bug #48274 Add more #[\SensitiveParameter] (fancyweb)

fabpot · fabpot · commit 2dc06708d1ed · 2022-11-22T08:02:47.000+01:00
This PR was merged into the 6.2 branch. Discussion ---------- Add more #[\SensitiveParameter] | Q | A | ------------- | --- | Branch? | 6.2 | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - Follow-up to #46183 Commits ------- 8ad9642 Add more #[\SensitiveParameter]
diff --git a/src/Symfony/Bundle/FrameworkBundle/Secrets/SodiumVault.php b/src/Symfony/Bundle/FrameworkBundle/Secrets/SodiumVault.php
@@ -30,7 +30,7 @@ class SodiumVault extends AbstractVault implements EnvVarLoaderInterface
      * @param $decryptionKey A string or a stringable object that defines the private key to use to decrypt the vault
      *                       or null to store generated keys in the provided $secretsDir
      */
-    public function __construct(string $secretsDir, string|\Stringable $decryptionKey = null)
+    public function __construct(string $secretsDir, #[\SensitiveParameter] string|\Stringable $decryptionKey = null)
     {
         $this->pathPrefix = rtrim(strtr($secretsDir, '/', \DIRECTORY_SEPARATOR), \DIRECTORY_SEPARATOR).\DIRECTORY_SEPARATOR.basename($secretsDir).'.';
         $this->decryptionKey = $decryptionKey;
diff --git a/src/Symfony/Component/Security/Csrf/CsrfTokenManager.php b/src/Symfony/Component/Security/Csrf/CsrfTokenManager.php
@@ -79,7 +79,7 @@ public function getToken(string $tokenId): CsrfToken
         return new CsrfToken($tokenId, $this->randomize($value));
     }
 
-    public function refreshToken(#[\SensitiveParameter] string $tokenId): CsrfToken
+    public function refreshToken(string $tokenId): CsrfToken
     {
         $namespacedId = $this->getNamespace().$tokenId;
         $value = $this->generator->generateToken();
diff --git a/src/Symfony/Component/Security/Csrf/TokenStorage/NativeSessionTokenStorage.php b/src/Symfony/Component/Security/Csrf/TokenStorage/NativeSessionTokenStorage.php
@@ -51,7 +51,7 @@ public function getToken(string $tokenId): string
         return (string) $_SESSION[$this->namespace][$tokenId];
     }
 
-    public function setToken(string $tokenId, string $token)
+    public function setToken(string $tokenId, #[\SensitiveParameter] string $token)
     {
         if (!$this->sessionStarted) {
             $this->startSession();
diff --git a/src/Symfony/Component/Security/Csrf/TokenStorage/SessionTokenStorage.php b/src/Symfony/Component/Security/Csrf/TokenStorage/SessionTokenStorage.php
@@ -56,7 +56,7 @@ public function getToken(string $tokenId): string
         return (string) $session->get($this->namespace.'/'.$tokenId);
     }
 
-    public function setToken(string $tokenId, string $token)
+    public function setToken(string $tokenId, #[\SensitiveParameter] string $token)
     {
         $session = $this->getSession();
         if (!$session->isStarted()) {
diff --git a/src/Symfony/Component/Security/Csrf/TokenStorage/TokenStorageInterface.php b/src/Symfony/Component/Security/Csrf/TokenStorage/TokenStorageInterface.php
@@ -28,7 +28,7 @@ public function getToken(string $tokenId): string;
     /**
      * Stores a CSRF token.
      */
-    public function setToken(string $tokenId, string $token);
+    public function setToken(string $tokenId, #[\SensitiveParameter] string $token);
 
     /**
      * Removes a CSRF token.
diff --git a/src/Symfony/Component/Security/Http/AccessToken/AccessTokenHandlerInterface.php b/src/Symfony/Component/Security/Http/AccessToken/AccessTokenHandlerInterface.php
@@ -24,5 +24,5 @@ interface AccessTokenHandlerInterface
     /**
      * @throws AuthenticationException
      */
-    public function getUserIdentifierFrom(string $accessToken): string;
+    public function getUserIdentifierFrom(#[\SensitiveParameter] string $accessToken): string;
 }
diff --git a/src/Symfony/Component/Security/Http/Authenticator/Passport/Badge/CsrfTokenBadge.php b/src/Symfony/Component/Security/Http/Authenticator/Passport/Badge/CsrfTokenBadge.php
@@ -33,7 +33,7 @@ class CsrfTokenBadge implements BadgeInterface
      *                                 Using a different string for each authenticator improves its security.
      * @param string|null $csrfToken   The CSRF token presented in the request, if any
      */
-    public function __construct(string $csrfTokenId, ?string $csrfToken)
+    public function __construct(string $csrfTokenId, #[\SensitiveParameter] ?string $csrfToken)
     {
         $this->csrfTokenId = $csrfTokenId;
         $this->csrfToken = $csrfToken;
diff --git a/src/Symfony/Component/Security/Http/Authenticator/Passport/Badge/PasswordUpgradeBadge.php b/src/Symfony/Component/Security/Http/Authenticator/Passport/Badge/PasswordUpgradeBadge.php
@@ -32,7 +32,7 @@ class PasswordUpgradeBadge implements BadgeInterface
      * @param string                         $plaintextPassword The presented password, used in the rehash
      * @param PasswordUpgraderInterface|null $passwordUpgrader  The password upgrader, defaults to the UserProvider if null
      */
-    public function __construct(string $plaintextPassword, PasswordUpgraderInterface $passwordUpgrader = null)
+    public function __construct(#[\SensitiveParameter] string $plaintextPassword, PasswordUpgraderInterface $passwordUpgrader = null)
     {
         $this->plaintextPassword = $plaintextPassword;
         $this->passwordUpgrader = $passwordUpgrader;

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ class SodiumVault extends AbstractVault implements EnvVarLoaderInterface`
`30`	`30`	`* @param $decryptionKey A string or a stringable object that defines the private key to use to decrypt the vault`
`31`	`31`	`* or null to store generated keys in the provided $secretsDir`
`32`	`32`	`*/`
`33`		`- public function __construct(string $secretsDir, string\|\Stringable $decryptionKey = null)`
	`33`	`+ public function __construct(string $secretsDir, #[\SensitiveParameter] string\|\Stringable $decryptionKey = null)`
`34`	`34`	`{`
`35`	`35`	`$this->pathPrefix = rtrim(strtr($secretsDir, '/', \DIRECTORY_SEPARATOR), \DIRECTORY_SEPARATOR).\DIRECTORY_SEPARATOR.basename($secretsDir).'.';`
`36`	`36`	`$this->decryptionKey = $decryptionKey;`
Original file line number	Diff line number	Diff line change
`@@ -79,7 +79,7 @@ public function getToken(string $tokenId): CsrfToken`
`79`	`79`	`return new CsrfToken($tokenId, $this->randomize($value));`
`80`	`80`	`}`
`81`	`81`
`82`		`- public function refreshToken(#[\SensitiveParameter] string $tokenId): CsrfToken`
	`82`	`+ public function refreshToken(string $tokenId): CsrfToken`
`83`	`83`	`{`
`84`	`84`	`$namespacedId = $this->getNamespace().$tokenId;`
`85`	`85`	`$value = $this->generator->generateToken();`
Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ public function getToken(string $tokenId): string`
`51`	`51`	`return (string) $_SESSION[$this->namespace][$tokenId];`
`52`	`52`	`}`
`53`	`53`
`54`		`- public function setToken(string $tokenId, string $token)`
	`54`	`+ public function setToken(string $tokenId, #[\SensitiveParameter] string $token)`
`55`	`55`	`{`
`56`	`56`	`if (!$this->sessionStarted) {`
`57`	`57`	`$this->startSession();`
Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ public function getToken(string $tokenId): string`
`56`	`56`	`return (string) $session->get($this->namespace.'/'.$tokenId);`
`57`	`57`	`}`
`58`	`58`
`59`		`- public function setToken(string $tokenId, string $token)`
	`59`	`+ public function setToken(string $tokenId, #[\SensitiveParameter] string $token)`
`60`	`60`	`{`
`61`	`61`	`$session = $this->getSession();`
`62`	`62`	`if (!$session->isStarted()) {`
Original file line number	Diff line number	Diff line change
`@@ -24,5 +24,5 @@ interface AccessTokenHandlerInterface`
`24`	`24`	`/**`
`25`	`25`	`* @throws AuthenticationException`
`26`	`26`	`*/`
`27`		`- public function getUserIdentifierFrom(string $accessToken): string;`
	`27`	`+ public function getUserIdentifierFrom(#[\SensitiveParameter] string $accessToken): string;`
`28`	`28`	`}`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ class CsrfTokenBadge implements BadgeInterface`
`33`	`33`	`* Using a different string for each authenticator improves its security.`
`34`	`34`	`* @param string\|null $csrfToken The CSRF token presented in the request, if any`
`35`	`35`	`*/`
`36`		`- public function __construct(string $csrfTokenId, ?string $csrfToken)`
	`36`	`+ public function __construct(string $csrfTokenId, #[\SensitiveParameter] ?string $csrfToken)`
`37`	`37`	`{`
`38`	`38`	`$this->csrfTokenId = $csrfTokenId;`
`39`	`39`	`$this->csrfToken = $csrfToken;`
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ class PasswordUpgradeBadge implements BadgeInterface`
`32`	`32`	`* @param string $plaintextPassword The presented password, used in the rehash`
`33`	`33`	`* @param PasswordUpgraderInterface\|null $passwordUpgrader The password upgrader, defaults to the UserProvider if null`
`34`	`34`	`*/`
`35`		`- public function __construct(string $plaintextPassword, PasswordUpgraderInterface $passwordUpgrader = null)`
	`35`	`+ public function __construct(#[\SensitiveParameter] string $plaintextPassword, PasswordUpgraderInterface $passwordUpgrader = null)`
`36`	`36`	`{`
`37`	`37`	`$this->plaintextPassword = $plaintextPassword;`
`38`	`38`	`$this->passwordUpgrader = $passwordUpgrader;`