From 194158aeb72eccc93c348321025926445da86763 Mon Sep 17 00:00:00 2001
From: Simon Frings <simon@clue.engineering>
Date: Wed, 31 Aug 2022 15:02:29 +0200
Subject: [PATCH] Mark passwords and URIs as `#[\SensitiveParameter]` (PHP
 8.2+)

---
 src/Client.php | 14 ++++++++++----
 src/Server.php | 16 ++++++++++++----
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/src/Client.php b/src/Client.php
index 83970e6..5645c25 100644
--- a/src/Client.php
+++ b/src/Client.php
@@ -31,8 +31,11 @@ final class Client implements ConnectorInterface
      * @param ?ConnectorInterface $connector
      * @throws InvalidArgumentException
      */
-    public function __construct($socksUri, ConnectorInterface $connector = null)
-    {
+    public function __construct(
+        #[\SensitiveParameter]
+        $socksUri,
+        ConnectorInterface $connector = null
+    ) {
         // support `sockss://` scheme for SOCKS over TLS
         // support `socks+unix://` scheme for Unix domain socket (UDS) paths
         if (preg_match('/^(socks(?:5|4)?)(s|\+unix):\/\/(.*?@)?(.+?)$/', $socksUri, $match)) {
@@ -97,8 +100,11 @@ private function setProtocolVersionFromScheme($scheme)
      * @param string $password
      * @link http://tools.ietf.org/html/rfc1929
      */
-    private function setAuth($username, $password)
-    {
+    private function setAuth(
+        $username,
+        #[\SensitiveParameter]
+        $password
+    ) {
         if (strlen($username) > 255 || strlen($password) > 255) {
             throw new InvalidArgumentException('Both username and password MUST NOT exceed a length of 255 bytes each');
         }
diff --git a/src/Server.php b/src/Server.php
index 2405f3e..5607491 100644
--- a/src/Server.php
+++ b/src/Server.php
@@ -57,8 +57,12 @@ final class Server
      * @param ?ConnectorInterface $connector
      * @param null|array|callable $auth
      */
-    public function __construct(LoopInterface $loop = null, ConnectorInterface $connector = null, $auth = null)
-    {
+    public function __construct(
+        LoopInterface $loop = null,
+        ConnectorInterface $connector = null,
+        #[\SensitiveParameter]
+        $auth = null
+    ) {
         if (\is_array($auth)) {
             // wrap authentication array in authentication callback
             $this->auth = function ($username, $password) use ($auth) {
@@ -215,8 +219,12 @@ public function handleSocks4(ConnectionInterface $stream, StreamReader $reader)
     }
 
     /** @internal */
-    public function handleSocks5(ConnectionInterface $stream, $auth, StreamReader $reader)
-    {
+    public function handleSocks5(
+        ConnectionInterface $stream,
+        #[\SensitiveParameter]
+        $auth,
+        StreamReader $reader
+    ) {
         $remote = $stream->getRemoteAddress();
         if ($remote !== null) {
             // remove transport scheme and prefix socks5:// instead