stable
Clone or download
Read-only
ConcealedString tries to clean up the wrapped secret. This is a best practice to try to limit as much as possible the exposure of sensitive information. For data coming from or being sent in a HTTP request it is not really possible to scrub everything from memory. However this change allow us is interesting for the Tuleap internal crypto API where everything is manipulated locally. No functionnal change is expected. Part of request #14602: Harden handling of sensitive strings Change-Id: I1869700c4513ff1d5c5d1ff177bcecb134f586cb
Modified Files
| Name | ||||
|---|---|---|---|---|
| M | plugins/prometheus_metrics/include/MetricsAuthCredential.php | +1 | −1 | Go to diff View file |
| M | src/common/Authentication/SplitToken/PrefixedSplitTokenSerializer.php | +4 | −1 | Go to diff View file |
| M | src/common/Authentication/SplitToken/SplitTokenVerificationString.php | +3 | −1 | Go to diff View file |
| M | src/common/Cryptography/Asymmetric/AsymmetricCrypto.php | +14 | −2 | Go to diff View file |
| M | src/common/Cryptography/Asymmetric/SignaturePublicKey.php | +5 | −2 | Go to diff View file |
| M | src/common/Cryptography/Asymmetric/SignatureSecretKey.php | +4 | −1 | Go to diff View file |
| M | src/common/Cryptography/ConcealedString.php | +13 | −1 | Go to diff View file |
| M | src/common/Cryptography/Key.php | +6 | −1 | Go to diff View file |
| M | src/common/Cryptography/KeyFactory.php | +25 | −8 | Go to diff View file |
| M | src/common/Cryptography/Symmetric/EncryptionKey.php | +4 | −1 | Go to diff View file |
| M | src/common/Cryptography/Symmetric/SymmetricCrypto.php | +17 | −4 | Go to diff View file |
| M | src/common/Redis/RedisInitializer.php | +7 | −2 | Go to diff View file |