-
Notifications
You must be signed in to change notification settings - Fork 96
Description
Since Symfony 3.4, services are private by default. However, the XmlServiceMapFactory
still assumes that a service is public if the public
attribute hasn't been set:
phpstan-symfony/src/Symfony/XmlServiceMapFactory.php
Lines 48 to 54 in a6d87e0
$service = new Service( | |
strpos((string) $attrs->id, '.') === 0 ? substr((string) $attrs->id, 1) : (string) $attrs->id, | |
isset($attrs->class) ? (string) $attrs->class : null, | |
!isset($attrs->public) || (string) $attrs->public !== 'false', | |
isset($attrs->synthetic) && (string) $attrs->synthetic === 'true', | |
isset($attrs->alias) ? (string) $attrs->alias : null | |
); |
(the 3rd argument of the Service
constructor is bool $public
).
This means that the ContainerInterfacePrivateServiceRule
will only report private services if they are explicitly marked as private in their service configuration, but not if they are implicitly private.
In order to correctly report private services being fetched from the container, this logic should be reversed so that a service without a public
flag is considered private:
$service = new Service(
// ...
isset($attrs->public) && (string) $attrs->public !== 'false',
// ...
);
That will result in false positives for Symfony versions < 3.4, but those versions are no longer supported by Symfony itself. Alternatively, the XmlServiceMapFactory
would have to determine the Symfony version and switch it's logic based on that, but I'm not sure if that's even possible...