Mark passwords and URIs as #[\SensitiveParameter] (PHP 8.2+)

clue · Aug 31, 2022 · 194158a · 194158a
1 parent 9c3f918
commit 194158a
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 8 deletions.
diff --git a/src/Client.php b/src/Client.php
@@ -31,8 +31,11 @@ final class Client implements ConnectorInterface
      * @param ?ConnectorInterface $connector
      * @throws InvalidArgumentException
      */
-    public function __construct($socksUri, ConnectorInterface $connector = null)
-    {
+    public function __construct(
+        #[\SensitiveParameter]
+        $socksUri,
+        ConnectorInterface $connector = null
+    ) {
         // support `sockss://` scheme for SOCKS over TLS
         // support `socks+unix://` scheme for Unix domain socket (UDS) paths
         if (preg_match('/^(socks(?:5|4)?)(s|\+unix):\/\/(.*?@)?(.+?)$/', $socksUri, $match)) {
@@ -97,8 +100,11 @@ private function setProtocolVersionFromScheme($scheme)
      * @param string $password
      * @link http://tools.ietf.org/html/rfc1929
      */
-    private function setAuth($username, $password)
-    {
+    private function setAuth(
+        $username,
+        #[\SensitiveParameter]
+        $password
+    ) {
         if (strlen($username) > 255 || strlen($password) > 255) {
             throw new InvalidArgumentException('Both username and password MUST NOT exceed a length of 255 bytes each');
         }

diff --git a/src/Server.php b/src/Server.php
@@ -57,8 +57,12 @@ final class Server
      * @param ?ConnectorInterface $connector
      * @param null|array|callable $auth
      */
-    public function __construct(LoopInterface $loop = null, ConnectorInterface $connector = null, $auth = null)
-    {
+    public function __construct(
+        LoopInterface $loop = null,
+        ConnectorInterface $connector = null,
+        #[\SensitiveParameter]
+        $auth = null
+    ) {
         if (\is_array($auth)) {
             // wrap authentication array in authentication callback
             $this->auth = function ($username, $password) use ($auth) {
@@ -215,8 +219,12 @@ public function handleSocks4(ConnectionInterface $stream, StreamReader $reader)
     }
 
     /** @internal */
-    public function handleSocks5(ConnectionInterface $stream, $auth, StreamReader $reader)
-    {
+    public function handleSocks5(
+        ConnectionInterface $stream,
+        #[\SensitiveParameter]
+        $auth,
+        StreamReader $reader
+    ) {
         $remote = $stream->getRemoteAddress();
         if ($remote !== null) {
             // remove transport scheme and prefix socks5:// instead