Mark parameter in ext/pdo as sensitive

ext/pdo/pdo.c

@@ -252,7 +252,7 @@ PHP_MINIT_FUNCTION(pdo)
 
 	pdo_exception_ce = register_class_PDOException(spl_ce_RuntimeException);
 
-	pdo_dbh_init();
+	pdo_dbh_init(module_number);
 	pdo_stmt_init();
 
 	return SUCCESS;

ext/pdo/pdo_dbh.c

@@ -28,6 +28,7 @@
 #include "php_pdo.h"
 #include "php_pdo_driver.h"
 #include "php_pdo_int.h"
+#include "zend_attributes.h"
 #include "zend_exceptions.h"
 #include "zend_object_handlers.h"
 #include "zend_hash.h"
@@ -1325,7 +1326,7 @@ static HashTable *dbh_get_gc(zend_object *object, zval **gc_data, int *gc_count)
 static zend_object_handlers pdo_dbh_object_handlers;
 static void pdo_dbh_free_storage(zend_object *std);
 
-void pdo_dbh_init(void)
+void pdo_dbh_init(int module_number)
 {
 	pdo_dbh_ce = register_class_PDO();
 	pdo_dbh_ce->create_object = pdo_dbh_new;
@@ -1423,6 +1424,8 @@ void pdo_dbh_init(void)
 
 	REGISTER_PDO_CLASS_CONST_LONG("CURSOR_FWDONLY", (zend_long)PDO_CURSOR_FWDONLY);
 	REGISTER_PDO_CLASS_CONST_LONG("CURSOR_SCROLL", (zend_long)PDO_CURSOR_SCROLL);
+
+	register_pdo_dbh_symbols(module_number, pdo_dbh_ce);
 }
 
 static void dbh_free(pdo_dbh_t *dbh, bool free_persistent)

ext/pdo/pdo_dbh.stub.php

@@ -5,6 +5,7 @@
 /** @not-serializable */
 class PDO
 {
+    /** @sensitive-param $password */
     public function __construct(string $dsn, ?string $username = null, ?string $password = null, ?array $options = null) {}
 
     /** @tentative-return-type */

ext/pdo/pdo_dbh_arginfo.h

@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: 7d10dbdfd55eb4a4dc779cbf4fa000cdf4fb3539 */
+ * Stub hash: 5d26f6875ff2704506a9f94b171adbe13aa40483 */
 
 ZEND_BEGIN_ARG_INFO_EX(arginfo_class_PDO___construct, 0, 0, 1)
 	ZEND_ARG_TYPE_INFO(0, dsn, IS_STRING, 0)
@@ -95,6 +95,11 @@ static const zend_function_entry class_PDO_methods[] = {
 	ZEND_FE_END
 };
 
+static void register_pdo_dbh_symbols(int module_number, zend_class_entry *class_entry_PDO)
+{
+    zend_mark_function_parameter_as_sensitive(&class_entry_PDO->function_table, "__construct", 2);
+}
+
 static zend_class_entry *register_class_PDO(void)
 {
 	zend_class_entry ce, *class_entry;

ext/pdo/php_pdo_int.h

@@ -25,7 +25,7 @@ extern HashTable pdo_driver_hash;
 extern zend_class_entry *pdo_exception_ce;
 int php_pdo_list_entry(void);
 
-void pdo_dbh_init(void);
+void pdo_dbh_init(int module_number);
 void pdo_stmt_init(void);
 
 extern zend_object *pdo_dbh_new(zend_class_entry *ce);

ext/pdo/tests/sensitive_parameter.phpt

@@ -0,0 +1,17 @@
+--TEST--
+Test that sensitive parameters are marked sensitive.
+--EXTENSIONS--
+pdo
+--FILE--
+<?php
+try {
+    new PDO('dsn', 'username', 'password');
+} catch (\Throwable $e) {
+    echo $e, PHP_EOL;
+}
+?>
+--EXPECTF--
+PDOException: PDO::__construct(): Argument #1 ($dsn) must be a valid data source name in %s:%d
+Stack trace:
+#0 %s(%d): PDO->__construct('dsn', 'username', Object(SensitiveParameterValue))
+#1 {main}