The SensitiveParameter attribute

(PHP 8 >= 8.2.0)

Вступ

This attribute is used to mark a parameter that is sensitive and should have its value redacted if present in a stack trace.

Короткий огляд класу

final class SensitiveParameter {

/* Методи */

public __construct()

}

Приклади

<?php

function defaultBehavior(
    string $secret,
    string $normal
) {
    throw new Exception('Error!');
}

function sensitiveParametersWithAttribute(
    #[\SensitiveParameter]
    string $secret,
    string $normal
) {
    throw new Exception('Error!');
}

try {
    defaultBehavior('password', 'normal');
} catch (Exception $e) {
    echo $e, PHP_EOL, PHP_EOL;
}

try {
    sensitiveParametersWithAttribute('password', 'normal');
} catch (Exception $e) {
    echo $e, PHP_EOL, PHP_EOL;
}

?>

В PHP 8.2 поданий вище приклад виведе щось схоже на:

Exception: Error! in example.php:7
Stack trace:
#0 example.php(19): defaultBehavior('password', 'normal')
#1 {main}

Exception: Error! in example.php:15
Stack trace:
#0 example.php(25): sensitiveParametersWithAttribute(Object(SensitiveParameterValue), 'normal')
#1 {main}

Прогляньте також

Зміст

SensitiveParameter::__construct — Construct a new SensitiveParameter attribute instance

Found A Problem?

Learn How To Improve This Page • Submit a Pull Request • Report a Bug

＋add a note

User Contributed Notes 1 note

down

miqrogroove at gmail dot com ¶

9 days ago

Beware this attribute does nothing on object interfaces and will permit password exposure when used incorrectly.

<?php

interface Server
{
    public function connect(
        #[\SensitiveParameter]
        string $password,
    );
}

class TestServer implements Server
{
    public function connect(
        string $password,
    ) {
        throw new Exception('Guess what?');
    }
}

($var = new TestServer())->connect('wrl!L3=6O57T9?r');

＋add a note