git a/Legacy/SymfonyTestsListenerTrait.php b/Legacy/SymfonyTestsListenerTrait.php
@@ -83,6 +83,16 @@ public function __construct(array $mockedNamespaces = array())
         }
     }
 
+    public function __sleep()
+    {
+        throw new \BadMethodCallException('Cannot serialize '.__CLASS__);
+    }
+
+    public function __wakeup()
+    {
+        throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);
+    }
+
     public function __destruct()
     {
         if (0 < $this->state) {

Original file line number	Diff line number	Diff line change
`@@ -83,6 +83,16 @@ public function __construct(array $mockedNamespaces = array())`
`83`	`83`	`}`
`84`	`84`	`}`
`85`	`85`
	`86`	`+ public function __sleep()`
	`87`	`+ {`
	`88`	`+ throw new \BadMethodCallException('Cannot serialize '.__CLASS__);`
	`89`	`+ }`
	`90`	`+`
	`91`	`+ public function __wakeup()`
	`92`	`+ {`
	`93`	`+ throw new \BadMethodCallException('Cannot unserialize '.__CLASS__);`
	`94`	`+ }`
	`95`	`+`
`86`	`96`	`public function __destruct()`
`87`	`97`	`{`
`88`	`98`	`if (0 < $this->state) {`