annotate core/lib/Drupal/Core/Template/TwigSandboxPolicy.php @ 19:fa3358dc1485 tip

Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents c2387f117808
children
rev   line source
Chris@0 1 <?php
Chris@0 2
Chris@0 3 namespace Drupal\Core\Template;
Chris@0 4
Chris@0 5 use Drupal\Core\Site\Settings;
Chris@0 6
Chris@0 7 /**
Chris@0 8 * Default sandbox policy for Twig templates.
Chris@0 9 *
Chris@0 10 * Twig's sandbox extension is usually used to evaluate untrusted code by
Chris@0 11 * limiting access to potentially unsafe properties or methods. Since we do not
Chris@0 12 * use ViewModels when passing objects to Twig templates, we limit what those
Chris@0 13 * objects can do by whitelisting certain classes, method names, and method
Chris@0 14 * names with an allowed prefix. All object properties may be accessed.
Chris@0 15 */
Chris@0 16 class TwigSandboxPolicy implements \Twig_Sandbox_SecurityPolicyInterface {
Chris@0 17
Chris@0 18 /**
Chris@0 19 * An array of whitelisted methods in the form of methodName => TRUE.
Chris@16 20 *
Chris@16 21 * @var array
Chris@0 22 */
Chris@16 23 protected $whitelisted_methods;
Chris@0 24
Chris@0 25 /**
Chris@0 26 * An array of whitelisted method prefixes -- any method starting with one of
Chris@0 27 * these prefixes will be allowed.
Chris@16 28 *
Chris@16 29 * @var array
Chris@0 30 */
Chris@16 31 protected $whitelisted_prefixes;
Chris@0 32
Chris@0 33 /**
Chris@0 34 * An array of class names for which any method calls are allowed.
Chris@16 35 *
Chris@16 36 * @var array
Chris@0 37 */
Chris@16 38 protected $whitelisted_classes;
Chris@0 39
Chris@0 40 /**
Chris@0 41 * Constructs a new TwigSandboxPolicy object.
Chris@0 42 */
Chris@0 43 public function __construct() {
Chris@0 44 // Allow settings.php to override our default whitelisted classes, methods,
Chris@0 45 // and prefixes.
Chris@0 46 $whitelisted_classes = Settings::get('twig_sandbox_whitelisted_classes', [
Chris@0 47 // Allow any operations on the Attribute object as it is intended to be
Chris@0 48 // changed from a Twig template, for example calling addClass().
Chris@0 49 'Drupal\Core\Template\Attribute',
Chris@0 50 ]);
Chris@0 51 // Flip the arrays so we can check using isset().
Chris@0 52 $this->whitelisted_classes = array_flip($whitelisted_classes);
Chris@0 53
Chris@0 54 $whitelisted_methods = Settings::get('twig_sandbox_whitelisted_methods', [
Chris@0 55 // Only allow idempotent methods.
Chris@0 56 'id',
Chris@0 57 'label',
Chris@0 58 'bundle',
Chris@0 59 'get',
Chris@0 60 '__toString',
Chris@0 61 'toString',
Chris@0 62 ]);
Chris@0 63 $this->whitelisted_methods = array_flip($whitelisted_methods);
Chris@0 64
Chris@0 65 $this->whitelisted_prefixes = Settings::get('twig_sandbox_whitelisted_prefixes', [
Chris@0 66 'get',
Chris@0 67 'has',
Chris@0 68 'is',
Chris@0 69 ]);
Chris@0 70 }
Chris@0 71
Chris@0 72 /**
Chris@0 73 * {@inheritdoc}
Chris@0 74 */
Chris@0 75 public function checkSecurity($tags, $filters, $functions) {}
Chris@0 76
Chris@0 77 /**
Chris@0 78 * {@inheritdoc}
Chris@0 79 */
Chris@0 80 public function checkPropertyAllowed($obj, $property) {}
Chris@0 81
Chris@0 82 /**
Chris@0 83 * {@inheritdoc}
Chris@0 84 */
Chris@0 85 public function checkMethodAllowed($obj, $method) {
Chris@0 86 foreach ($this->whitelisted_classes as $class => $key) {
Chris@0 87 if ($obj instanceof $class) {
Chris@0 88 return TRUE;
Chris@0 89 }
Chris@0 90 }
Chris@0 91
Chris@0 92 // Return quickly for an exact match of the method name.
Chris@0 93 if (isset($this->whitelisted_methods[$method])) {
Chris@0 94 return TRUE;
Chris@0 95 }
Chris@0 96
Chris@0 97 // If the method name starts with a whitelisted prefix, allow it.
Chris@0 98 // Note: strpos() is between 3x and 7x faster than preg_match in this case.
Chris@0 99 foreach ($this->whitelisted_prefixes as $prefix) {
Chris@0 100 if (strpos($method, $prefix) === 0) {
Chris@0 101 return TRUE;
Chris@0 102 }
Chris@0 103 }
Chris@0 104
Chris@0 105 throw new \Twig_Sandbox_SecurityError(sprintf('Calling "%s" method on a "%s" object is not allowed.', $method, get_class($obj)));
Chris@0 106 }
Chris@0 107
Chris@0 108 }