From 163371822a035e5d8471239ce897c3a0db4cb259 Mon Sep 17 00:00:00 2001 From: Simon Frings Date: Wed, 31 Aug 2022 15:02:29 +0200 Subject: [PATCH] Mark passwords and URIs as `#[\SensitiveParameter]` (PHP 8.2+) --- src/Client.php | 14 ++++++++++---- src/Server.php | 27 ++++++++++++++++++++++----- 2 files changed, 32 insertions(+), 9 deletions(-) diff --git a/src/Client.php b/src/Client.php index 83970e6..5645c25 100644 --- a/src/Client.php +++ b/src/Client.php @@ -31,8 +31,11 @@ final class Client implements ConnectorInterface * @param ?ConnectorInterface $connector * @throws InvalidArgumentException */ - public function __construct($socksUri, ConnectorInterface $connector = null) - { + public function __construct( + #[\SensitiveParameter] + $socksUri, + ConnectorInterface $connector = null + ) { // support `sockss://` scheme for SOCKS over TLS // support `socks+unix://` scheme for Unix domain socket (UDS) paths if (preg_match('/^(socks(?:5|4)?)(s|\+unix):\/\/(.*?@)?(.+?)$/', $socksUri, $match)) { @@ -97,8 +100,11 @@ private function setProtocolVersionFromScheme($scheme) * @param string $password * @link http://tools.ietf.org/html/rfc1929 */ - private function setAuth($username, $password) - { + private function setAuth( + $username, + #[\SensitiveParameter] + $password + ) { if (strlen($username) > 255 || strlen($password) > 255) { throw new InvalidArgumentException('Both username and password MUST NOT exceed a length of 255 bytes each'); } diff --git a/src/Server.php b/src/Server.php index 2405f3e..ca45015 100644 --- a/src/Server.php +++ b/src/Server.php @@ -57,18 +57,32 @@ final class Server * @param ?ConnectorInterface $connector * @param null|array|callable $auth */ - public function __construct(LoopInterface $loop = null, ConnectorInterface $connector = null, $auth = null) - { + public function __construct( + LoopInterface $loop = null, + ConnectorInterface $connector = null, + #[\SensitiveParameter] + $auth = null + ) { if (\is_array($auth)) { // wrap authentication array in authentication callback - $this->auth = function ($username, $password) use ($auth) { + $this->auth = function ( + $username, + #[\SensitiveParameter] + $password + ) use ($auth) { return \React\Promise\resolve( isset($auth[$username]) && (string)$auth[$username] === $password ); }; } elseif (\is_callable($auth)) { // wrap authentication callback in order to cast its return value to a promise - $this->auth = function($username, $password, $remote) use ($auth) { + $this->auth = function( + $username, + #[\SensitiveParameter] + $password, + #[\SensitiveParameter] + $remote + ) use ($auth) { return \React\Promise\resolve( \call_user_func($auth, $username, $password, $remote) ); @@ -247,7 +261,10 @@ public function handleSocks5(ConnectionInterface $stream, $auth, StreamReader $r })->then(function ($username) use ($reader, $auth, $stream, &$remote) { return $reader->readByte()->then(function ($length) use ($reader) { return $reader->readLength($length); - })->then(function ($password) use ($username, $auth, $stream, &$remote) { + })->then(function ( + #[\SensitiveParameter] + $password + ) use ($username, $auth, $stream, &$remote) { // username and password given => authenticate // prefix username/password to remote URI