The Symfony Messenger component defines transports to send and receive messages, often through queueing systems like Doctrine, Redis, Amazon SQS, Beanstalkd, or AMQP.
If those queue systems are not properly secured, a malicious actor could inject forged payloads into the queue. This is particularly dangerous for messages that trigger commands or processes to run.
Although protecting your infrastructure is not Symfony's responsibility, Symfony 7.4 adds a new layer of defense. Messages can now be cryptographically signed to detect and discard any that have been tampered with.
To enable message signing, set the sign option to true in the handler
that processes the message:
1 2 3 4 5 6 7 8 9 10 11 12 13 14
// src/MessageHandler/SmsNotificationHandler.php
namespace App\MessageHandler;
use App\Message\SmsNotification;
use Symfony\Component\Messenger\Attribute\AsMessageHandler;
#[AsMessageHandler(sign: true)]
class SmsNotificationHandler
{
public function __invoke(SmsNotification $message): void
{
// ... handle message
}
}When signing is enabled, each message is signed using an HMAC signature computed
with your application's secret key (kernel.secret parameter). The signature
is added to the message headers (Body-Sign and Sign-Algo) when the
message is sent, and verified automatically when it's received.
If the signature is missing or invalid, an InvalidMessageSignatureException
is thrown and the message will not be processed.