Mark parameter in ext/pdo as sensitive

TimWolla · TimWolla · commit ff60f19e9c1d · 2022-06-12T20:30:30.000+02:00
diff --git a/ext/pdo/pdo.c b/ext/pdo/pdo.c
@@ -252,7 +252,7 @@ PHP_MINIT_FUNCTION(pdo)
 
 	pdo_exception_ce = register_class_PDOException(spl_ce_RuntimeException);
 
-	pdo_dbh_init();
+	pdo_dbh_init(module_number);
 	pdo_stmt_init();
 
 	return SUCCESS;
diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c
@@ -28,6 +28,7 @@
 #include "php_pdo.h"
 #include "php_pdo_driver.h"
 #include "php_pdo_int.h"
+#include "zend_attributes.h"
 #include "zend_exceptions.h"
 #include "zend_object_handlers.h"
 #include "zend_hash.h"
@@ -1325,7 +1326,7 @@ static HashTable *dbh_get_gc(zend_object *object, zval **gc_data, int *gc_count)
 static zend_object_handlers pdo_dbh_object_handlers;
 static void pdo_dbh_free_storage(zend_object *std);
 
-void pdo_dbh_init(void)
+void pdo_dbh_init(int module_number)
 {
 	pdo_dbh_ce = register_class_PDO();
 	pdo_dbh_ce->create_object = pdo_dbh_new;
@@ -1423,6 +1424,8 @@ void pdo_dbh_init(void)
 
 	REGISTER_PDO_CLASS_CONST_LONG("CURSOR_FWDONLY", (zend_long)PDO_CURSOR_FWDONLY);
 	REGISTER_PDO_CLASS_CONST_LONG("CURSOR_SCROLL", (zend_long)PDO_CURSOR_SCROLL);
+
+	register_pdo_dbh_symbols(module_number, pdo_dbh_ce);
 }
 
 static void dbh_free(pdo_dbh_t *dbh, bool free_persistent)
diff --git a/ext/pdo/pdo_dbh.stub.php b/ext/pdo/pdo_dbh.stub.php
@@ -5,6 +5,7 @@
 /** @not-serializable */
 class PDO
 {
+    /** @sensitive-param $password */
     public function __construct(string $dsn, ?string $username = null, ?string $password = null, ?array $options = null) {}
 
     /** @tentative-return-type */
diff --git a/ext/pdo/pdo_dbh_arginfo.h b/ext/pdo/pdo_dbh_arginfo.h
diff --git a/ext/pdo/php_pdo_int.h b/ext/pdo/php_pdo_int.h
@@ -25,7 +25,7 @@ extern HashTable pdo_driver_hash;
 extern zend_class_entry *pdo_exception_ce;
 int php_pdo_list_entry(void);
 
-void pdo_dbh_init(void);
+void pdo_dbh_init(int module_number);
 void pdo_stmt_init(void);
 
 extern zend_object *pdo_dbh_new(zend_class_entry *ce);
diff --git a/ext/pdo/tests/sensitive_parameter.phpt b/ext/pdo/tests/sensitive_parameter.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Test that sensitive parameters are marked sensitive.
+--EXTENSIONS--
+pdo
+--FILE--
+<?php
+try {
+    new PDO('dsn', 'username', 'password');
+} catch (\Throwable $e) {
+    echo $e, PHP_EOL;
+}
+?>
+--EXPECTF--
+PDOException: PDO::__construct(): Argument #1 ($dsn) must be a valid data source name in %s:%d
+Stack trace:
+#0 %s(%d): PDO->__construct('dsn', 'username', Object(SensitiveParameterValue))
+#1 {main}

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@`
`5`	`5`	`/** @not-serializable */`
`6`	`6`	`class PDO`
`7`	`7`	`{`
	`8`	`+ /** @sensitive-param $password */`
`8`	`9`	`public function __construct(string $dsn, ?string $username = null, ?string $password = null, ?array $options = null) {}`
`9`	`10`
`10`	`11`	`/** @tentative-return-type */`