From 13714a9f34b48c551fd2900c0834803e0bf040a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Wed, 15 Jun 2022 16:48:58 +0200
Subject: [PATCH] Apply PHP 8.2's `SensitiveParameter` attribute to all string
parameters
---
psalm.xml | 10 +++++
src/Base32.php | 55 +++++++++++++++++-------
src/Base64.php | 32 +++++++++-----
src/Binary.php | 7 ++-
src/Encoding.php | 108 +++++++++++++++++++++++++++++++----------------
src/Hex.php | 13 ++++--
src/RFC4648.php | 62 ++++++++++++++++++---------
7 files changed, 198 insertions(+), 89 deletions(-)
diff --git a/psalm.xml b/psalm.xml
index 287c81d..263dae4 100644
--- a/psalm.xml
+++ b/psalm.xml
@@ -11,5 +11,15 @@
</projectFiles>
<issueHandlers>
<UnnecessaryVarAnnotation errorLevel="info" />
+ <UndefinedAttributeClass>
+ <errorLevel type="suppress">
+ <!--
+ The SensitiveParameter attribute was introduced in PHP 8.2. It is fully backwards compatible
+ and non-essential for correct functionality of this library. It protects any passed strings
+ from ending up in error logs.
+ -->
+ <referencedClass name="SensitiveParameter" />
+ </errorLevel>
+ </UndefinedAttributeClass>
</issueHandlers>
</psalm>
diff --git a/src/Base32.php b/src/Base32.php
index 7508b3d..8b634d2 100644
--- a/src/Base32.php
+++ b/src/Base32.php
@@ -44,8 +44,11 @@ abstract class Base32 implements EncoderInterface
* @param bool $strictPadding
* @return string
*/
- public static function decode(string $encodedString, bool $strictPadding = false): string
- {
+ public static function decode(
+ #[\SensitiveParameter]
+ string $encodedString,
+ bool $strictPadding = false
+ ): string {
return static::doDecode($encodedString, false, $strictPadding);
}
@@ -56,8 +59,11 @@ abstract class Base32 implements EncoderInterface
* @param bool $strictPadding
* @return string
*/
- public static function decodeUpper(string $src, bool $strictPadding = false): string
- {
+ public static function decodeUpper(
+ #[\SensitiveParameter]
+ string $src,
+ bool $strictPadding = false
+ ): string {
return static::doDecode($src, true, $strictPadding);
}
@@ -68,10 +74,13 @@ abstract class Base32 implements EncoderInterface
* @return string
* @throws TypeError
*/
- public static function encode(string $binString): string
- {
+ public static function encode(
+ #[\SensitiveParameter]
+ string $binString
+ ): string {
return static::doEncode($binString, false, true);
}
+
/**
* Encode into Base32 (RFC 4648)
*
@@ -79,8 +88,10 @@ abstract class Base32 implements EncoderInterface
* @return string
* @throws TypeError
*/
- public static function encodeUnpadded(string $src): string
- {
+ public static function encodeUnpadded(
+ #[\SensitiveParameter]
+ string $src
+ ): string {
return static::doEncode($src, false, false);
}
@@ -91,8 +102,10 @@ abstract class Base32 implements EncoderInterface
* @return string
* @throws TypeError
*/
- public static function encodeUpper(string $src): string
- {
+ public static function encodeUpper(
+ #[\SensitiveParameter]
+ string $src
+ ): string {
return static::doEncode($src, true, true);
}
@@ -103,8 +116,10 @@ abstract class Base32 implements EncoderInterface
* @return string
* @throws TypeError
*/
- public static function encodeUpperUnpadded(string $src): string
- {
+ public static function encodeUpperUnpadded(
+ #[\SensitiveParameter]
+ string $src
+ ): string {
return static::doEncode($src, true, false);
}
@@ -191,8 +206,11 @@ abstract class Base32 implements EncoderInterface
* @param bool $upper
* @return string
*/
- public static function decodeNoPadding(string $encodedString, bool $upper = false): string
- {
+ public static function decodeNoPadding(
+ #[\SensitiveParameter]
+ string $encodedString,
+ bool $upper = false
+ ): string {
$srcLen = Binary::safeStrlen($encodedString);
if ($srcLen === 0) {
return '';
@@ -225,6 +243,7 @@ abstract class Base32 implements EncoderInterface
* @psalm-suppress RedundantCondition
*/
protected static function doDecode(
+ #[\SensitiveParameter]
string $src,
bool $upper = false,
bool $strictPadding = false
@@ -434,8 +453,12 @@ abstract class Base32 implements EncoderInterface
* @return string
* @throws TypeError
*/
- protected static function doEncode(string $src, bool $upper = false, $pad = true): string
- {
+ protected static function doEncode(
+ #[\SensitiveParameter]
+ string $src,
+ bool $upper = false,
+ $pad = true
+ ): string {
// We do this to reduce code duplication:
$method = $upper
? 'encode5BitsUpper'
diff --git a/src/Base64.php b/src/Base64.php
index f571617..5bf91f3 100644
--- a/src/Base64.php
+++ b/src/Base64.php
@@ -47,8 +47,10 @@ abstract class Base64 implements EncoderInterface
*
* @throws TypeError
*/
- public static function encode(string $binString): string
- {
+ public static function encode(
+ #[\SensitiveParameter]
+ string $binString
+ ): string {
return static::doEncode($binString, true);
}
@@ -62,8 +64,10 @@ abstract class Base64 implements EncoderInterface
*
* @throws TypeError
*/
- public static function encodeUnpadded(string $src): string
- {
+ public static function encodeUnpadded(
+ #[\SensitiveParameter]
+ string $src
+ ): string {
return static::doEncode($src, false);
}
@@ -74,8 +78,11 @@ abstract class Base64 implements EncoderInterface
*
* @throws TypeError
*/
- protected static function doEncode(string $src, bool $pad = true): string
- {
+ protected static function doEncode(
+ #[\SensitiveParameter]
+ string $src,
+ bool $pad = true
+ ): string {
$dest = '';
$srcLen = Binary::safeStrlen($src);
// Main loop (no padding):
@@ -131,8 +138,11 @@ abstract class Base64 implements EncoderInterface
* @throws TypeError
* @psalm-suppress RedundantCondition
*/
- public static function decode(string $encodedString, bool $strictPadding = false): string
- {
+ public static function decode(
+ #[\SensitiveParameter]
+ string $encodedString,
+ bool $strictPadding = false
+ ): string {
// Remove padding
$srcLen = Binary::safeStrlen($encodedString);
if ($srcLen === 0) {
@@ -227,8 +237,10 @@ abstract class Base64 implements EncoderInterface
* @param string $encodedString
* @return string
*/
- public static function decodeNoPadding(string $encodedString): string
- {
+ public static function decodeNoPadding(
+ #[\SensitiveParameter]
+ string $encodedString
+ ): string {
$srcLen = Binary::safeStrlen($encodedString);
if ($srcLen === 0) {
return '';
diff --git a/src/Binary.php b/src/Binary.php
index 828f3e0..5368e4b 100644
--- a/src/Binary.php
+++ b/src/Binary.php
@@ -45,8 +45,10 @@ abstract class Binary
* @param string $str
* @return int
*/
- public static function safeStrlen(string $str): int
- {
+ public static function safeStrlen(
+ #[\SensitiveParameter]
+ string $str
+ ): int {
if (\function_exists('mb_strlen')) {
// mb_strlen in PHP 7.x can return false.
/** @psalm-suppress RedundantCast */
@@ -70,6 +72,7 @@ abstract class Binary
* @throws TypeError
*/
public static function safeSubstr(
+ #[\SensitiveParameter]
string $str,
int $start = 0,
$length = null
diff --git a/src/Encoding.php b/src/Encoding.php
index 8649f31..8b7e387 100644
--- a/src/Encoding.php
+++ b/src/Encoding.php
@@ -40,8 +40,10 @@ abstract class Encoding
* @return string
* @throws TypeError
*/
- public static function base32Encode(string $str): string
- {
+ public static function base32Encode(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base32::encode($str);
}
@@ -52,8 +54,10 @@ abstract class Encoding
* @return string
* @throws TypeError
*/
- public static function base32EncodeUpper(string $str): string
- {
+ public static function base32EncodeUpper(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base32::encodeUpper($str);
}
@@ -64,8 +68,10 @@ abstract class Encoding
* @return string
* @throws TypeError
*/
- public static function base32Decode(string $str): string
- {
+ public static function base32Decode(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base32::decode($str);
}
@@ -76,8 +82,10 @@ abstract class Encoding
* @return string
* @throws TypeError
*/
- public static function base32DecodeUpper(string $str): string
- {
+ public static function base32DecodeUpper(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base32::decodeUpper($str);
}
@@ -88,8 +96,10 @@ abstract class Encoding
* @return string
* @throws TypeError
*/
- public static function base32HexEncode(string $str): string
- {
+ public static function base32HexEncode(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base32Hex::encode($str);
}
@@ -100,8 +110,10 @@ abstract class Encoding
* @return string
* @throws TypeError
*/
- public static function base32HexEncodeUpper(string $str): string
- {
+ public static function base32HexEncodeUpper(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base32Hex::encodeUpper($str);
}
@@ -112,8 +124,10 @@ abstract class Encoding
* @return string
* @throws TypeError
*/
- public static function base32HexDecode(string $str): string
- {
+ public static function base32HexDecode(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base32Hex::decode($str);
}
@@ -124,8 +138,10 @@ abstract class Encoding
* @return string
* @throws TypeError
*/
- public static function base32HexDecodeUpper(string $str): string
- {
+ public static function base32HexDecodeUpper(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base32Hex::decodeUpper($str);
}
@@ -136,8 +152,10 @@ abstract class Encoding
* @return string
* @throws TypeError
*/
- public static function base64Encode(string $str): string
- {
+ public static function base64Encode(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base64::encode($str);
}
@@ -148,8 +166,10 @@ abstract class Encoding
* @return string
* @throws TypeError
*/
- public static function base64Decode(string $str): string
- {
+ public static function base64Decode(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base64::decode($str);
}
@@ -161,8 +181,10 @@ abstract class Encoding
* @return string
* @throws TypeError
*/
- public static function base64EncodeDotSlash(string $str): string
- {
+ public static function base64EncodeDotSlash(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base64DotSlash::encode($str);
}
@@ -176,8 +198,10 @@ abstract class Encoding
* @throws \RangeException
* @throws TypeError
*/
- public static function base64DecodeDotSlash(string $str): string
- {
+ public static function base64DecodeDotSlash(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base64DotSlash::decode($str);
}
@@ -189,8 +213,10 @@ abstract class Encoding
* @return string
* @throws TypeError
*/
- public static function base64EncodeDotSlashOrdered(string $str): string
- {
+ public static function base64EncodeDotSlashOrdered(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base64DotSlashOrdered::encode($str);
}
@@ -204,8 +230,10 @@ abstract class Encoding
* @throws \RangeException
* @throws TypeError
*/
- public static function base64DecodeDotSlashOrdered(string $str): string
- {
+ public static function base64DecodeDotSlashOrdered(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base64DotSlashOrdered::decode($str);
}
@@ -217,8 +245,10 @@ abstract class Encoding
* @return string
* @throws TypeError
*/
- public static function hexEncode(string $bin_string): string
- {
+ public static function hexEncode(
+ #[\SensitiveParameter]
+ string $bin_string
+ ): string {
return Hex::encode($bin_string);
}
@@ -230,8 +260,10 @@ abstract class Encoding
* @return string (raw binary)
* @throws \RangeException
*/
- public static function hexDecode(string $hex_string): string
- {
+ public static function hexDecode(
+ #[\SensitiveParameter]
+ string $hex_string
+ ): string {
return Hex::decode($hex_string);
}
@@ -243,8 +275,10 @@ abstract class Encoding
* @return string
* @throws TypeError
*/
- public static function hexEncodeUpper(string $bin_string): string
- {
+ public static function hexEncodeUpper(
+ #[\SensitiveParameter]
+ string $bin_string
+ ): string {
return Hex::encodeUpper($bin_string);
}
@@ -255,8 +289,10 @@ abstract class Encoding
* @param string $bin_string (raw binary)
* @return string
*/
- public static function hexDecodeUpper(string $bin_string): string
- {
+ public static function hexDecodeUpper(
+ #[\SensitiveParameter]
+ string $bin_string
+ ): string {
return Hex::decode($bin_string);
}
}
diff --git a/src/Hex.php b/src/Hex.php
index a9e058c..97c2046 100644
--- a/src/Hex.php
+++ b/src/Hex.php
@@ -42,8 +42,10 @@ abstract class Hex implements EncoderInterface
* @return string
* @throws TypeError
*/
- public static function encode(string $binString): string
- {
+ public static function encode(
+ #[\SensitiveParameter]
+ string $binString
+ ): string {
$hex = '';
$len = Binary::safeStrlen($binString);
for ($i = 0; $i < $len; ++$i) {
@@ -69,8 +71,10 @@ abstract class Hex implements EncoderInterface
* @return string
* @throws TypeError
*/
- public static function encodeUpper(string $binString): string
- {
+ public static function encodeUpper(
+ #[\SensitiveParameter]
+ string $binString
+ ): string {
$hex = '';
$len = Binary::safeStrlen($binString);
@@ -99,6 +103,7 @@ abstract class Hex implements EncoderInterface
* @throws RangeException
*/
public static function decode(
+ #[\SensitiveParameter]
string $encodedString,
bool $strictPadding = false
): string {
diff --git a/src/RFC4648.php b/src/RFC4648.php
index f124d65..7cd2e99 100644
--- a/src/RFC4648.php
+++ b/src/RFC4648.php
@@ -46,8 +46,10 @@ abstract class RFC4648
*
* @throws TypeError
*/
- public static function base64Encode(string $str): string
- {
+ public static function base64Encode(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base64::encode($str);
}
@@ -61,8 +63,10 @@ abstract class RFC4648
*
* @throws TypeError
*/
- public static function base64Decode(string $str): string
- {
+ public static function base64Decode(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base64::decode($str, true);
}
@@ -76,8 +80,10 @@ abstract class RFC4648
*
* @throws TypeError
*/
- public static function base64UrlSafeEncode(string $str): string
- {
+ public static function base64UrlSafeEncode(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base64UrlSafe::encode($str);
}
@@ -91,8 +97,10 @@ abstract class RFC4648
*
* @throws TypeError
*/
- public static function base64UrlSafeDecode(string $str): string
- {
+ public static function base64UrlSafeDecode(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base64UrlSafe::decode($str, true);
}
@@ -106,8 +114,10 @@ abstract class RFC4648
*
* @throws TypeError
*/
- public static function base32Encode(string $str): string
- {
+ public static function base32Encode(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base32::encodeUpper($str);
}
@@ -121,8 +131,10 @@ abstract class RFC4648
*
* @throws TypeError
*/
- public static function base32Decode(string $str): string
- {
+ public static function base32Decode(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base32::decodeUpper($str, true);
}
@@ -136,8 +148,10 @@ abstract class RFC4648
*
* @throws TypeError
*/
- public static function base32HexEncode(string $str): string
- {
+ public static function base32HexEncode(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base32::encodeUpper($str);
}
@@ -151,8 +165,10 @@ abstract class RFC4648
*
* @throws TypeError
*/
- public static function base32HexDecode(string $str): string
- {
+ public static function base32HexDecode(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Base32::decodeUpper($str, true);
}
@@ -166,8 +182,10 @@ abstract class RFC4648
*
* @throws TypeError
*/
- public static function base16Encode(string $str): string
- {
+ public static function base16Encode(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Hex::encodeUpper($str);
}
@@ -179,8 +197,10 @@ abstract class RFC4648
* @param string $str
* @return string
*/
- public static function base16Decode(string $str): string
- {
+ public static function base16Decode(
+ #[\SensitiveParameter]
+ string $str
+ ): string {
return Hex::decode($str, true);
}
-}
\ No newline at end of file
+}
--
GitLab