Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Prevent returning an unwrapped ConcealedString from a method or function

Download Browse

Psalm is leveraged to limit the exposition of sensitive strings. The approach is quite primitive but it should be enough to cover a sensitive information is returned unwrapped by mistake. For now, those examples will now be rejected: function foo(): string { $a = new \Tuleap\Cryptography\ConcealedString('Ex1'); return $a->getString(); } final class Bar { public function foo(): string { $a = new \Tuleap\Cryptography\ConcealedString('Ex2'); $b = $a->getString(); return $b; } } Dealing with ConcealedString::__toString() will be done in an independent contribution. Part of request #14602: Harden handling of sensitive strings Change-Id: Idacce29db2c5c0852d758c22550c36064136e645

+223 −3
Thomas Gerbet (tgerbet) 2020-03-01 16:42
Thomas Gerbet (tgerbet) 2020-03-01 18:31
78447c677f7aac68df279e4e53f1f24c73c17951
fa053416c4a2c29427025de6a5772ce2374f9902
git #tuleap/stable/78447c677f7aac68df279e4e53f1f24c73c17951

Modified Files

Side by side diff
Inline diff
Name
A tests/lib/Psalm/Plugin/ConcealedString/NoReturnUnwrappedConcealedString.php +37 −0 Go to diff View file
A tests/lib/Psalm/Plugin/ConcealedString/PreventConcealedStringMisuses.php +89 −0 Go to diff View file
A tests/lib/Psalm/Plugin/ConcealedString/TUnwrappedConcealedString.php +33 −0 Go to diff View file
M tests/lib/Psalm/PsalmCILauncher.php +2 −3 Go to diff View file
A tests/phpunit/tests/Psalm/Plugin/ConcealedString/PreventConcealedStringMisusesTest.php +58 −0 Go to diff View file
M tests/psalm/psalm.xml +4 −0 Go to diff View file