From 411190ceea7a5711fa0e0cda81a4914d2c4899b0 Mon Sep 17 00:00:00 2001
From: Andreas Schempp <andreas.schempp@terminal42.ch>
Date: Tue, 12 Mar 2024 11:20:58 +0100
Subject: [PATCH] [Security] Correctly initialize the voter property

---
 DataCollector/SecurityDataCollector.php       |  1 +
 .../SecurityDataCollectorTest.php             | 30 +++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/DataCollector/SecurityDataCollector.php b/DataCollector/SecurityDataCollector.php
index 01eea81a..72c76964 100644
--- a/DataCollector/SecurityDataCollector.php
+++ b/DataCollector/SecurityDataCollector.php
@@ -145,6 +145,7 @@ public function collect(Request $request, Response $response, ?\Throwable $excep
         // collect voters and access decision manager information
         if ($this->accessDecisionManager instanceof TraceableAccessDecisionManager) {
             $this->data['voter_strategy'] = $this->accessDecisionManager->getStrategy();
+            $this->data['voters'] = [];
 
             foreach ($this->accessDecisionManager->getVoters() as $voter) {
                 if ($voter instanceof TraceableVoter) {
diff --git a/Tests/DataCollector/SecurityDataCollectorTest.php b/Tests/DataCollector/SecurityDataCollectorTest.php
index ae706830..ea70292f 100644
--- a/Tests/DataCollector/SecurityDataCollectorTest.php
+++ b/Tests/DataCollector/SecurityDataCollectorTest.php
@@ -400,6 +400,36 @@ public function dispatch(object $event, ?string $eventName = null): object
         $this->assertSame($dataCollector->getVoterStrategy(), $strategy, 'Wrong value returned by getVoterStrategy');
     }
 
+    public function testGetVotersIfAccessDecisionManagerHasNoVoters()
+    {
+        $strategy = MainConfiguration::STRATEGY_AFFIRMATIVE;
+
+        $accessDecisionManager = $this->createMock(TraceableAccessDecisionManager::class);
+
+        $accessDecisionManager
+            ->method('getStrategy')
+            ->willReturn($strategy);
+
+        $accessDecisionManager
+            ->method('getVoters')
+            ->willReturn([]);
+
+        $accessDecisionManager
+            ->method('getDecisionLog')
+            ->willReturn([[
+                'attributes' => ['view'],
+                'object' => new \stdClass(),
+                'result' => true,
+                'voterDetails' => [],
+            ]]);
+
+        $dataCollector = new SecurityDataCollector(null, null, null, $accessDecisionManager, null, null, true);
+
+        $dataCollector->collect(new Request(), new Response());
+
+        $this->assertEmpty($dataCollector->getVoters());
+    }
+
     public static function provideRoles(): array
     {
         return [