Skip to content

ContainerInterfacePrivateServiceRule should report services that are implicitly private #75

@nicwortel

Description

@nicwortel

Since Symfony 3.4, services are private by default. However, the XmlServiceMapFactory still assumes that a service is public if the public attribute hasn't been set:

$service = new Service(
strpos((string) $attrs->id, '.') === 0 ? substr((string) $attrs->id, 1) : (string) $attrs->id,
isset($attrs->class) ? (string) $attrs->class : null,
!isset($attrs->public) || (string) $attrs->public !== 'false',
isset($attrs->synthetic) && (string) $attrs->synthetic === 'true',
isset($attrs->alias) ? (string) $attrs->alias : null
);

(the 3rd argument of the Service constructor is bool $public).

This means that the ContainerInterfacePrivateServiceRule will only report private services if they are explicitly marked as private in their service configuration, but not if they are implicitly private.

In order to correctly report private services being fetched from the container, this logic should be reversed so that a service without a public flag is considered private:

$service = new Service(
	// ...
	isset($attrs->public) && (string) $attrs->public !== 'false',
	// ...
);

That will result in false positives for Symfony versions < 3.4, but those versions are no longer supported by Symfony itself. Alternatively, the XmlServiceMapFactory would have to determine the Symfony version and switch it's logic based on that, but I'm not sure if that's even possible...

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions