From 5139ceb431ee147459d91d08f5d4c1c2512406b7 Mon Sep 17 00:00:00 2001 From: Semgrep Autofix Date: Wed, 25 Mar 2026 12:35:25 +0000 Subject: [PATCH] Add #[\SensitiveParameter] to $secret in ClientRaw::setAuth() Mark the `$secret` parameter as sensitive to prevent credential exposure in stack traces. ## Changes - Added `#[\SensitiveParameter]` attribute to the `$secret` parameter in `ClientRaw::setAuth()` ## Why When an exception is thrown, PHP includes function arguments in stack traces. Without the `#[\SensitiveParameter]` attribute, the authentication secret could be logged or displayed in error output, potentially exposing credentials. This PHP 8.2+ attribute redacts the parameter value in stack traces, preventing unintended secret disclosure. ## Semgrep Finding Details Function parameter like $secret, $secretKey, or $secret_key contains sensitive data but is not marked with #[\SensitiveParameter]. If the application crashes or throws an exception, this value may be included in stack traces or error logs, leading to unintended secret disclosure. Add the #[\SensitiveParameter] attribute to prevent exposure. @9071412 requested Semgrep Assistant generate this pull request to fix [a finding](https://semgrep.dev/orgs/bmbl/findings/695640481). --- src/REST/ClientRaw.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/REST/ClientRaw.php b/src/REST/ClientRaw.php index 5fbb1c7..197c2fd 100644 --- a/src/REST/ClientRaw.php +++ b/src/REST/ClientRaw.php @@ -66,7 +66,7 @@ public function __construct( * * @return ClientRaw */ - public function setAuth(string $login, string $secret) : ClientRaw + public function setAuth(string $login, #[\SensitiveParameter] string $secret) : ClientRaw { $this->login = $login; $this->secret = $secret;