From 0db8b96c8427f1607891a140ae56da18ae166cae Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Sat, 20 Dec 2025 06:23:55 +0000
Subject: [PATCH] Add Psalm taint annotations for session/cookie security

Mark session and cookie providers as taint sources since $_COOKIE
contains user-controlled data that could be manipulated.

- SessionProvider::get() - returns Session initialized with $_COOKIE
- CookieProvider::get() - returns $_COOKIE directly

Also apply code style fixes (phpcbf).
---
 src/Annotation/Cookie.php       |  3 ++-
 src/Annotation/DeleteCookie.php |  3 ++-
 src/AuraSessionInject.php       |  6 ++----
 src/AuraSessionModule.php       |  2 +-
 src/CookieProvider.php          |  3 ++-
 src/DeleteCookieInvoker.php     |  2 +-
 src/SessionProvider.php         | 15 ++++++++-------
 7 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/src/Annotation/Cookie.php b/src/Annotation/Cookie.php
index 1565f7a..e4254c2 100644
--- a/src/Annotation/Cookie.php
+++ b/src/Annotation/Cookie.php
@@ -7,7 +7,8 @@
 use Attribute;
 use Ray\Di\Di\Qualifier;
 
-#[Attribute, Qualifier]
+#[Attribute]
+#[Qualifier]
 final class Cookie
 {
 }
diff --git a/src/Annotation/DeleteCookie.php b/src/Annotation/DeleteCookie.php
index 4d411a9..2e69ef6 100644
--- a/src/Annotation/DeleteCookie.php
+++ b/src/Annotation/DeleteCookie.php
@@ -7,7 +7,8 @@
 use Attribute;
 use Ray\Di\Di\Qualifier;
 
-#[Attribute, Qualifier]
+#[Attribute]
+#[Qualifier]
 final class DeleteCookie
 {
 }
diff --git a/src/AuraSessionInject.php b/src/AuraSessionInject.php
index d64c78a..b3e6687 100644
--- a/src/AuraSessionInject.php
+++ b/src/AuraSessionInject.php
@@ -6,15 +6,13 @@
 
 use Aura\Session\Session;
 
-/**
- * @deprecated Use PHP 8.0: Class constructor property promotion instead
- */
+/** @deprecated Use PHP 8.0: Class constructor property promotion instead */
 trait AuraSessionInject
 {
     /** @var Session */
     protected $session;
 
-    public function setSession(Session $session)
+    public function setSession(Session $session): void
     {
         $this->session = $session;
     }
diff --git a/src/AuraSessionModule.php b/src/AuraSessionModule.php
index bd40b4d..06bc2f3 100644
--- a/src/AuraSessionModule.php
+++ b/src/AuraSessionModule.php
@@ -22,7 +22,7 @@
 class AuraSessionModule extends AbstractModule
 {
     /**
-     * {@inheritdoc}
+     * {@inheritDoc}
      */
     protected function configure()
     {
diff --git a/src/CookieProvider.php b/src/CookieProvider.php
index d7c6fe9..d0e1320 100644
--- a/src/CookieProvider.php
+++ b/src/CookieProvider.php
@@ -13,9 +13,10 @@
 class CookieProvider implements ProviderInterface
 {
     /**
-     * {@inheritdoc}
+     * {@inheritDoc}
      *
      * @SuppressWarnings(PHPMD.Superglobals)
+     * @psalm-taint-source input
      */
     public function get()
     {
diff --git a/src/DeleteCookieInvoker.php b/src/DeleteCookieInvoker.php
index 2bf2658..52251b4 100644
--- a/src/DeleteCookieInvoker.php
+++ b/src/DeleteCookieInvoker.php
@@ -25,7 +25,7 @@ public function __invoke(string $name, array $params): void
             '',
             time() - 42000,
             $params['path'],
-            $params['domain']
+            $params['domain'],
         );
     }
 }
diff --git a/src/SessionProvider.php b/src/SessionProvider.php
index 9997031..37c195f 100644
--- a/src/SessionProvider.php
+++ b/src/SessionProvider.php
@@ -1,26 +1,27 @@
 <?php
+
+declare(strict_types=1);
+
 /**
  * This file is part of the Ray.AuraSessionModule package.
- *
- * @license http://opensource.org/licenses/MIT MIT
  */
+
 namespace Ray\AuraSessionModule;
 
 use Aura\Session\SessionFactory;
 use Ray\Di\ProviderInterface;
 
-/**
- * @deprecated
- */
+/** @deprecated */
 class SessionProvider implements ProviderInterface
 {
     /**
-     * {@inheritdoc}
+     * {@inheritDoc}
      *
      * @SuppressWarnings(PHPMD.Superglobals)
+     * @psalm-taint-source input
      */
     public function get()
     {
-        return (new SessionFactory)->newInstance($_COOKIE);
+        return (new SessionFactory())->newInstance($_COOKIE);
     }
 }