Merge pull request #109 from SimonFrings/SensitiveParameter

clue · web-flow · commit ea703c3cbe0c · 2022-08-31T16:28:59.000+02:00
Mark passwords and URIs as `#[\SensitiveParameter]` (PHP 8.2+)
diff --git a/src/Client.php b/src/Client.php
@@ -31,8 +31,11 @@ final class Client implements ConnectorInterface
      * @param ?ConnectorInterface $connector
      * @throws InvalidArgumentException
      */
-    public function __construct($socksUri, ConnectorInterface $connector = null)
-    {
+    public function __construct(
+        #[\SensitiveParameter]
+        $socksUri,
+        ConnectorInterface $connector = null
+    ) {
         // support `sockss://` scheme for SOCKS over TLS
         // support `socks+unix://` scheme for Unix domain socket (UDS) paths
         if (preg_match('/^(socks(?:5|4)?)(s|\+unix):\/\/(.*?@)?(.+?)$/', $socksUri, $match)) {
@@ -97,8 +100,11 @@ private function setProtocolVersionFromScheme($scheme)
      * @param string $password
      * @link http://tools.ietf.org/html/rfc1929
      */
-    private function setAuth($username, $password)
-    {
+    private function setAuth(
+        $username,
+        #[\SensitiveParameter]
+        $password
+    ) {
         if (strlen($username) > 255 || strlen($password) > 255) {
             throw new InvalidArgumentException('Both username and password MUST NOT exceed a length of 255 bytes each');
         }
diff --git a/src/Server.php b/src/Server.php
@@ -57,18 +57,32 @@ final class Server
      * @param ?ConnectorInterface $connector
      * @param null|array|callable $auth
      */
-    public function __construct(LoopInterface $loop = null, ConnectorInterface $connector = null, $auth = null)
-    {
+    public function __construct(
+        LoopInterface $loop = null,
+        ConnectorInterface $connector = null,
+        #[\SensitiveParameter]
+        $auth = null
+    ) {
         if (\is_array($auth)) {
             // wrap authentication array in authentication callback
-            $this->auth = function ($username, $password) use ($auth) {
+            $this->auth = function (
+                $username,
+                #[\SensitiveParameter]
+                $password
+            ) use ($auth) {
                 return \React\Promise\resolve(
                     isset($auth[$username]) && (string)$auth[$username] === $password
                 );
             };
         } elseif (\is_callable($auth)) {
             // wrap authentication callback in order to cast its return value to a promise
-            $this->auth = function($username, $password, $remote) use ($auth) {
+            $this->auth = function(
+                $username,
+                #[\SensitiveParameter]
+                $password,
+                #[\SensitiveParameter]
+                $remote
+            ) use ($auth) {
                 return  \React\Promise\resolve(
                     \call_user_func($auth, $username, $password, $remote)
                 );
@@ -247,7 +261,10 @@ public function handleSocks5(ConnectionInterface $stream, $auth, StreamReader $r
                 })->then(function ($username) use ($reader, $auth, $stream, &$remote) {
                     return $reader->readByte()->then(function ($length) use ($reader) {
                         return $reader->readLength($length);
-                    })->then(function ($password) use ($username, $auth, $stream, &$remote) {
+                    })->then(function (
+                        #[\SensitiveParameter]
+                        $password
+                    ) use ($username, $auth, $stream, &$remote) {
                         // username and password given => authenticate
 
                         // prefix username/password to remote URI
