diff --git a/src/CreditCard.php b/src/CreditCard.php index baa385bfc..bb5faa9af 100644 --- a/src/CreditCard.php +++ b/src/CreditCard.php @@ -5,6 +5,7 @@ use Exception; use Laminas\Stdlib\ArrayUtils; use Laminas\Validator\Exception\InvalidArgumentException; +use SensitiveParameter; use Traversable; use function array_key_exists; @@ -355,14 +356,19 @@ public function setService($service) return $this; } + // The following rule is buggy for parameters attributes + // phpcs:disable SlevomatCodingStandard.TypeHints.ParameterTypeHintSpacing.NoSpaceBetweenTypeHintAndParameter + /** * Returns true if and only if $value follows the Luhn algorithm (mod-10 checksum) * * @param string $value * @return bool */ - public function isValid($value) - { + public function isValid( + #[SensitiveParameter] + $value + ) { $this->setValue($value); if (! is_string($value)) { @@ -433,4 +439,6 @@ public function isValid($value) return true; } + + // phpcs:enable SlevomatCodingStandard.TypeHints.ParameterTypeHintSpacing.NoSpaceBetweenTypeHintAndParameter } diff --git a/src/UndisclosedPassword.php b/src/UndisclosedPassword.php index 65a0bbaed..ab0aa534d 100644 --- a/src/UndisclosedPassword.php +++ b/src/UndisclosedPassword.php @@ -5,6 +5,7 @@ use Psr\Http\Client\ClientExceptionInterface; use Psr\Http\Client\ClientInterface; use Psr\Http\Message\RequestFactoryInterface; +use SensitiveParameter; use function array_filter; use function explode; @@ -45,9 +46,14 @@ public function __construct(private ClientInterface $httpClient, private Request parent::__construct(); } + // The following rule is buggy for parameters attributes + // phpcs:disable SlevomatCodingStandard.TypeHints.ParameterTypeHintSpacing.NoSpaceBetweenTypeHintAndParameter + /** {@inheritDoc} */ - public function isValid($value): bool - { + public function isValid( + #[SensitiveParameter] + $value + ): bool { if (! is_string($value)) { $this->error(self::NOT_A_STRING); return false; @@ -61,8 +67,12 @@ public function isValid($value): bool return true; } - private function isPwnedPassword(string $password): bool - { + // phpcs:enable SlevomatCodingStandard.TypeHints.ParameterTypeHintSpacing.NoSpaceBetweenTypeHintAndParameter + + private function isPwnedPassword( + #[SensitiveParameter] + string $password + ): bool { $sha1Hash = $this->hashPassword($password); $rangeHash = $this->getRangeHash($sha1Hash); $hashList = $this->retrieveHashList($rangeHash); @@ -74,8 +84,10 @@ private function isPwnedPassword(string $password): bool * We use a SHA1 hashed password for checking it against * the breached data set of HIBP. */ - private function hashPassword(string $password): string - { + private function hashPassword( + #[SensitiveParameter] + string $password + ): string { $hashedPassword = sha1($password); return strtoupper($hashedPassword); @@ -87,8 +99,10 @@ private function hashPassword(string $password): string * * @see https://www.troyhunt.com/enhancing-pwned-passwords-privacy-by-exclusively-supporting-anonymity/ */ - private function getRangeHash(string $passwordHash): string - { + private function getRangeHash( + #[SensitiveParameter] + string $passwordHash + ): string { return substr($passwordHash, self::HIBP_K_ANONYMITY_HASH_RANGE_BASE, self::HIBP_K_ANONYMITY_HASH_RANGE_LENGTH); } @@ -99,8 +113,10 @@ private function getRangeHash(string $passwordHash): string * * @throws ClientExceptionInterface */ - private function retrieveHashList(string $passwordRange): string - { + private function retrieveHashList( + #[SensitiveParameter] + string $passwordRange + ): string { $request = $this->makeHttpRequest->createRequest( 'GET', self::HIBP_API_URI . '/range/' . $passwordRange @@ -113,8 +129,12 @@ private function retrieveHashList(string $passwordRange): string /** * Checks if the password is in the response from HIBP */ - private function hashInResponse(string $sha1Hash, string $resultStream): bool - { + private function hashInResponse( + #[SensitiveParameter] + string $sha1Hash, + #[SensitiveParameter] + string $resultStream + ): bool { $data = explode("\r\n", $resultStream); $hashes = array_filter($data, static function ($value) use ($sha1Hash): bool { [$hash] = explode(':', $value);