Add sensitive parameter

src/Command/GenerateIndexesCommand.php

@@ -16,13 +16,13 @@
 use Symfony\Component\Process\PhpExecutableFinder;
 use Symfony\Component\Process\Process;
 
-#[AsCommand(name: 'odb:enc:indexes', description: 'Determine the Blind Index plan for a given field.')]
+#[AsCommand(name: 'odb:enc:indexes', description: 'Generates matching indexes')]
 class GenerateIndexesCommand extends Command
 {
     /** @deprecated  */
     protected static $defaultName = self::CONSOLE_CMD;
     /** @deprecated  */
-    protected static $defaultDescription = 'Determine the Blind Index plan for a given field.';
+    protected static $defaultDescription = 'Generates matching indexes';
 
     protected static string $defaultAlias = 'o:e:i';
 
@@ -124,7 +124,7 @@ protected function validateParallelOptions(InputInterface $input): array
      *
      * @throws MissingPropertyFromReflectionException
      */
-    protected function initAndRunFiltersGenerationSubProcesses(string $className, array $parallelConfig): void
+    protected function initAndRunFiltersGenerationSubProcesses(#[\SensitiveParameter] string $className, array $parallelConfig): void
     {
 
         $start = time();
@@ -190,7 +190,7 @@ private function runProcesses(array $pools): void
     /**
      * @throws MissingPropertyFromReflectionException
      */
-    protected function regenerateFiltersByFieldnameAndIds(string $className, ?string $fieldnames, ?string $ids, bool $purge = false): void
+    protected function regenerateFiltersByFieldnameAndIds(#[\SensitiveParameter] string $className, #[\SensitiveParameter] ?string $fieldnames, ?string $ids, bool $purge = false): void
     {
         $fieldnamesAr = $fieldnames !== null ? explode(',', $fieldnames) : null;
         $idsAr = $ids !== null ? explode(',', $ids) : null;

src/Encryptors/CiphersweetEncryptor.php

@@ -36,7 +36,7 @@ public function __construct(CipherSweet $engine)
      * @throws BlindIndexNameCollisionException
      * @throws \SodiumException
      */
-    public function prepareForStorage(object $entity, string $fieldName, string $string, bool $index = true, int $filterBits = self::DEFAULT_FILTER_BITS, bool $fastIndexing = self::DEFAULT_FAST_INDEXING): array
+    public function prepareForStorage(#[\SensitiveParameter] object $entity, #[\SensitiveParameter] string $fieldName, #[\SensitiveParameter] string $string, bool $index = true, int $filterBits = self::DEFAULT_FILTER_BITS, bool $fastIndexing = self::DEFAULT_FAST_INDEXING): array
     {
         $entitClassName = \get_class($entity);
 
@@ -74,7 +74,7 @@ public function prepareForStorage(object $entity, string $fieldName, string $str
      * @throws BlindIndexNameCollisionException
      * @throws \SodiumException
      */
-    protected function doEncrypt(string $entitClassName, string $fieldName, string $string, bool $index = true, int $filterBits = self::DEFAULT_FILTER_BITS, bool $fastIndexing = self::DEFAULT_FAST_INDEXING): array
+    protected function doEncrypt(#[\SensitiveParameter] string $entitClassName, #[\SensitiveParameter] string $fieldName, #[\SensitiveParameter] string $string, bool $index = true, int $filterBits = self::DEFAULT_FILTER_BITS, bool $fastIndexing = self::DEFAULT_FAST_INDEXING): array
     {
         $encryptedField =  (new EncryptedField($this->engine, $entitClassName, $fieldName));
         if ($index) {
@@ -103,7 +103,7 @@ protected function doEncrypt(string $entitClassName, string $fieldName, string $
      * @throws CipherSweetException
      * @throws CryptoOperationException
      */
-    public function decrypt(string $entityClassName, string $fieldName, string $string, int $filterBits = self::DEFAULT_FILTER_BITS, bool $fastIndexing = self::DEFAULT_FAST_INDEXING): string
+    public function decrypt(#[\SensitiveParameter] string $entityClassName, #[\SensitiveParameter] string $fieldName, #[\SensitiveParameter] string $string, int $filterBits = self::DEFAULT_FILTER_BITS, bool $fastIndexing = self::DEFAULT_FAST_INDEXING): string
     {
         // If $string is not encrypted, we return it as is.
         if (!$this->isValueEncrypted($string)) {
@@ -121,7 +121,7 @@ public function decrypt(string $entityClassName, string $fieldName, string $stri
      * @throws CipherSweetException
      * @throws CryptoOperationException
      */
-    protected function doDecrypt(string $entityClassName, string $fieldName, string $string): string
+    protected function doDecrypt(#[\SensitiveParameter] string $entityClassName, #[\SensitiveParameter] string $fieldName, #[\SensitiveParameter] string $string): string
     {
         $decryptedValue = (new EncryptedField($this->engine, $entityClassName, $fieldName))
             ->decryptValue($string);
@@ -141,7 +141,7 @@ protected function doDecrypt(string $entityClassName, string $fieldName, string
      * @throws BlindIndexNameCollisionException
      * @throws \SodiumException
      */
-    public function getBlindIndex(string $entityName, string $fieldName, string $value, int $filterBits = self::DEFAULT_FILTER_BITS, bool $fastIndexing = self::DEFAULT_FAST_INDEXING): string
+    public function getBlindIndex(#[\SensitiveParameter] string $entityName, #[\SensitiveParameter] string $fieldName, #[\SensitiveParameter] string $value, int $filterBits = self::DEFAULT_FILTER_BITS, bool $fastIndexing = self::DEFAULT_FAST_INDEXING): string
     {
         if (isset($this->biCache[$entityName][$fieldName][$value])) {
             return $this->biCache[$entityName][$fieldName][$value];
@@ -157,7 +157,7 @@ public function getBlindIndex(string $entityName, string $fieldName, string $val
      * @throws BlindIndexNameCollisionException
      * @throws \SodiumException
      */
-    protected function doGetBlindIndex(string $entityName, string $fieldName, string $value, int $filterBits = self::DEFAULT_FILTER_BITS, bool $fastIndexing = self::DEFAULT_FAST_INDEXING): string
+    protected function doGetBlindIndex(#[\SensitiveParameter] string $entityName, #[\SensitiveParameter] string $fieldName, #[\SensitiveParameter] string $value, int $filterBits = self::DEFAULT_FILTER_BITS, bool $fastIndexing = self::DEFAULT_FAST_INDEXING): string
     {
         $index = (new EncryptedField($this->engine, $entityName, $fieldName))
             ->addBlindIndex(
@@ -178,9 +178,9 @@ public function getPrefix(): string
         return $this->engine->getBackend()->getPrefix();
     }
 
-    public function isValueEncrypted(?string $value): bool
+    public function isValueEncrypted(#[\SensitiveParameter] ?string $value): bool
     {
-        return $value !== null && strpos($value, $this->getPrefix()) === 0;
+        return $value !== null && str_starts_with($value, $this->getPrefix());
     }
 
     public function reset(): void

src/Encryptors/EncryptorInterface.php

@@ -18,22 +18,22 @@ public function __construct(CipherSweet $engine);
      *
      * @return array{0:string, 1: array<string, string>}
      */
-    public function prepareForStorage(object $entity, string $fieldName, string $string, bool $index = true, int $filterBits = self::DEFAULT_FILTER_BITS, bool $fastIndexing = self::DEFAULT_FAST_INDEXING): array;
+    public function prepareForStorage(#[\SensitiveParameter] object $entity, #[\SensitiveParameter] string $fieldName, #[\SensitiveParameter] string $string, bool $index = true, int $filterBits = self::DEFAULT_FILTER_BITS, bool $fastIndexing = self::DEFAULT_FAST_INDEXING): array;
 
     /**
      * Decrypt a value
      */
-    public function decrypt(string $entityClassName, string $fieldName, string $string, int $filterBits = self::DEFAULT_FILTER_BITS, bool $fastIndexing = self::DEFAULT_FAST_INDEXING): string;
+    public function decrypt(#[\SensitiveParameter] string $entityClassName, #[\SensitiveParameter] string $fieldName, #[\SensitiveParameter] string $string, int $filterBits = self::DEFAULT_FILTER_BITS, bool $fastIndexing = self::DEFAULT_FAST_INDEXING): string;
 
     /**
      * Get the blind index of the field
      */
-    public function getBlindIndex(string $entityName, string $fieldName, string $value, int $filterBits = self::DEFAULT_FILTER_BITS, bool $fastIndexing = self::DEFAULT_FAST_INDEXING): string;
+    public function getBlindIndex(#[\SensitiveParameter] string $entityName, #[\SensitiveParameter] string $fieldName, #[\SensitiveParameter] string $value, int $filterBits = self::DEFAULT_FILTER_BITS, bool $fastIndexing = self::DEFAULT_FAST_INDEXING): string;
 
     /**
      * Get the prefix of the encryptor
      */
     public function getPrefix(): string;
 
-    public function isValueEncrypted(?string $value): bool;
+    public function isValueEncrypted(#[\SensitiveParameter] ?string $value): bool;
 }

src/Entity/IndexedEntityAttributeTrait.php

@@ -35,7 +35,7 @@ public function getFieldname(): string
         return $this->fieldname;
     }
 
-    public function setFieldname(string $fieldname): self
+    public function setFieldname(#[\SensitiveParameter] string $fieldname): self
     {
         $this->fieldname = $fieldname;
         return $this;
@@ -46,7 +46,7 @@ public function getTargetEntity(): object
         return $this->targetEntity;
     }
 
-    public function setTargetEntity(?object $targetEntity): self
+    public function setTargetEntity(#[\SensitiveParameter] ?object $targetEntity): self
     {
         $this->targetEntity = $targetEntity;
         return $this;
@@ -57,7 +57,7 @@ public function getIndexBi(): string
         return $this->indexBi;
     }
 
-    public function setIndexBi(string $indexBi): self
+    public function setIndexBi(#[\SensitiveParameter] string $indexBi): self
     {
         $this->indexBi = $indexBi;
         return $this;

src/Entity/IndexedEntityTrait.php

@@ -42,7 +42,7 @@ public function getFieldname(): string
         return $this->fieldname;
     }
 
-    public function setFieldname(string $fieldname): self
+    public function setFieldname(#[\SensitiveParameter] string $fieldname): self
     {
         $this->fieldname = $fieldname;
         return $this;
@@ -53,7 +53,7 @@ public function getTargetEntity(): object
         return $this->targetEntity;
     }
 
-    public function setTargetEntity(?object $targetEntity): self
+    public function setTargetEntity(#[\SensitiveParameter] ?object $targetEntity): self
     {
         $this->targetEntity = $targetEntity;
         return $this;
@@ -64,7 +64,7 @@ public function getIndexBi(): string
         return $this->indexBi;
     }
 
-    public function setIndexBi(string $indexBi): self
+    public function setIndexBi(#[\SensitiveParameter] string $indexBi): self
     {
         $this->indexBi = $indexBi;
         return $this;

src/Services/IndexableFieldsService.php

@@ -33,7 +33,7 @@ public function __construct(?Reader $annReader, EntityManagerInterface $em, Inde
     /**
      * Chunks all data ID of the entity
      */
-    public function getChunksForMultiThread(string $className, int $chuncksLength): array
+    public function getChunksForMultiThread(#[\SensitiveParameter] string $className, int $chuncksLength): array
     {
         $repo = $this->em->getRepository($className);
         $result = $repo->createQueryBuilder('c')
@@ -51,7 +51,7 @@ public function getChunksForMultiThread(string $className, int $chuncksLength):
      *
      * @throws MissingPropertyFromReflectionException
      */
-    public function buildContext(string $className, ?array $fieldNames): array
+    public function buildContext(#[\SensitiveParameter] string $className, #[\SensitiveParameter] ?array $fieldNames): array
     {
         $contexts = [];
 
@@ -125,7 +125,7 @@ public function purgeFiltersForContextAndIds(array $fieldsContexts, ?array $ids)
      * @param null|array<int, string> $ids
      * @param array<int, array{refProperty: \ReflectionProperty, indexableConfig: IndexableField}> $fieldsContexts
      */
-    public function handleFilterableFieldsForChunck(string $className, ?array $ids, array $fieldsContexts, bool $runtimeMode = false): void
+    public function handleFilterableFieldsForChunck(#[\SensitiveParameter] string $className, ?array $ids, array $fieldsContexts, bool $runtimeMode = false): void
     {
         $chunck = $this->em->getRepository($className)->findBy(!empty($ids) ? ['id' => $ids] : []);
         foreach ($chunck as $entity) {
@@ -141,7 +141,7 @@ public function handleFilterableFieldsForChunck(string $className, ?array $ids,
      *
      * @throws UndefinedGeneratorException|\ReflectionException
      */
-    public function handleIndexableFieldsForEntity(object $entity, array $fieldsContexts, bool $runtimeMode = false): void
+    public function handleIndexableFieldsForEntity(#[\SensitiveParameter] object $entity, array $fieldsContexts, bool $runtimeMode = false): void
     {
         $className = get_class($entity);
         $searchIndexes = $this->generateIndexableValuesForEntity($entity, $fieldsContexts);
@@ -198,7 +198,7 @@ public function handleIndexableFieldsForEntity(object $entity, array $fieldsCont
      *
      * @throws UndefinedGeneratorException
      */
-    public function generateIndexableValuesForEntity(object $entity, array $fieldsContexts): array
+    public function generateIndexableValuesForEntity(#[\SensitiveParameter] object $entity, array $fieldsContexts): array
     {
         $searchIndexes = [];
 

src/Services/IndexesGenerator.php

@@ -29,7 +29,7 @@ public function __construct(ServiceLocator $container, EncryptorInterface $encry
      *
      * @throws UndefinedGeneratorException
      */
-    public function generateAndEncryptFilters(string $value, array $methods): array
+    public function generateAndEncryptFilters(#[\SensitiveParameter] string $value, array $methods): array
     {
         $possibleValuesAr = [$value];
 
@@ -59,7 +59,7 @@ public function generateAndEncryptFilters(string $value, array $methods): array
      *
      * @return array<int, string>
      */
-    public function generateBlindIndexesFromPossibleValues(string $entityName, string $fieldName, array $possibleValues, bool $fastIndexing): array
+    public function generateBlindIndexesFromPossibleValues(#[\SensitiveParameter] string $entityName, #[\SensitiveParameter] string $fieldName, #[\SensitiveParameter] array $possibleValues, bool $fastIndexing): array
     {
         $possibleValues = array_unique($possibleValues);
 

src/Services/PropertyHydratorService.php

@@ -25,7 +25,7 @@ public function __construct(PropertyInfoExtractorInterface $propertyInfoExtracto
     /**
      * @param mixed $value
      */
-    public function getMappedFieldValueAsString(object $entity, ?string $propertyName, $value): string
+    public function getMappedFieldValueAsString(#[\SensitiveParameter] object $entity, #[\SensitiveParameter] ?string $propertyName, #[\SensitiveParameter] $value): string
     {
         if ($propertyName !== null) {
             $value = $this->propertyAccessor->getValue($entity, $propertyName);
@@ -34,7 +34,7 @@ public function getMappedFieldValueAsString(object $entity, ?string $propertyNam
         return (string) $value;
     }
 
-    public function setValueToMappedField(object $entity, string $value, ?string $propertyName): void
+    public function setValueToMappedField(#[\SensitiveParameter] object $entity, #[\SensitiveParameter] string $value, #[\SensitiveParameter] ?string $propertyName): void
     {
         if ($propertyName === null) {
             return;