Mark parameter in ext/mysqli as sensitive

TimWolla · TimWolla · commit c2bee2227626 · 2022-06-10T14:56:02.000+02:00
diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c
@@ -29,6 +29,7 @@
 #include "php_mysqli.h"
 #include "php_mysqli_structs.h"
 #include "mysqli_priv.h"
+#include "zend_attributes.h"
 #include "zend_exceptions.h"
 #include "ext/spl/spl_exceptions.h"
 #include "zend_interfaces.h"
diff --git a/ext/mysqli/mysqli.stub.php b/ext/mysqli/mysqli.stub.php
@@ -149,6 +149,7 @@ public function autocommit(bool $enable): bool {}
     public function begin_transaction(int $flags = 0, ?string $name = null): bool {}
 
     /**
+     * @sensitive-param $password
      * @tentative-return-type
      * @alias mysqli_change_user
      */
@@ -174,6 +175,7 @@ public function close() {} // TODO make return type void
     public function commit(int $flags = 0, ?string $name = null): bool {}
 
     /**
+     * @sensitive-param $password
      * @tentative-return-type
      * @alias mysqli_connect
      * @no-verify
@@ -287,6 +289,7 @@ public function prepare(string $query): mysqli_stmt|false {}
     public function query(string $query, int $result_mode = MYSQLI_STORE_RESULT): mysqli_result|bool {}
 
     /**
+     * @sensitive-param $password
      * @tentative-return-type
      * @alias mysqli_real_connect
      */
@@ -740,6 +743,7 @@ function mysqli_autocommit(mysqli $mysql, bool $enable): bool {}
 
 function mysqli_begin_transaction(mysqli $mysql, int $flags = 0, ?string $name = null): bool {}
 
+/** @sensitive-param $password */
 function mysqli_change_user(mysqli $mysql, string $username, string $password, ?string $database): bool {}
 
 /** @refcount 1 */
@@ -750,7 +754,10 @@ function mysqli_close(mysqli $mysql): bool {} // TODO make return type void
 
 function mysqli_commit(mysqli $mysql, int $flags = 0, ?string $name = null): bool {}
 
-/** @refcount 1 */
+/**
+ * @refcount 1
+ * @sensitive-param $password
+ */
 function mysqli_connect(
     ?string $hostname = null,
     ?string $username = null,
@@ -925,6 +932,7 @@ function mysqli_report(int $flags): bool {}
 /** @refcount 1 */
 function mysqli_query(mysqli $mysql, string $query, int $result_mode = MYSQLI_STORE_RESULT): mysqli_result|bool {}
 
+/** @sensitive-param $password */
 function mysqli_real_connect(
     mysqli $mysql,
     ?string $hostname = null,
diff --git a/ext/mysqli/mysqli_arginfo.h b/ext/mysqli/mysqli_arginfo.h
@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: 794efd97f6eac5e755bed2eb6219173a1ee45321 */
+ * Stub hash: db2ec0349b8b40e9352569e08cb4a3bd253f0255 */
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_MASK_EX(arginfo_mysqli_affected_rows, 0, 1, MAY_BE_LONG|MAY_BE_STRING)
 	ZEND_ARG_OBJ_INFO(0, mysql, mysqli, 0)
@@ -1027,7 +1027,13 @@ static const zend_function_entry class_mysqli_sql_exception_methods[] = {
 
 static void register_mysqli_symbols(int module_number, zend_class_entry *class_entry_mysqli)
 {
+    zend_mark_function_parameter_as_sensitive(CG(function_table), "mysqli_change_user", 2);
+    zend_mark_function_parameter_as_sensitive(CG(function_table), "mysqli_connect", 2);
+    zend_mark_function_parameter_as_sensitive(CG(function_table), "mysqli_real_connect", 3);
     zend_mark_function_parameter_as_sensitive(&class_entry_mysqli->function_table, "__construct", 2);
+    zend_mark_function_parameter_as_sensitive(&class_entry_mysqli->function_table, "change_user", 1);
+    zend_mark_function_parameter_as_sensitive(&class_entry_mysqli->function_table, "connect", 2);
+    zend_mark_function_parameter_as_sensitive(&class_entry_mysqli->function_table, "real_connect", 2);
 }
 
 static zend_class_entry *register_class_mysqli_driver(void)
