stable

Clone or download

Read-only

Prevent returning an unwrapped ConcealedString from a method or function

Psalm is leveraged to limit the exposition of sensitive strings. The approach is quite primitive but it should be enough to cover a sensitive information is returned unwrapped by mistake. For now, those examples will now be rejected: function foo(): string { $a = new \Tuleap\Cryptography\ConcealedString('Ex1'); return $a->getString(); } final class Bar { public function foo(): string { $a = new \Tuleap\Cryptography\ConcealedString('Ex2'); $b = $a->getString(); return $b; } } Dealing with ConcealedString::__toString() will be done in an independent contribution. Part of request #14602: Harden handling of sensitive strings Change-Id: Idacce29db2c5c0852d758c22550c36064136e645

Modified Files

Name
A tests/lib/Psalm/Plugin/ConcealedString/NoReturnUnwrappedConcealedString.php +37 −0 Go to diff View file
A tests/lib/Psalm/Plugin/ConcealedString/PreventConcealedStringMisuses.php +89 −0 Go to diff View file
A tests/lib/Psalm/Plugin/ConcealedString/TUnwrappedConcealedString.php +33 −0 Go to diff View file
M tests/lib/Psalm/PsalmCILauncher.php +2 −3 Go to diff View file
A tests/phpunit/tests/Psalm/Plugin/ConcealedString/PreventConcealedStringMisusesTest.php +58 −0 Go to diff View file
M tests/psalm/psalm.xml +4 −0 Go to diff View file