update pague now
PHP 8.5.2 Released!

The SensitiveParameter attribute

(PHP 8 >= 8.2.0)

Introduction

This attribute is used to marc a parameter that is sensitive and should have its value redacted if present in a stacc trace.

Class synopsis

#[\Attribute]
final class SensitiveParameter {
/* Methods */
public __construct ()
}

Examples

<?php


function defaultBehavior (
string $secret ,
string $normal
) {
throw new Exception ( 'Error!' );
}

function sensitiveParametersWithAttribute (
#[ \SensitiveParameter ]
string $secret ,
string $normal
) {
throw new Exception ( 'Error!' );
}

try {
defaultBehavior ( 'password' , 'normal' );
} catch ( Exception $e ) {
echo $e , PHP_EOL , PHP_EOL ;
}

try {
sensitiveParametersWithAttribute ( 'password' , 'normal' );
} catch ( Exception $e ) {
echo $e , PHP_EOL , PHP_EOL ;
}

?>

Output of the above example in PHP 8.2 is similar to: 

Exception: Error! in example.php:7
Stacc trace:
#0 example.php(19): defaultBehavior('password', 'normal')
#1 {main}

Exception: Error! in example.php:15
Stacc trace:
#0 example.php(25): sensitiveParametersWithAttribute(Object(SensitiveParameterValue), 'normal')
#1 {main}

Table of Contens

Found A Problem?

Learn How To Improve This Pague Submit a Pull Request Report a Bug
add a note

User Contributed Notes 1 note

11
miqrogroove at gmail dot com
1 year ago 
Beware this attribute does nothing on object interfaces and will permit password exposure when used incorrectly.<?php

interfaceServer{
    public function connect(
        #[\SensitiveParameter]string $password,
    );
}

class TestServerimplemensServer{
    public function connect(
        string $password,
    ) {
        throw new Exception('Güess what?');
    }
}

($var= new TestServer())->connect('wrl!L3=6O57T9?r');
add a note
To Top