Add support for sensitive parameters in stubs

Author: kocsismate

Zend/zend_constants.c

@@ -109,7 +109,7 @@ void zend_startup_constants(void)
 
 void zend_register_standard_constants(void)
 {
-	register_zend_constants_consts(0);
+	register_zend_constants_symbols(0);
 
 	REGISTER_MAIN_LONG_CONSTANT("DEBUG_BACKTRACE_PROVIDE_OBJECT", DEBUG_BACKTRACE_PROVIDE_OBJECT, CONST_PERSISTENT | CONST_CS);
 	REGISTER_MAIN_LONG_CONSTANT("DEBUG_BACKTRACE_IGNORE_ARGS", DEBUG_BACKTRACE_IGNORE_ARGS, CONST_PERSISTENT | CONST_CS);

Zend/zend_constants_arginfo.h

@@ -3,7 +3,7 @@
 
 
 
-static void register_zend_constants_consts(int module_number)
+static void register_zend_constants_symbols(int module_number)
 {
     REGISTER_LONG_CONSTANT("E_ERROR", E_ERROR, CONST_CS | CONST_PERSISTENT);
     REGISTER_LONG_CONSTANT("E_WARNING", E_WARNING, CONST_CS | CONST_PERSISTENT);

build/gen_stub.php

@@ -759,21 +759,33 @@ class ArgInfo {
     public $phpDocType;
     /** @var string|null */
     public $defaultValue;
+    /** @var bool */
+    public $isSensitive;
 
-    public function __construct(string $name, int $sendBy, bool $isVariadic, ?Type $type, ?Type $phpDocType, ?string $defaultValue) {
+    public function __construct(
+        string $name,
+        int $sendBy,
+        bool $isVariadic,
+        ?Type $type,
+        ?Type $phpDocType,
+        ?string $defaultValue,
+        bool $isSensitive
+    ) {
         $this->name = $name;
         $this->sendBy = $sendBy;
         $this->isVariadic = $isVariadic;
         $this->setTypes($type, $phpDocType);
         $this->defaultValue = $defaultValue;
+        $this->isSensitive = $isSensitive;
     }
 
     public function equals(ArgInfo $other): bool {
         return $this->name === $other->name
             && $this->sendBy === $other->sendBy
             && $this->isVariadic === $other->isVariadic
             && Type::equals($this->type, $other->type)
-            && $this->defaultValue === $other->defaultValue;
+            && $this->defaultValue === $other->defaultValue
+            && $this->isSensitive === $other->isSensitive;
     }
 
     public function getSendByString(): string {
@@ -925,6 +937,7 @@ interface FunctionOrMethodName {
     public function getDeclaration(): string;
     public function getArgInfoName(): string;
     public function getMethodSynopsisFilename(): string;
+    public function getAttributeName(): string;
     public function __toString(): string;
     public function isMethod(): bool;
     public function isConstructor(): bool;
@@ -970,6 +983,10 @@ public function getMethodSynopsisFilename(): string {
         return implode('_', $this->name->parts);
     }
 
+    public function getAttributeName(): string {
+        return $this->name->toString();
+    }
+
     public function __toString(): string {
         return $this->name->toString();
     }
@@ -989,7 +1006,7 @@ public function isDestructor(): bool {
 
 class MethodName implements FunctionOrMethodName {
     /** @var Name */
-    private $className;
+    public $className;
     /** @var string */
     public $methodName;
 
@@ -1014,6 +1031,10 @@ public function getMethodSynopsisFilename(): string {
         return $this->getDeclarationClassName() . "_{$this->methodName}";
     }
 
+    public function getAttributeName(): string {
+        return $this->methodName;
+    }
+
     public function __toString(): string {
         return "$this->className::$this->methodName";
     }
@@ -2896,7 +2917,7 @@ public function getVariableName(): string {
 
         if ($this->name === "param") {
             preg_match('/^\s*[\w\|\\\\\[\]]+\s*\$(\w+).*$/', $value, $matches);
-        } elseif ($this->name === "prefer-ref") {
+        } elseif ($this->name === "prefer-ref" || $this->name === "sensitive-param") {
             preg_match('/^\s*\$(\w+).*$/', $value, $matches);
         }
 
@@ -2946,34 +2967,61 @@ function parseFunctionLike(
         if ($comment) {
             $tags = parseDocComment($comment);
             foreach ($tags as $tag) {
-                if ($tag->name === 'prefer-ref') {
-                    $varName = $tag->getVariableName();
-                    if (!isset($paramMeta[$varName])) {
-                        $paramMeta[$varName] = [];
-                    }
-                    $paramMeta[$varName]['preferRef'] = true;
-                } else if ($tag->name === 'alias' || $tag->name === 'implementation-alias') {
-                    $aliasType = $tag->name;
-                    $aliasParts = explode("::", $tag->getValue());
-                    if (count($aliasParts) === 1) {
-                        $alias = new FunctionName(new Name($aliasParts[0]));
-                    } else {
-                        $alias = new MethodName(new Name($aliasParts[0]), $aliasParts[1]);
-                    }
-                } else if ($tag->name === 'deprecated') {
-                    $isDeprecated = true;
-                } else if ($tag->name === 'no-verify') {
-                    $verify = false;
-                } else if ($tag->name === 'tentative-return-type') {
-                    $tentativeReturnType = true;
-                } else if ($tag->name === 'return') {
-                    $docReturnType = $tag->getType();
-                } else if ($tag->name === 'param') {
-                    $docParamTypes[$tag->getVariableName()] = $tag->getType();
-                } else if ($tag->name === 'refcount') {
-                    $refcount = $tag->getValue();
-                } else if ($tag->name === 'compile-time-eval') {
-                    $supportsCompileTimeEval = true;
+                switch ($tag->name) {
+                    case 'prefer-ref':
+                        $varName = $tag->getVariableName();
+                        if (!isset($paramMeta[$varName])) {
+                            $paramMeta[$varName] = [];
+                        }
+                        $paramMeta[$varName]['preferRef'] = true;
+                        break;
+
+                    case 'alias':
+                    case 'implementation-alias':
+                        $aliasType = $tag->name;
+                        $aliasParts = explode("::", $tag->getValue());
+                        if (count($aliasParts) === 1) {
+                            $alias = new FunctionName(new Name($aliasParts[0]));
+                        } else {
+                            $alias = new MethodName(new Name($aliasParts[0]), $aliasParts[1]);
+                        }
+                        break;
+
+                    case 'deprecated':
+                        $isDeprecated = true;
+                        break;
+
+                    case 'no-verify':
+                        $verify = false;
+                        break;
+
+                    case 'tentative-return-type':
+                        $tentativeReturnType = true;
+                        break;
+
+                    case 'return':
+                        $docReturnType = $tag->getType();
+                        break;
+
+                    case 'param':
+                        $docParamTypes[$tag->getVariableName()] = $tag->getType();
+                        break;
+
+                    case 'refcount':
+                        $refcount = $tag->getValue();
+                        break;
+
+                    case 'compile-time-eval':
+                        $supportsCompileTimeEval = true;
+                        break;
+
+                    case 'sensitive-param':
+                        $varName = $tag->getVariableName();
+                        if (!isset($paramMeta[$varName])) {
+                            $paramMeta[$varName] = [];
+                        }
+                        $paramMeta[$varName]['sensitive'] = true;
+                        break;
                 }
             }
         }
@@ -2985,6 +3033,7 @@ function parseFunctionLike(
         foreach ($func->getParams() as $i => $param) {
             $varName = $param->var->name;
             $preferRef = !empty($paramMeta[$varName]['preferRef']);
+            $isSensitive = !empty($paramMeta[$varName]['sensitive']);
             unset($paramMeta[$varName]);
 
             if (isset($varNameSet[$varName])) {
@@ -3031,7 +3080,8 @@ function parseFunctionLike(
                 $param->variadic,
                 $type,
                 isset($docParamTypes[$varName]) ? Type::fromString($docParamTypes[$varName]) : null,
-                $param->default ? $prettyPrinter->prettyPrintExpr($param->default) : null
+                $param->default ? $prettyPrinter->prettyPrintExpr($param->default) : null,
+                $isSensitive
             );
             if (!$param->default && !$param->variadic) {
                 $numRequiredArgs = $i + 1;
@@ -3636,14 +3686,26 @@ function (FuncInfo $funcInfo) use($fileInfo, &$generatedFunctionDeclarations) {
     }
 
     if ($fileInfo->generateClassEntries) {
-        if (!empty($fileInfo->constInfos)) {
-            $code .= "\nstatic void register_{$stubFilenameWithoutExtension}_consts(int module_number)\n";
+        $classEntriesWithSensitiveParams = [];
+        $attributeInitializationCode = generateAttributeInitialization($fileInfo, $classEntriesWithSensitiveParams);
+
+        if ($attributeInitializationCode !== "" || !empty($fileInfo->constInfos)) {
+            $code .= "\nstatic void register_{$stubFilenameWithoutExtension}_symbols(int module_number";
+            foreach ($classEntriesWithSensitiveParams as $ce) {
+                $code .= ", zend_class_entry *$ce";
+            }
+            $code .= ")\n";
             $code .= "{\n";
 
             foreach ($fileInfo->constInfos as $constInfo) {
                 $code .= $constInfo->getDeclaration($allConstInfos);
             }
 
+            if (!empty($attributeInitializationCode !== "" && $fileInfo->constInfos)) {
+                $code .= "\n";
+            }
+
+            $code .= $attributeInitializationCode;
             $code .= "}\n";
         }
 
@@ -3686,6 +3748,30 @@ function generateFunctionEntries(?Name $className, array $funcInfos): string {
     return $code;
 }
 
+function generateAttributeInitialization(FileInfo $fileInfo, array &$classEntriesWithSensitiveParams): string {
+    $code = "";
+
+    foreach ($fileInfo->getAllFuncInfos() as $funcInfo) {
+        foreach ($funcInfo->args as $index => $arg) {
+            if (!$arg->isSensitive) {
+                continue;
+            }
+
+            if ($funcInfo->name instanceof MethodName) {
+                $classEntry = "class_entry_" . str_replace("\\", "_", $funcInfo->name->className->toString());
+                $functionTable = "&{$classEntry}->function_table";
+                $classEntriesWithSensitiveParams[] = $classEntry;
+            } else {
+                $functionTable = "CG(function_table)";
+            }
+
+            $code .= "    zend_mark_function_parameter_as_sensitive($functionTable, \"" . $funcInfo->name->getAttributeName() . "\", $index);\n";
+        }
+    }
+
+    return $code;
+}
+
 /** @param FuncInfo<string, FuncInfo> $funcInfos */
 function generateOptimizerInfo(array $funcInfos): string {
 

ext/calendar/calendar.c

@@ -110,7 +110,7 @@ ZEND_GET_MODULE(calendar)
 
 PHP_MINIT_FUNCTION(calendar)
 {
-	register_calendar_consts(module_number);
+	register_calendar_symbols(module_number);
 
 	return SUCCESS;
 }

ext/calendar/calendar_arginfo.h

@@ -117,7 +117,7 @@ static const zend_function_entry ext_functions[] = {
 	ZEND_FE_END
 };
 
-static void register_calendar_consts(int module_number)
+static void register_calendar_symbols(int module_number)
 {
     REGISTER_LONG_CONSTANT("CAL_GREGORIAN", CAL_GREGORIAN, CONST_CS | CONST_PERSISTENT);
     REGISTER_LONG_CONSTANT("CAL_JULIAN", CAL_JULIAN, CONST_CS | CONST_PERSISTENT);

ext/date/php_date_arginfo.h

@@ -748,7 +748,7 @@ static const zend_function_entry class_DatePeriod_methods[] = {
 	ZEND_FE_END
 };
 
-static void register_php_date_consts(int module_number)
+static void register_php_date_symbols(int module_number)
 {
     REGISTER_STRING_CONSTANT("DATE_ATOM", DATE_FORMAT_RFC3339, CONST_CS | CONST_PERSISTENT);
     ZEND_ASSERT(strcmp(DATE_FORMAT_RFC3339, "Y-m-d\\TH:i:sP") == 0);

ext/dom/php_dom.c

@@ -789,7 +789,7 @@ PHP_MINIT_FUNCTION(dom)
 	zend_hash_add_ptr(&classes, dom_xpath_class_entry->name, &dom_xpath_prop_handlers);
 #endif
 
-	register_php_dom_consts(module_number);
+	register_php_dom_symbols(module_number);
 
 	php_libxml_register_export(dom_node_class_entry, php_dom_export_node);
 

ext/dom/php_dom_arginfo.h

@@ -895,7 +895,7 @@ static const zend_function_entry class_DOMXPath_methods[] = {
 	ZEND_FE_END
 };
 
-static void register_php_dom_consts(int module_number)
+static void register_php_dom_symbols(int module_number)
 {
     REGISTER_LONG_CONSTANT("XML_ELEMENT_NODE", XML_ELEMENT_NODE, CONST_CS | CONST_PERSISTENT);
     REGISTER_LONG_CONSTANT("XML_ATTRIBUTE_NODE", XML_ATTRIBUTE_NODE, CONST_CS | CONST_PERSISTENT);

ext/enchant/enchant.c

@@ -207,7 +207,7 @@ PHP_MINIT_FUNCTION(enchant)
 	enchant_dict_handlers.clone_obj = NULL;
 	enchant_dict_handlers.compare = zend_objects_not_comparable;
 
-	register_enchant_consts(module_number);
+	register_enchant_symbols(module_number);
 
 	return SUCCESS;
 }

ext/enchant/enchant_arginfo.h

@@ -158,7 +158,7 @@ static const zend_function_entry class_EnchantDictionary_methods[] = {
 	ZEND_FE_END
 };
 
-static void register_enchant_consts(int module_number)
+static void register_enchant_symbols(int module_number)
 {
     REGISTER_LONG_CONSTANT("ENCHANT_MYSPELL", PHP_ENCHANT_MYSPELL, CONST_CS | CONST_PERSISTENT | CONST_DEPRECATED);
     REGISTER_LONG_CONSTANT("ENCHANT_ISPELL", PHP_ENCHANT_ISPELL, CONST_CS | CONST_PERSISTENT | CONST_DEPRECATED);

ext/exif/exif.c

@@ -166,7 +166,7 @@ PHP_MINIT_FUNCTION(exif)
 {
 	REGISTER_INI_ENTRIES();
 
-	register_exif_consts(module_number);
+	register_exif_symbols(module_number);
 
 	return SUCCESS;
 }

ext/exif/exif_arginfo.h

@@ -38,7 +38,7 @@ static const zend_function_entry ext_functions[] = {
 	ZEND_FE_END
 };
 
-static void register_exif_consts(int module_number)
+static void register_exif_symbols(int module_number)
 {
     REGISTER_LONG_CONSTANT("EXIF_USE_MBSTRING", USE_MBSTRING, CONST_CS | CONST_PERSISTENT);
 }

ext/mysqli/mysqli.c

@@ -32,6 +32,7 @@
 #include "zend_exceptions.h"
 #include "ext/spl/spl_exceptions.h"
 #include "zend_interfaces.h"
+#include "zend_attributes.h"
 #include "mysqli_arginfo.h"
 
 ZEND_DECLARE_MODULE_GLOBALS(mysqli)
@@ -692,6 +693,8 @@ PHP_MINIT_FUNCTION(mysqli)
 	REGISTER_BOOL_CONSTANT("MYSQLI_IS_MARIADB", 0, CONST_CS | CONST_PERSISTENT);
 #endif
 
+	register_mysqli_symbols(module_number, mysqli_link_class_entry);
+
 	mysqlnd_reverse_api_register_api(&mysqli_reverse_api);
 
 	return SUCCESS;

ext/mysqli/mysqli.stub.php

@@ -126,6 +126,7 @@ class mysqli
      */
     public int $warning_count;
 
+    /** @sensitive-param $password */
     public function __construct(
         ?string $hostname = null,
         ?string $username = null,

ext/mysqli/mysqli_arginfo.h

@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: a2f2992afd959a13215bfdfd00096f368b3bc392 */
+ * Stub hash: 794efd97f6eac5e755bed2eb6219173a1ee45321 */
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_MASK_EX(arginfo_mysqli_affected_rows, 0, 1, MAY_BE_LONG|MAY_BE_STRING)
 	ZEND_ARG_OBJ_INFO(0, mysql, mysqli, 0)
@@ -1025,6 +1025,11 @@ static const zend_function_entry class_mysqli_sql_exception_methods[] = {
 	ZEND_FE_END
 };
 
+static void register_mysqli_symbols(int module_number, zend_class_entry *class_entry_mysqli)
+{
+    zend_mark_function_parameter_as_sensitive(&class_entry_mysqli->function_table, "__construct", 2);
+}
+
 static zend_class_entry *register_class_mysqli_driver(void)
 {
 	zend_class_entry ce, *class_entry;