Skip to content

Prevent secret leak in exception message, use FILTER_VALIDATE_INT for integer parsing, and lookup env vars via _ENV, _SERVER, then getenv().#10

Merged
gustavofreze merged 2 commits intomainfrom
feature/develop
Apr 22, 2026
Merged

Prevent secret leak in exception message, use FILTER_VALIDATE_INT for integer parsing, and lookup env vars via _ENV, _SERVER, then getenv().#10
gustavofreze merged 2 commits intomainfrom
feature/develop

Conversation

@gustavofreze
Copy link
Copy Markdown
Member

No description provided.

…T for integer parsing, and lookup env vars via _ENV, _SERVER, then getenv().
Copilot AI review requested due to automatic review settings April 22, 2026 01:09
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens and clarifies environment variable handling by (1) preventing secret leakage in conversion exceptions, (2) enforcing stricter integer parsing, and (3) expanding variable lookup to consult $_ENV, $_SERVER, then getenv().

Changes:

  • Replace value-leaking InvalidEnvironmentValue with dedicated exceptions that do not embed the raw env value.
  • Switch integer conversion to FILTER_VALIDATE_INT and add a new lookup helper (EnvironmentSource) for broader env resolution.
  • Update tests and project tooling/docs (composer normalization, git attributes/ignore, changelog, editorconfig, CI tweaks).

Reviewed changes

Copilot reviewed 22 out of 23 changed files in this pull request and generated 9 comments.

Show a summary per file
File Description
tests/EnvironmentVariableTest.php Reworks tests (namespace, stronger assertions, new scenarios for superglobal lookup and stricter parsing).
src/Internal/Exceptions/InvalidEnvironmentValue.php (deleted) Removes the previous generic exception that included raw values in messages.
src/Internal/Exceptions/EnvironmentValueNotInteger.php New dedicated exception for invalid integer conversion without leaking the value.
src/Internal/Exceptions/EnvironmentValueNotBoolean.php New dedicated exception for invalid boolean conversion without leaking the value.
src/Internal/EnvironmentSource.php Adds lookup helper that checks $_ENV, $_SERVER, then getenv().
src/EnvironmentVariable.php Uses EnvironmentSource, updates conversion logic to FILTER_VALIDATE_INT, throws new exceptions.
src/Environment.php Updates the interface @throws types to the new exceptions.
infection.json.dist Disables the ProtectedVisibility mutator.
composer.json Updates metadata, dev dependencies, scripts ordering, and test namespace autoload-dev mapping.
README.md Updates overview wording and makes examples self-contained with use statements.
Makefile Adds composer normalize to configure and introduces show-outdated.
CHANGES.md Adds a changelog documenting the behavioral changes (currently partially inaccurate / non-English).
.gitignore Expands ignore patterns; adds editor/agent folders and composer.lock ignore.
.github/workflows/ci.yml Removes explicit bcmath extension install from setup steps.
.github/copilot-instructions.md Adds Copilot guidance pointing to .claude rules as source of truth.
.gitattributes Normalizes text/eol settings and clarifies export-ignore set for Packagist.
.editorconfig Adds repository-wide formatting rules.
.claude/rules/php-library-testing.md Introduces strict PHPUnit BDD + fixture rules and mutation/coverage requirements.
.claude/rules/php-library-modeling.md Adds modeling rules (public API boundary, exception conventions, structure).
.claude/rules/php-library-documentation.md Adds documentation rules (README structure, American English, examples).
.claude/rules/php-library-code-style.md Adds extensive PHP style conventions (naming, args, ordering, etc.).
.claude/rules/github-workflows.md Adds workflow structure/style rules.
.claude/CLAUDE.md Adds project-level guidance and required validation commands.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread CHANGES.md Outdated
Comment thread tests/EnvironmentVariableTest.php
Comment thread tests/EnvironmentVariableTest.php
Comment thread infection.json.dist
Comment thread tests/EnvironmentVariableTest.php
Comment thread tests/EnvironmentVariableTest.php
Comment thread src/Environment.php
Comment thread src/EnvironmentVariable.php
Comment thread CHANGES.md Outdated
…T for integer parsing, and lookup env vars via _ENV, _SERVER, then getenv().
@gustavofreze gustavofreze merged commit 3aea840 into main Apr 22, 2026
5 checks passed
@gustavofreze gustavofreze deleted the feature/develop branch April 22, 2026 01:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants