Merge pull request #4 from andrew-demb/more-strict-validate-serialized-message

More strict check for serialized data. More clear psalm annotations usage

Author: mmasiukevich

src/Symfony/SymfonyMessageSerializer.php

@@ -92,7 +92,6 @@ public function decode(string $serializedMessage): object
     {
         try
         {
-            /** @psalm-var array{message:array<string, string|int|float|null>, namespace:class-string} $data */
             $data = $this->serializer->unserialize($serializedMessage);
 
             self::validateUnserializedData($data);
@@ -162,7 +161,7 @@ public function normalize(object $message): array
     }
 
     /**
-     * @psalm-param array{message:array<string, string|int|float|null>, namespace:class-string} $data
+     * @psalm-assert array{message:array<string, mixed>, namespace:class-string} $data
      *
      * @throws \UnexpectedValueException
      */
@@ -178,12 +177,22 @@ private static function validateUnserializedData(array $data): void
             );
         }
 
+        if (false === \is_array($data['message']))
+        {
+            throw new \UnexpectedValueException('"message" field from serialized data should be an array');
+        }
+
+        if (false === \is_string($data['namespace']))
+        {
+            throw new \UnexpectedValueException('"namespace" field from serialized data should be a string');
+        }
+
         /**
          * Let's check if the specified class exists.
          *
          * @psalm-suppress DocblockTypeContradiction
          */
-        if ($data['namespace'] === '' || \class_exists((string) $data['namespace']) === false)
+        if ($data['namespace'] === '' || \class_exists($data['namespace']) === false)
         {
             throw new \UnexpectedValueException(
                 \sprintf('Class "%s" not found', $data['namespace'])

tests/Symfony/SymfonyMessageSerializerTest.php

@@ -72,6 +72,32 @@ public static function classWithClosedConstructor(): void
         );
     }
 
+    /**
+     * @test
+     *
+     * @throws \Throwable
+     */
+    public function messageNotArray(): void
+    {
+        $this->expectException(DecodeMessageFailed::class);
+        $this->expectExceptionMessage('"message" field from serialized data should be an array');
+
+        (new SymfonyMessageSerializer())->decode(\json_encode(['message' => 'someValue', 'namespace' => \SomeClass::class]));
+    }
+
+    /**
+     * @test
+     *
+     * @throws \Throwable
+     */
+    public function namespaceNotString(): void
+    {
+        $this->expectException(DecodeMessageFailed::class);
+        $this->expectExceptionMessage('"namespace" field from serialized data should be a string');
+
+        (new SymfonyMessageSerializer())->decode(\json_encode(['message' => [], 'namespace' => new \stdClass]));
+    }
+
     /**
      * @test
      *
@@ -82,7 +108,7 @@ public function classNotFound(): void
         $this->expectException(DecodeMessageFailed::class);
         $this->expectExceptionMessage('Class "SomeClass" not found');
 
-        (new SymfonyMessageSerializer())->decode(\json_encode(['message' => 'someValue', 'namespace' => \SomeClass::class]));
+        (new SymfonyMessageSerializer())->decode(\json_encode(['message' => [], 'namespace' => \SomeClass::class]));
     }
 
     /**