rfc:redact_parameters_in_back_traces

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
rfc:redact_parameters_in_back_traces [2022/02/01 10:21] – 1.4: Use SensitiveParameterValue as the replacement value timwollarfc:redact_parameters_in_back_traces [2022/02/04 10:57] – 1.5: Store the original value timwolla
Line 1: Line 1:
 ====== PHP RFC: Redacting parameters in back traces ====== ====== PHP RFC: Redacting parameters in back traces ======
-  * Version: 1.4+  * Version: 1.5
   * Date: 2022-01-10   * Date: 2022-01-10
   * Author: Tim Düsterhus, duesterhus@woltlab.com   * Author: Tim Düsterhus, duesterhus@woltlab.com
Line 38: Line 38:
  
 For this reason, the replacement value will need to violate the type-hint for at least some of the parameters the attribute is applied to. Using a <php>\SensitiveParameterValue</php> object will almost certainly violate a type hint, but it allows userland code to reliably detect the difference between a real value and a parameter that was redacted by using an <php>$foo instanceof \SensitiveParameterValue</php> check. For this reason, the replacement value will need to violate the type-hint for at least some of the parameters the attribute is applied to. Using a <php>\SensitiveParameterValue</php> object will almost certainly violate a type hint, but it allows userland code to reliably detect the difference between a real value and a parameter that was redacted by using an <php>$foo instanceof \SensitiveParameterValue</php> check.
 +
 +Furthermore the replacement object will store the original value, allowing it to retrieve it on explicit request, while making it hard to accidentally expose it.
 +
 +The userland equivalent of the <php>\SensitiveParameterValue</php> class is:
 +
 +<PHP>
 +<?php
 +
 +final class SensitiveParameterValue
 +{
 +    public function __construct(private readonly mixed $value) {}
 +
 +    public function getValue(): mixed { return $value; }
 +
 +    /* Hide the value from var_dump(). */
 +    public function __debugInfo(): array { return []; }
 +
 +    /* Hide the value from serialization. */
 +    public function __serialize(): array { return []; }
 +
 +    /* Prevent unserialization, as the stored value cannot round-trip. */
 +    public function __unserialize(array $data): void {
 +        throw new \Exception('...');
 +    }
 +}
 +</PHP>
  
 ==== Examples ==== ==== Examples ====
Line 217: Line 243:
     \assert($testFrame['args'][0] === 'foo');     \assert($testFrame['args'][0] === 'foo');
     \assert($testFrame['args'][1] instanceof \SensitiveParameterValue);     \assert($testFrame['args'][1] instanceof \SensitiveParameterValue);
 +    // Explicitly retrieve the original value.
 +    \assert($testFrame['args'][1]->getValue() === 'bar');
     \assert($testFrame['args'][2] === 'baz');     \assert($testFrame['args'][2] === 'baz');
 } }
Line 398: Line 426:
 ===== Future Scope ===== ===== Future Scope =====
  
-  * Storing the original value within the replacement value. Care needs to be taken that this does not easily expose the original value, e.g. when serializing.+None.
  
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
  
-Add the <php>\SensitiveParameter</php> attribute and redact values in back traces for parameters having this attribute?+Add the <php>\SensitiveParameter</php> attribute and replace parameters having this attribute in back traces by <php>\SensitiveParameterValue</php>?
  
 ===== Patches and Tests ===== ===== Patches and Tests =====
Line 426: Line 454:
 ===== Changelog ===== ===== Changelog =====
  
 +  * 1.5: Store the original value.
   * 1.4: Use SensitiveParameterValue as the replacement value.   * 1.4: Use SensitiveParameterValue as the replacement value.
   * 1.3: "Creating a wrapper class" section, resolved open issues/questions, future scope.   * 1.3: "Creating a wrapper class" section, resolved open issues/questions, future scope.
rfc/redact_parameters_in_back_traces.txt · Last modified: 2022/06/13 09:15 by timwolla

Page Tools