Apply PHP 8.2's SensitiveParameter attribute to Uri::withUserInfo()

Technically the `$password` will end up in the URI anyway when stringifying it. Adding the Attribute is simple though and absolves the reader from needing to consider whether not having the attribute in this specific instance is safe or not. Signed-off-by: Tim Düsterhus <duesterhus@woltlab.com>
laminas · Aug 30, 2022 · 9b5e106 · 9b5e106
1 parent 49f3f7a
commit 9b5e106
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 5 deletions.
diff --git a/psalm-baseline.xml b/psalm-baseline.xml
@@ -314,6 +314,9 @@
     <RedundantConditionGivenDocblockType occurrences="1">
       <code>gettype($port)</code>
     </RedundantConditionGivenDocblockType>
+    <UndefinedAttributeClass occurrences="1">
+      <code>SensitiveParameter</code>
+    </UndefinedAttributeClass>
   </file>
   <file src="src/functions/create_uploaded_file.legacy.php">
     <MixedArgument occurrences="1">
@@ -467,9 +470,6 @@
     </MoreSpecificReturnType>
   </file>
   <file src="test/CallbackStreamTest.php">
-    <MissingClosureReturnType occurrences="1">
-      <code>function () {</code>
-    </MissingClosureReturnType>
     <MixedAssignment occurrences="2">
       <code>$ret</code>
       <code>$ret</code>

diff --git a/src/Uri.php b/src/Uri.php
@@ -5,6 +5,7 @@
 namespace Laminas\Diactoros;
 
 use Psr\Http\Message\UriInterface;
+use SensitiveParameter;
 
 use function array_keys;
 use function explode;
@@ -228,6 +229,9 @@ public function withScheme($scheme): UriInterface
         return $new;
     }
 
+    // The following rule is buggy for parameters attributes
+    // phpcs:disable SlevomatCodingStandard.TypeHints.ParameterTypeHintSpacing.NoSpaceBetweenTypeHintAndParameter
+
     /**
      * Create and return a new instance containing the provided user credentials.
      *
@@ -236,8 +240,11 @@ public function withScheme($scheme): UriInterface
      *
      * {@inheritdoc}
      */
-    public function withUserInfo($user, $password = null): UriInterface
-    {
+    public function withUserInfo(
+        $user,
+        #[SensitiveParameter]
+        $password = null
+    ): UriInterface {
         if (! is_string($user)) {
             throw new Exception\InvalidArgumentException(sprintf(
                 '%s expects a string user argument; received %s',
@@ -269,6 +276,8 @@ public function withUserInfo($user, $password = null): UriInterface
         return $new;
     }
 
+    // phpcs:enable SlevomatCodingStandard.TypeHints.ParameterTypeHintSpacing.NoSpaceBetweenTypeHintAndParameter
+
     /**
      * {@inheritdoc}
      */