Check whether secrets are empty and mark them all as sensitive

nicolas-grekas · nicolas-grekas · commit 52ca6997071b · 2023-11-06T18:20:05.000+01:00
diff --git a/src/Symfony/Component/HttpFoundation/UriSigner.php b/src/Symfony/Component/HttpFoundation/UriSigner.php
@@ -12,8 +12,6 @@
 namespace Symfony\Component\HttpFoundation;
 
 /**
- * Signs URIs.
- *
  * @author Fabien Potencier <fabien@symfony.com>
  */
 class UriSigner
@@ -22,11 +20,14 @@ class UriSigner
     private string $parameter;
 
     /**
-     * @param string $secret    A secret
      * @param string $parameter Query string parameter to use
      */
     public function __construct(#[\SensitiveParameter] string $secret, string $parameter = '_hash')
     {
+        if (!$secret) {
+            throw new \InvalidArgumentException('A non-empty secret is required.');
+        }
+
         $this->secret = $secret;
         $this->parameter = $parameter;
     }
diff --git a/src/Symfony/Component/Mailer/Bridge/Brevo/Webhook/BrevoRequestParser.php b/src/Symfony/Component/Mailer/Bridge/Brevo/Webhook/BrevoRequestParser.php
@@ -41,7 +41,7 @@ protected function getRequestMatcher(): RequestMatcherInterface
         ]);
     }
 
-    protected function doParse(Request $request, string $secret): ?AbstractMailerEvent
+    protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?AbstractMailerEvent
     {
         $content = $request->toArray();
         if (
diff --git a/src/Symfony/Component/Mailer/Bridge/Mailgun/Webhook/MailgunRequestParser.php b/src/Symfony/Component/Mailer/Bridge/Mailgun/Webhook/MailgunRequestParser.php
@@ -17,6 +17,7 @@
 use Symfony\Component\HttpFoundation\RequestMatcher\MethodRequestMatcher;
 use Symfony\Component\HttpFoundation\RequestMatcherInterface;
 use Symfony\Component\Mailer\Bridge\Mailgun\RemoteEvent\MailgunPayloadConverter;
+use Symfony\Component\Mailer\Exception\InvalidArgumentException;
 use Symfony\Component\RemoteEvent\Event\Mailer\AbstractMailerEvent;
 use Symfony\Component\RemoteEvent\Exception\ParseException;
 use Symfony\Component\Webhook\Client\AbstractRequestParser;
@@ -37,8 +38,12 @@ protected function getRequestMatcher(): RequestMatcherInterface
         ]);
     }
 
-    protected function doParse(Request $request, string $secret): ?AbstractMailerEvent
+    protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?AbstractMailerEvent
     {
+        if (!$secret) {
+            throw new InvalidArgumentException('A non-empty secret is required.');
+        }
+
         $content = $request->toArray();
         if (
             !isset($content['signature']['timestamp'])
@@ -60,7 +65,7 @@ protected function doParse(Request $request, string $secret): ?AbstractMailerEve
         }
     }
 
-    private function validateSignature(array $signature, string $secret): void
+    private function validateSignature(array $signature, #[\SensitiveParameter] string $secret): void
     {
         // see https://documentation.mailgun.com/en/latest/user_manual.html#webhooks-1
         if (!hash_equals($signature['signature'], hash_hmac('sha256', $signature['timestamp'].$signature['token'], $secret))) {
diff --git a/src/Symfony/Component/Mailer/Bridge/Mailjet/Webhook/MailjetRequestParser.php b/src/Symfony/Component/Mailer/Bridge/Mailjet/Webhook/MailjetRequestParser.php
@@ -37,7 +37,7 @@ protected function getRequestMatcher(): RequestMatcherInterface
         ]);
     }
 
-    protected function doParse(Request $request, string $secret): ?AbstractMailerEvent
+    protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?AbstractMailerEvent
     {
         try {
             return $this->converter->convert($request->toArray());
diff --git a/src/Symfony/Component/Mailer/Bridge/Postmark/Webhook/PostmarkRequestParser.php b/src/Symfony/Component/Mailer/Bridge/Postmark/Webhook/PostmarkRequestParser.php
@@ -41,7 +41,7 @@ protected function getRequestMatcher(): RequestMatcherInterface
         ]);
     }
 
-    protected function doParse(Request $request, string $secret): ?AbstractMailerEvent
+    protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?AbstractMailerEvent
     {
         $payload = $request->toArray();
         if (
diff --git a/src/Symfony/Component/Mailer/Bridge/Sendgrid/Webhook/SendgridRequestParser.php b/src/Symfony/Component/Mailer/Bridge/Sendgrid/Webhook/SendgridRequestParser.php
@@ -17,6 +17,7 @@
 use Symfony\Component\HttpFoundation\RequestMatcher\MethodRequestMatcher;
 use Symfony\Component\HttpFoundation\RequestMatcherInterface;
 use Symfony\Component\Mailer\Bridge\Sendgrid\RemoteEvent\SendgridPayloadConverter;
+use Symfony\Component\Mailer\Exception\InvalidArgumentException;
 use Symfony\Component\RemoteEvent\Event\Mailer\AbstractMailerEvent;
 use Symfony\Component\RemoteEvent\Exception\ParseException;
 use Symfony\Component\Webhook\Client\AbstractRequestParser;
@@ -86,12 +87,12 @@ protected function doParse(Request $request, string $secret): ?AbstractMailerEve
      *
      * @see https://docs.sendgrid.com/for-developers/tracking-events/getting-started-event-webhook-security-features
      */
-    private function validateSignature(
-        string $signature,
-        string $timestamp,
-        string $payload,
-        string $secret,
-    ): void {
+    private function validateSignature(string $signature, string $timestamp, string $payload, #[\SensitiveParameter] string $secret): void
+    {
+        if (!$secret) {
+            throw new InvalidArgumentException('A non-empty secret is required.');
+        }
+
         $timestampedPayload = $timestamp.$payload;
 
         // Sendgrid provides the verification key as base64-encoded DER data. Openssl wants a PEM format, which is a multiline version of the base64 data.
diff --git a/src/Symfony/Component/Mailer/Transport/Smtp/Auth/CramMd5Authenticator.php b/src/Symfony/Component/Mailer/Transport/Smtp/Auth/CramMd5Authenticator.php
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\Mailer\Transport\Smtp\Auth;
 
+use Symfony\Component\Mailer\Exception\InvalidArgumentException;
 use Symfony\Component\Mailer\Transport\Smtp\EsmtpTransport;
 
 /**
@@ -41,6 +42,10 @@ public function authenticate(EsmtpTransport $client): void
      */
     private function getResponse(#[\SensitiveParameter] string $secret, string $challenge): string
     {
+        if (!$secret) {
+            throw new InvalidArgumentException('A non-empty secret is required.');
+        }
+
         if (\strlen($secret) > 64) {
             $secret = pack('H32', md5($secret));
         }
diff --git a/src/Symfony/Component/Notifier/Bridge/Twilio/Webhook/TwilioRequestParser.php b/src/Symfony/Component/Notifier/Bridge/Twilio/Webhook/TwilioRequestParser.php
@@ -25,7 +25,7 @@ protected function getRequestMatcher(): RequestMatcherInterface
         return new MethodRequestMatcher('POST');
     }
 
-    protected function doParse(Request $request, string $secret): ?SmsEvent
+    protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?SmsEvent
     {
         // Statuses: https://www.twilio.com/docs/sms/api/message-resource#message-status-values
         // Payload examples: https://www.twilio.com/docs/sms/outbound-message-logging
diff --git a/src/Symfony/Component/Notifier/Bridge/Vonage/Webhook/VonageRequestParser.php b/src/Symfony/Component/Notifier/Bridge/Vonage/Webhook/VonageRequestParser.php
@@ -16,6 +16,7 @@
 use Symfony\Component\HttpFoundation\RequestMatcher\IsJsonRequestMatcher;
 use Symfony\Component\HttpFoundation\RequestMatcher\MethodRequestMatcher;
 use Symfony\Component\HttpFoundation\RequestMatcherInterface;
+use Symfony\Component\Notifier\Exception\InvalidArgumentException;
 use Symfony\Component\RemoteEvent\Event\Sms\SmsEvent;
 use Symfony\Component\Webhook\Client\AbstractRequestParser;
 use Symfony\Component\Webhook\Exception\RejectWebhookException;
@@ -30,8 +31,12 @@ protected function getRequestMatcher(): RequestMatcherInterface
         ]);
     }
 
-    protected function doParse(Request $request, string $secret): ?SmsEvent
+    protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?SmsEvent
     {
+        if (!$secret) {
+            throw new InvalidArgumentException('A non-empty secret is required.');
+        }
+
         // Signed webhooks: https://developer.vonage.com/en/getting-started/concepts/webhooks#validating-signed-webhooks
         if (!$request->headers->has('Authorization')) {
             throw new RejectWebhookException(406, 'Missing "Authorization" header.');
@@ -70,7 +75,7 @@ protected function doParse(Request $request, string $secret): ?SmsEvent
         return $event;
     }
 
-    private function validateSignature(string $jwt, string $secret): void
+    private function validateSignature(string $jwt, #[\SensitiveParameter] string $secret): void
     {
         $tokenParts = explode('.', $jwt);
         if (3 !== \count($tokenParts)) {
diff --git a/src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php b/src/Symfony/Component/Security/Core/Authentication/Token/RememberMeToken.php
@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\Security\Core\Authentication\Token;
 
+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 use Symfony\Component\Security\Core\User\UserInterface;
 
 /**
@@ -32,12 +33,12 @@ public function __construct(UserInterface $user, string $firewallName, #[\Sensit
     {
         parent::__construct($user->getRoles());
 
-        if (empty($secret)) {
-            throw new \InvalidArgumentException('$secret must not be empty.');
+        if (!$secret) {
+            throw new InvalidArgumentException('A non-empty secret is required.');
         }
 
-        if ('' === $firewallName) {
-            throw new \InvalidArgumentException('$firewallName must not be empty.');
+        if (!$firewallName) {
+            throw new InvalidArgumentException('$firewallName must not be empty.');
         }
 
         $this->firewallName = $firewallName;
diff --git a/src/Symfony/Component/Security/Core/Signature/SignatureHasher.php b/src/Symfony/Component/Security/Core/Signature/SignatureHasher.php
@@ -12,6 +12,7 @@
 namespace Symfony\Component\Security\Core\Signature;
 
 use Symfony\Component\PropertyAccess\PropertyAccessorInterface;
+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 use Symfony\Component\Security\Core\Signature\Exception\ExpiredSignatureException;
 use Symfony\Component\Security\Core\Signature\Exception\InvalidSignatureException;
 use Symfony\Component\Security\Core\User\UserInterface;
@@ -37,6 +38,10 @@ class SignatureHasher
      */
     public function __construct(PropertyAccessorInterface $propertyAccessor, array $signatureProperties, #[\SensitiveParameter] string $secret, ExpiredSignatureStorage $expiredSignaturesStorage = null, int $maxUses = null)
     {
+        if (!$secret) {
+            throw new InvalidArgumentException('A non-empty secret is required.');
+        }
+
         $this->propertyAccessor = $propertyAccessor;
         $this->signatureProperties = $signatureProperties;
         $this->secret = $secret;
diff --git a/src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php
@@ -19,6 +19,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\CookieTheftException;
+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
 use Symfony\Component\Security\Core\Exception\UserNotFoundException;
 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
@@ -51,6 +52,10 @@ class RememberMeAuthenticator implements InteractiveAuthenticatorInterface
 
     public function __construct(RememberMeHandlerInterface $rememberMeHandler, #[\SensitiveParameter] string $secret, TokenStorageInterface $tokenStorage, string $cookieName, LoggerInterface $logger = null)
     {
+        if (!$secret) {
+            throw new InvalidArgumentException('A non-empty secret is required.');
+        }
+
         $this->rememberMeHandler = $rememberMeHandler;
         $this->secret = $secret;
         $this->tokenStorage = $tokenStorage;
diff --git a/src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php b/src/Symfony/Component/Security/Http/RateLimiter/DefaultLoginRateLimiter.php
@@ -14,6 +14,7 @@
 use Symfony\Component\HttpFoundation\RateLimiter\AbstractRequestRateLimiter;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\RateLimiter\RateLimiterFactory;
+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 use Symfony\Component\Security\Http\SecurityRequestAttributes;
 
 /**
@@ -35,10 +36,10 @@ final class DefaultLoginRateLimiter extends AbstractRequestRateLimiter
      */
     public function __construct(RateLimiterFactory $globalFactory, RateLimiterFactory $localFactory, #[\SensitiveParameter] string $secret = '')
     {
-        if ('' === $secret) {
-            trigger_deprecation('symfony/security-http', '6.4', 'Calling "%s()" with an empty secret is deprecated. A non-empty secret will be mandatory in version 7.0.', __METHOD__);
-            // throw new \Symfony\Component\Security\Core\Exception\InvalidArgumentException('A non-empty secret is required.');
+        if (!$secret) {
+            throw new InvalidArgumentException('A non-empty secret is required.');
         }
+
         $this->globalFactory = $globalFactory;
         $this->localFactory = $localFactory;
         $this->secret = $secret;
diff --git a/src/Symfony/Component/Webhook/Client/AbstractRequestParser.php b/src/Symfony/Component/Webhook/Client/AbstractRequestParser.php
@@ -22,7 +22,7 @@
  */
 abstract class AbstractRequestParser implements RequestParserInterface
 {
-    public function parse(Request $request, string $secret): ?RemoteEvent
+    public function parse(Request $request, #[\SensitiveParameter] string $secret): ?RemoteEvent
     {
         $this->validate($request);
 
@@ -41,7 +41,7 @@ public function createRejectedResponse(string $reason): Response
 
     abstract protected function getRequestMatcher(): RequestMatcherInterface;
 
-    abstract protected function doParse(Request $request, string $secret): ?RemoteEvent;
+    abstract protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?RemoteEvent;
 
     protected function validate(Request $request): void
     {
diff --git a/src/Symfony/Component/Webhook/Client/RequestParser.php b/src/Symfony/Component/Webhook/Client/RequestParser.php
@@ -41,7 +41,7 @@ protected function getRequestMatcher(): RequestMatcherInterface
         ]);
     }
 
-    protected function doParse(Request $request, string $secret): RemoteEvent
+    protected function doParse(Request $request, #[\SensitiveParameter] string $secret): RemoteEvent
     {
         $body = $request->toArray();
 
@@ -60,7 +60,7 @@ protected function doParse(Request $request, string $secret): RemoteEvent
         );
     }
 
-    private function validateSignature(HeaderBag $headers, string $body, $secret): void
+    private function validateSignature(HeaderBag $headers, string $body, #[\SensitiveParameter] string $secret): void
     {
         $signature = $headers->get($this->signatureHeaderName);
         $event = $headers->get($this->eventHeaderName);
diff --git a/src/Symfony/Component/Webhook/Client/RequestParserInterface.php b/src/Symfony/Component/Webhook/Client/RequestParserInterface.php
@@ -28,7 +28,7 @@ interface RequestParserInterface
      *
      * @throws RejectWebhookException When the payload is rejected (signature issue, parse issue, ...)
      */
-    public function parse(Request $request, string $secret): ?RemoteEvent;
+    public function parse(Request $request, #[\SensitiveParameter] string $secret): ?RemoteEvent;
 
     public function createSuccessfulResponse(): Response;
 
diff --git a/src/Symfony/Component/Webhook/Server/HeaderSignatureConfigurator.php b/src/Symfony/Component/Webhook/Server/HeaderSignatureConfigurator.php
@@ -13,6 +13,7 @@
 
 use Symfony\Component\HttpClient\HttpOptions;
 use Symfony\Component\RemoteEvent\RemoteEvent;
+use Symfony\Component\Webhook\Exception\InvalidArgumentException;
 use Symfony\Component\Webhook\Exception\LogicException;
 
 /**
@@ -26,8 +27,12 @@ public function __construct(
     ) {
     }
 
-    public function configure(RemoteEvent $event, string $secret, HttpOptions $options): void
+    public function configure(RemoteEvent $event, #[\SensitiveParameter] string $secret, HttpOptions $options): void
     {
+        if (!$secret) {
+            throw new InvalidArgumentException('A non-empty secret is required.');
+        }
+
         $opts = $options->toArray();
         $headers = $opts['headers'];
         if (!isset($opts['body'])) {
diff --git a/src/Symfony/Component/Webhook/Server/HeadersConfigurator.php b/src/Symfony/Component/Webhook/Server/HeadersConfigurator.php
@@ -25,7 +25,7 @@ public function __construct(
     ) {
     }
 
-    public function configure(RemoteEvent $event, string $secret, HttpOptions $options): void
+    public function configure(RemoteEvent $event, #[\SensitiveParameter] string $secret, HttpOptions $options): void
     {
         $options->setHeaders([
             $this->eventHeaderName => $event->getName(),
diff --git a/src/Symfony/Component/Webhook/Server/JsonBodyConfigurator.php b/src/Symfony/Component/Webhook/Server/JsonBodyConfigurator.php
@@ -25,7 +25,7 @@ public function __construct(
     ) {
     }
 
-    public function configure(RemoteEvent $event, string $secret, HttpOptions $options): void
+    public function configure(RemoteEvent $event, #[\SensitiveParameter] string $secret, HttpOptions $options): void
     {
         $body = $this->serializer->serialize($event->getPayload(), 'json');
         $options->setBody($body);
diff --git a/src/Symfony/Component/Webhook/Server/RequestConfiguratorInterface.php b/src/Symfony/Component/Webhook/Server/RequestConfiguratorInterface.php
@@ -19,5 +19,5 @@
  */
 interface RequestConfiguratorInterface
 {
-    public function configure(RemoteEvent $event, string $secret, HttpOptions $options): void;
+    public function configure(RemoteEvent $event, #[\SensitiveParameter] string $secret, HttpOptions $options): void;
 }
diff --git a/src/Symfony/Component/Webhook/Subscriber.php b/src/Symfony/Component/Webhook/Subscriber.php
@@ -11,12 +11,18 @@
 
 namespace Symfony\Component\Webhook;
 
+use Symfony\Component\Webhook\Exception\InvalidArgumentException;
+
 class Subscriber
 {
     public function __construct(
         private readonly string $url,
-        #[\SensitiveParameter] private readonly string $secret,
+        #[\SensitiveParameter]
+        private readonly string $secret,
     ) {
+        if (!$secret) {
+            throw new InvalidArgumentException('A non-empty secret is required.');
+        }
     }
 
     public function getUrl(): string

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ protected function getRequestMatcher(): RequestMatcherInterface`
`41`	`41`	`]);`
`42`	`42`	`}`
`43`	`43`
`44`		`- protected function doParse(Request $request, string $secret): ?AbstractMailerEvent`
	`44`	`+ protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?AbstractMailerEvent`
`45`	`45`	`{`
`46`	`46`	`$content = $request->toArray();`
`47`	`47`	`if (`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@`
`17`	`17`	`use Symfony\Component\HttpFoundation\RequestMatcher\MethodRequestMatcher;`
`18`	`18`	`use Symfony\Component\HttpFoundation\RequestMatcherInterface;`
`19`	`19`	`use Symfony\Component\Mailer\Bridge\Mailgun\RemoteEvent\MailgunPayloadConverter;`
	`20`	`+use Symfony\Component\Mailer\Exception\InvalidArgumentException;`
`20`	`21`	`use Symfony\Component\RemoteEvent\Event\Mailer\AbstractMailerEvent;`
`21`	`22`	`use Symfony\Component\RemoteEvent\Exception\ParseException;`
`22`	`23`	`use Symfony\Component\Webhook\Client\AbstractRequestParser;`
`@@ -37,8 +38,12 @@ protected function getRequestMatcher(): RequestMatcherInterface`
`37`	`38`	`]);`
`38`	`39`	`}`
`39`	`40`
`40`		`- protected function doParse(Request $request, string $secret): ?AbstractMailerEvent`
	`41`	`+ protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?AbstractMailerEvent`
`41`	`42`	`{`
	`43`	`+ if (!$secret) {`
	`44`	`+ throw new InvalidArgumentException('A non-empty secret is required.');`
	`45`	`+ }`
	`46`	`+`
`42`	`47`	`$content = $request->toArray();`
`43`	`48`	`if (`
`44`	`49`	`!isset($content['signature']['timestamp'])`
`@@ -60,7 +65,7 @@ protected function doParse(Request $request, string $secret): ?AbstractMailerEve`
`60`	`65`	`}`
`61`	`66`	`}`
`62`	`67`
`63`		`- private function validateSignature(array $signature, string $secret): void`
	`68`	`+ private function validateSignature(array $signature, #[\SensitiveParameter] string $secret): void`
`64`	`69`	`{`
`65`	`70`	`// see https://documentation.mailgun.com/en/latest/user_manual.html#webhooks-1`
`66`	`71`	`if (!hash_equals($signature['signature'], hash_hmac('sha256', $signature['timestamp'].$signature['token'], $secret))) {`
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ protected function getRequestMatcher(): RequestMatcherInterface`
`37`	`37`	`]);`
`38`	`38`	`}`
`39`	`39`
`40`		`- protected function doParse(Request $request, string $secret): ?AbstractMailerEvent`
	`40`	`+ protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?AbstractMailerEvent`
`41`	`41`	`{`
`42`	`42`	`try {`
`43`	`43`	`return $this->converter->convert($request->toArray());`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ protected function getRequestMatcher(): RequestMatcherInterface`
`25`	`25`	`return new MethodRequestMatcher('POST');`
`26`	`26`	`}`
`27`	`27`
`28`		`- protected function doParse(Request $request, string $secret): ?SmsEvent`
	`28`	`+ protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?SmsEvent`
`29`	`29`	`{`
`30`	`30`	`// Statuses: https://www.twilio.com/docs/sms/api/message-resource#message-status-values`
`31`	`31`	`// Payload examples: https://www.twilio.com/docs/sms/outbound-message-logging`
Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@`
`11`	`11`
`12`	`12`	`namespace Symfony\Component\Security\Core\Authentication\Token;`
`13`	`13`
	`14`	`+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;`
`14`	`15`	`use Symfony\Component\Security\Core\User\UserInterface;`
`15`	`16`
`16`	`17`	`/**`
`@@ -32,12 +33,12 @@ public function __construct(UserInterface $user, string $firewallName, #[\Sensit`
`32`	`33`	`{`
`33`	`34`	`parent::__construct($user->getRoles());`
`34`	`35`
`35`		`- if (empty($secret)) {`
`36`		`- throw new \InvalidArgumentException('$secret must not be empty.');`
	`36`	`+ if (!$secret) {`
	`37`	`+ throw new InvalidArgumentException('A non-empty secret is required.');`
`37`	`38`	`}`
`38`	`39`
`39`		`- if ('' === $firewallName) {`
`40`		`- throw new \InvalidArgumentException('$firewallName must not be empty.');`
	`40`	`+ if (!$firewallName) {`
	`41`	`+ throw new InvalidArgumentException('$firewallName must not be empty.');`
`41`	`42`	`}`
`42`	`43`
`43`	`44`	`$this->firewallName = $firewallName;`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@`
`22`	`22`	`*/`
`23`	`23`	`abstract class AbstractRequestParser implements RequestParserInterface`
`24`	`24`	`{`
`25`		`- public function parse(Request $request, string $secret): ?RemoteEvent`
	`25`	`+ public function parse(Request $request, #[\SensitiveParameter] string $secret): ?RemoteEvent`
`26`	`26`	`{`
`27`	`27`	`$this->validate($request);`
`28`	`28`
`@@ -41,7 +41,7 @@ public function createRejectedResponse(string $reason): Response`
`41`	`41`
`42`	`42`	`abstract protected function getRequestMatcher(): RequestMatcherInterface;`
`43`	`43`
`44`		`- abstract protected function doParse(Request $request, string $secret): ?RemoteEvent;`
	`44`	`+ abstract protected function doParse(Request $request, #[\SensitiveParameter] string $secret): ?RemoteEvent;`
`45`	`45`
`46`	`46`	`protected function validate(Request $request): void`
`47`	`47`	`{`
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ interface RequestParserInterface`
`28`	`28`	`*`
`29`	`29`	`* @throws RejectWebhookException When the payload is rejected (signature issue, parse issue, ...)`
`30`	`30`	`*/`
`31`		`- public function parse(Request $request, string $secret): ?RemoteEvent;`
	`31`	`+ public function parse(Request $request, #[\SensitiveParameter] string $secret): ?RemoteEvent;`
`32`	`32`
`33`	`33`	`public function createSuccessfulResponse(): Response;`
`34`	`34`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ public function __construct(`
`25`	`25`	`) {`
`26`	`26`	`}`
`27`	`27`
`28`		`- public function configure(RemoteEvent $event, string $secret, HttpOptions $options): void`
	`28`	`+ public function configure(RemoteEvent $event, #[\SensitiveParameter] string $secret, HttpOptions $options): void`
`29`	`29`	`{`
`30`	`30`	`$options->setHeaders([`
`31`	`31`	`$this->eventHeaderName => $event->getName(),`
Original file line number	Diff line number	Diff line change
`@@ -19,5 +19,5 @@`
`19`	`19`	`*/`
`20`	`20`	`interface RequestConfiguratorInterface`
`21`	`21`	`{`
`22`		`- public function configure(RemoteEvent $event, string $secret, HttpOptions $options): void;`
	`22`	`+ public function configure(RemoteEvent $event, #[\SensitiveParameter] string $secret, HttpOptions $options): void;`
`23`	`23`	`}`