From cabc652aa22e7eef68c32e07fb957f2f5e86196c Mon Sep 17 00:00:00 2001 From: the-djmaze <> Date: Sun, 3 Dec 2023 21:42:30 +0100 Subject: [PATCH] Simple idea for #1343 --- .../app/libraries/snappymail/http/request.php | 5 ++++- .../app/libraries/snappymail/pgp/gnupg.php | 20 +++++++++++++++---- .../app/libraries/snappymail/pgp/gpg.php | 15 +++++++++++--- .../app/libraries/snappymail/sasl/cram.php | 6 +++++- .../app/libraries/snappymail/sasl/login.php | 5 ++++- .../libraries/snappymail/sasl/oauthbearer.php | 6 +++++- .../app/libraries/snappymail/sasl/plain.php | 5 ++++- .../app/libraries/snappymail/sasl/scram.php | 6 +++++- .../app/libraries/snappymail/sasl/xoauth2.php | 6 +++++- 9 files changed, 60 insertions(+), 14 deletions(-) diff --git a/snappymail/v/0.0.0/app/libraries/snappymail/http/request.php b/snappymail/v/0.0.0/app/libraries/snappymail/http/request.php index 301d87c34..ffbddeea3 100644 --- a/snappymail/v/0.0.0/app/libraries/snappymail/http/request.php +++ b/snappymail/v/0.0.0/app/libraries/snappymail/http/request.php @@ -48,7 +48,10 @@ abstract class Request $this->user_agent = 'SnappyMail/' . APP_VERSION; } - public function setAuth(int $type, string $user, string $pass) : void + public function setAuth(int $type, string $user, + #[\SensitiveParameter] + string $pass + ) : void { $this->auth = [ 'type' => $type, diff --git a/snappymail/v/0.0.0/app/libraries/snappymail/pgp/gnupg.php b/snappymail/v/0.0.0/app/libraries/snappymail/pgp/gnupg.php index 4e420a734..19f979d69 100644 --- a/snappymail/v/0.0.0/app/libraries/snappymail/pgp/gnupg.php +++ b/snappymail/v/0.0.0/app/libraries/snappymail/pgp/gnupg.php @@ -84,7 +84,10 @@ class GnuPG /** * Add a key for decryption */ - public function addDecryptKey(string $fingerprint, string $passphrase) : bool + public function addDecryptKey(string $fingerprint, + #[\SensitiveParameter] + string $passphrase + ) : bool { return $this->handler()->adddecryptkey($fingerprint, $passphrase); } @@ -100,7 +103,10 @@ class GnuPG /** * Add a key for signing */ - public function addSignKey(string $fingerprint, ?string $passphrase) : bool + public function addSignKey(string $fingerprint, + #[\SensitiveParameter] + ?string $passphrase + ) : bool { return $this->handler()->addsignkey($fingerprint, $passphrase); } @@ -218,7 +224,10 @@ class GnuPG /** * Exports a key */ - public function export(string $fingerprint, string $passphrase = '') /*: string|false*/ + public function export(string $fingerprint, + #[\SensitiveParameter] + string $passphrase = '' + ) /*: string|false*/ { if ($passphrase) { return $this->getGPG() @@ -265,7 +274,10 @@ class GnuPG /** * Generates a key */ - public function generateKey(string $uid, string $passphrase) /*: string|false*/ + public function generateKey(string $uid, + #[\SensitiveParameter] + string $passphrase + ) /*: string|false*/ { $GPG = $this->getGPG(false); return $GPG ? $GPG->generateKey($uid, $passphrase) : false; diff --git a/snappymail/v/0.0.0/app/libraries/snappymail/pgp/gpg.php b/snappymail/v/0.0.0/app/libraries/snappymail/pgp/gpg.php index eb02644f7..f5f51252c 100644 --- a/snappymail/v/0.0.0/app/libraries/snappymail/pgp/gpg.php +++ b/snappymail/v/0.0.0/app/libraries/snappymail/pgp/gpg.php @@ -136,7 +136,10 @@ class GPG /** * Add a key for decryption */ - public function addDecryptKey(string $fingerprint, string $passphrase) : bool + public function addDecryptKey(string $fingerprint, + #[\SensitiveParameter] + string $passphrase + ) : bool { $this->decryptKeys[$fingerprint] = $passphrase; // $this->decryptKeys[\substr($fingerprint, -16)] = $passphrase; @@ -155,7 +158,10 @@ class GPG /** * Add a key for signing */ - public function addSignKey(string $fingerprint, string $passphrase) : bool + public function addSignKey(string $fingerprint, + #[\SensitiveParameter] + string $passphrase + ) : bool { $this->signKeys[$fingerprint] = $passphrase; // $this->signKeys[\substr($fingerprint, -16)] = $passphrase; @@ -419,7 +425,10 @@ class GPG return 0; } - public function addPassphrase($keyId, $passphrase) + public function addPassphrase($keyId, + #[\SensitiveParameter] + $passphrase + ) { $this->passphrases[$keyId] = $passphrase; return $this; diff --git a/snappymail/v/0.0.0/app/libraries/snappymail/sasl/cram.php b/snappymail/v/0.0.0/app/libraries/snappymail/sasl/cram.php index 4ed7f6b7e..f321496bd 100644 --- a/snappymail/v/0.0.0/app/libraries/snappymail/sasl/cram.php +++ b/snappymail/v/0.0.0/app/libraries/snappymail/sasl/cram.php @@ -14,7 +14,11 @@ class Cram extends \SnappyMail\SASL $this->algo = $algo; } - public function authenticate(string $authcid, string $passphrase, ?string $challenge = null) : string + public function authenticate(string $authcid, + #[\SensitiveParameter] + string $passphrase, + ?string $challenge = null + ) : string { return $this->encode($authcid . ' ' . \hash_hmac($this->algo, $this->decode($challenge), $passphrase)); } diff --git a/snappymail/v/0.0.0/app/libraries/snappymail/sasl/login.php b/snappymail/v/0.0.0/app/libraries/snappymail/sasl/login.php index 52608a49f..b0d0178c5 100644 --- a/snappymail/v/0.0.0/app/libraries/snappymail/sasl/login.php +++ b/snappymail/v/0.0.0/app/libraries/snappymail/sasl/login.php @@ -7,7 +7,10 @@ class Login extends \SnappyMail\SASL protected $passphrase; - public function authenticate(string $username, string $passphrase, ?string $challenge = null) : string + public function authenticate(string $username, + #[\SensitiveParameter] + string $passphrase, + ?string $challenge = null) : string { // $challenge should be 'VXNlcm5hbWU6', but broken on some systems // See https://github.com/the-djmaze/snappymail/issues/693 diff --git a/snappymail/v/0.0.0/app/libraries/snappymail/sasl/oauthbearer.php b/snappymail/v/0.0.0/app/libraries/snappymail/sasl/oauthbearer.php index 66bfb84a2..412944f84 100644 --- a/snappymail/v/0.0.0/app/libraries/snappymail/sasl/oauthbearer.php +++ b/snappymail/v/0.0.0/app/libraries/snappymail/sasl/oauthbearer.php @@ -9,7 +9,11 @@ namespace SnappyMail\SASL; class OAuthBearer extends \SnappyMail\SASL { - public function authenticate(string $username, string $passphrase, ?string $authzid = null) : string + public function authenticate(string $username, + #[\SensitiveParameter] + string $passphrase, + ?string $authzid = null + ) : string { return $this->encode("n,a={$username},\x01auth=Bearer {$passphrase}\x01\x01"); } diff --git a/snappymail/v/0.0.0/app/libraries/snappymail/sasl/plain.php b/snappymail/v/0.0.0/app/libraries/snappymail/sasl/plain.php index dca6aa103..92ccc0d4f 100644 --- a/snappymail/v/0.0.0/app/libraries/snappymail/sasl/plain.php +++ b/snappymail/v/0.0.0/app/libraries/snappymail/sasl/plain.php @@ -5,7 +5,10 @@ namespace SnappyMail\SASL; class Plain extends \SnappyMail\SASL { - public function authenticate(string $username, string $passphrase, ?string $authzid = null) : string + public function authenticate(string $username, + #[\SensitiveParameter] + string $passphrase, + ?string $authzid = null) : string { return $this->encode("{$authzid}\x00{$username}\x00{$passphrase}"); } diff --git a/snappymail/v/0.0.0/app/libraries/snappymail/sasl/scram.php b/snappymail/v/0.0.0/app/libraries/snappymail/sasl/scram.php index a74c4ecc8..aba911cbc 100644 --- a/snappymail/v/0.0.0/app/libraries/snappymail/sasl/scram.php +++ b/snappymail/v/0.0.0/app/libraries/snappymail/sasl/scram.php @@ -31,7 +31,11 @@ class Scram extends \SnappyMail\SASL $this->algo = $algo; } - public function authenticate(string $authcid, string $passphrase, ?string $authzid = null) : string + public function authenticate(string $authcid, + #[\SensitiveParameter] + string $passphrase, + ?string $authzid = null + ) : string { // SASLprep $authcid = \str_replace(array('=',','), array('=3D','=2C'), $authcid); diff --git a/snappymail/v/0.0.0/app/libraries/snappymail/sasl/xoauth2.php b/snappymail/v/0.0.0/app/libraries/snappymail/sasl/xoauth2.php index bf1563013..6a3462e8f 100644 --- a/snappymail/v/0.0.0/app/libraries/snappymail/sasl/xoauth2.php +++ b/snappymail/v/0.0.0/app/libraries/snappymail/sasl/xoauth2.php @@ -9,7 +9,11 @@ namespace SnappyMail\SASL; class XOAuth2 extends \SnappyMail\SASL { - public function authenticate(string $username, string $passphrase, ?string $authzid = null) : string + public function authenticate(string $username, + #[\SensitiveParameter] + string $passphrase, + ?string $authzid = null + ) : string { return $this->encode("user={$username}\x01auth=Bearer {$passphrase}\x01\x01"); }