minor #52497 [Webhook] check that the secret passed to RequestParser is not empty (xabbuh)

nicolas-grekas · nicolas-grekas · commit caf41fcacd65 · 2023-11-08T11:42:39.000+01:00
This PR was merged into the 6.4 branch. Discussion ---------- [Webhook] check that the secret passed to RequestParser is not empty | Q | A | ------------- | --- | Branch? | 6.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | | License | MIT Commits ------- 00aaea2 check that the secret passed to RequestParser is not empty
diff --git a/src/Symfony/Component/Webhook/Client/RequestParser.php b/src/Symfony/Component/Webhook/Client/RequestParser.php
@@ -18,6 +18,7 @@
 use Symfony\Component\HttpFoundation\RequestMatcher\MethodRequestMatcher;
 use Symfony\Component\HttpFoundation\RequestMatcherInterface;
 use Symfony\Component\RemoteEvent\RemoteEvent;
+use Symfony\Component\Webhook\Exception\InvalidArgumentException;
 use Symfony\Component\Webhook\Exception\RejectWebhookException;
 
 /**
@@ -43,6 +44,10 @@ protected function getRequestMatcher(): RequestMatcherInterface
 
     protected function doParse(Request $request, #[\SensitiveParameter] string $secret): RemoteEvent
     {
+        if (!$secret) {
+            throw new InvalidArgumentException('A non-empty secret is required.');
+        }
+
         $body = $request->toArray();
 
         foreach ([$this->signatureHeaderName, $this->eventHeaderName, $this->idHeaderName] as $header) {
