From ab93e3eed22a8e081c0bccec0c75034f273903ba Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Wed, 28 Jun 2023 10:52:05 +0200
Subject: [PATCH] fix(Wopi): Mark sensitive parameter as such

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 lib/AppInfo/Application.php |  5 +++++
 lib/Db/WopiMapper.php       | 10 ++++++++--
 tests/stub.phpstub          |  4 ++++
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php
index a195db0fd0..0a2025d4a1 100644
--- a/lib/AppInfo/Application.php
+++ b/lib/AppInfo/Application.php
@@ -27,6 +27,7 @@
 use OCA\Files_Sharing\Event\ShareLinkAccessedEvent;
 use OCA\Richdocuments\AppConfig;
 use OCA\Richdocuments\Capabilities;
+use OCA\Richdocuments\Db\WopiMapper;
 use OCA\Richdocuments\Listener\BeforeFetchPreviewListener;
 use OCA\Richdocuments\Listener\CSPListener;
 use OCA\Richdocuments\Listener\LoadViewerListener;
@@ -73,6 +74,10 @@ public function register(IRegistrationContext $context): void {
 		$context->registerEventListener(LoadViewer::class, LoadViewerListener::class);
 		$context->registerEventListener(ShareLinkAccessedEvent::class, ShareLinkListener::class);
 		$context->registerEventListener(BeforePreviewFetchedEvent::class, BeforeFetchPreviewListener::class);
+		$context->registerSensitiveMethods(WopiMapper::class, [
+			'getPathForToken',
+			'getWopiForToken',
+		]);
 	}
 
 	public function boot(IBootContext $context): void {
diff --git a/lib/Db/WopiMapper.php b/lib/Db/WopiMapper.php
index 1a5638e495..581a355588 100644
--- a/lib/Db/WopiMapper.php
+++ b/lib/Db/WopiMapper.php
@@ -122,7 +122,10 @@ public function generateInitiatorToken($uid, $remoteServer) {
 	 * @throws ExpiredTokenException
 	 * @throws UnknownTokenException
 	 */
-	public function getPathForToken($token) {
+	public function getPathForToken(
+		#[\SensitiveParameter]
+		$token
+	): Wopi {
 		return $this->getWopiForToken($token);
 	}
 
@@ -136,7 +139,10 @@ public function getPathForToken($token) {
 	 * @throws UnknownTokenException
 	 * @throws ExpiredTokenException
 	 */
-	public function getWopiForToken($token) {
+	public function getWopiForToken(
+		#[\SensitiveParameter]
+		string $token
+	): Wopi {
 		$qb = $this->db->getQueryBuilder();
 		$qb->select('*')
 			->from('richdocuments_wopi')
diff --git a/tests/stub.phpstub b/tests/stub.phpstub
index 5dad761d00..3335120e2f 100644
--- a/tests/stub.phpstub
+++ b/tests/stub.phpstub
@@ -89,3 +89,7 @@ namespace Symfony\Component\HttpFoundation {
 		public static function checkIp(?string $requestIp, $ips) {}
 	}
 }
+
+#[\Attribute(Attribute::TARGET_PARAMETER)]
+class SensitiveParameter {
+}