[Validator][RecursiveContextualValidator] Prevent validated hash collisions

fancyweb · fancyweb · commit 6f28e2df03af · 2020-08-14T10:22:32.000+02:00
diff --git a/src/Symfony/Component/Validator/Tests/Validator/RecursiveValidatorTest.php b/src/Symfony/Component/Validator/Tests/Validator/RecursiveValidatorTest.php
@@ -12,16 +12,20 @@
 namespace Symfony\Component\Validator\Tests\Validator;
 
 use Symfony\Component\Translation\IdentityTranslator;
+use Symfony\Component\Validator\Constraint;
 use Symfony\Component\Validator\Constraints\All;
 use Symfony\Component\Validator\Constraints\Collection;
 use Symfony\Component\Validator\Constraints\GroupSequence;
+use Symfony\Component\Validator\Constraints\IsFalse;
+use Symfony\Component\Validator\Constraints\IsNull;
 use Symfony\Component\Validator\Constraints\IsTrue;
 use Symfony\Component\Validator\Constraints\Length;
 use Symfony\Component\Validator\Constraints\NotBlank;
 use Symfony\Component\Validator\Constraints\NotNull;
 use Symfony\Component\Validator\Constraints\Optional;
 use Symfony\Component\Validator\Constraints\Required;
 use Symfony\Component\Validator\Constraints\Valid;
+use Symfony\Component\Validator\ConstraintValidator;
 use Symfony\Component\Validator\ConstraintValidatorFactory;
 use Symfony\Component\Validator\Context\ExecutionContextFactory;
 use Symfony\Component\Validator\Mapping\ClassMetadata;
@@ -200,4 +204,47 @@ public function testOptionalConstraintIsIgnored()
 
         $this->assertCount(0, $violations);
     }
+
+    public function testValidatedConstraintsHashesDontCollide()
+    {
+        $metadata = new ClassMetadata(Entity::class);
+        $metadata->addPropertyConstraint('initialized', new NotNull(['groups' => 'should_pass']));
+        $metadata->addPropertyConstraint('initialized', new IsNull(['groups' => 'should_fail']));
+
+        $this->metadataFactory->addMetadata($metadata);
+
+        $entity = new Entity();
+        $entity->data = new \stdClass();
+
+        $this->assertCount(2, $this->validator->validate($entity, new TestConstraintHashesDontCollide()));
+    }
+}
+
+final class TestConstraintHashesDontCollide extends Constraint
+{
+}
+
+final class TestConstraintHashesDontCollideValidator extends ConstraintValidator
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function validate($value, Constraint $constraint)
+    {
+        if (!$value instanceof Entity) {
+            throw new \LogicException();
+        }
+
+        $this->context->getValidator()
+            ->inContext($this->context)
+            ->atPath('data')
+            ->validate($value, new NotNull())
+            ->validate($value, new NotNull())
+            ->validate($value, new IsFalse());
+
+        $this->context->getValidator()
+            ->inContext($this->context)
+            ->validate($value, null, new GroupSequence(['should_pass']))
+            ->validate($value, null, new GroupSequence(['should_fail']));
+    }
 }
diff --git a/src/Symfony/Component/Validator/Validator/RecursiveContextualValidator.php b/src/Symfony/Component/Validator/Validator/RecursiveContextualValidator.php
@@ -49,6 +49,10 @@ class RecursiveContextualValidator implements ContextualValidatorInterface
     private $validatorFactory;
     private $objectInitializers;
 
+    private $validatedObjectsReferences = [];
+    private $validatedConstraintsReferences = [];
+    private $initializedObjectsReferences = [];
+
     /**
      * Creates a validator for the given context.
      *
@@ -443,6 +447,10 @@ private function validateClassNode($object, $cacheKey, ClassMetadataInterface $m
     {
         $context->setNode($object, $object, $metadata, $propertyPath);
 
+        if (!isset($this->initializedObjectsReferences[$cacheKey])) {
+            $this->initializedObjectsReferences[$cacheKey] = $object;
+        }
+
         if (!$context->isObjectInitialized($cacheKey)) {
             foreach ($this->objectInitializers as $initializer) {
                 $initializer->initialize($object);
@@ -456,9 +464,7 @@ private function validateClassNode($object, $cacheKey, ClassMetadataInterface $m
             // to cascade the "Default" group when traversing the group
             // sequence
             $defaultOverridden = false;
-
-            // Use the object hash for group sequences
-            $groupHash = \is_object($group) ? spl_object_hash($group) : $group;
+            $groupHash = serialize($group);
 
             if ($context->isGroupValidated($cacheKey, $groupHash)) {
                 // Skip this group when validating the properties and when
@@ -803,6 +809,10 @@ private function validateInGroup($value, $cacheKey, MetadataInterface $metadata,
             // that constraints belong to multiple validated groups
             if (null !== $cacheKey) {
                 $constraintHash = spl_object_hash($constraint);
+                if (!isset($this->validatedConstraintsReferences[$constraintHash])) {
+                    $this->validatedConstraintsReferences[$constraintHash] = $constraint;
+                }
+
                 // instanceof Valid: In case of using a Valid constraint with many groups
                 // it makes a reference object get validated by each group
                 if ($constraint instanceof Composite || $constraint instanceof Valid) {
