diff --git a/include/wx/secretstore.h b/include/wx/secretstore.h index cf74a5c983..989a1a33c9 100644 --- a/include/wx/secretstore.h +++ b/include/wx/secretstore.h @@ -230,4 +230,30 @@ private: #endif // wxUSE_SECRETSTORE/!wxUSE_SECRETSTORE +// Helper class ensuring WipeString() is called. +// +// It should only be used as a local variable and never polymorphically. +class wxSecretString : public wxString +{ +public: + wxSecretString() + { + } + + wxSecretString(const wxString& value) + : wxString(value) + { + } + + explicit wxSecretString(const wxSecretValue& value) + : wxString(value.GetAsString()) + { + } + + ~wxSecretString() + { + wxSecretValue::WipeString(*this); + } +}; + #endif // _WX_SECRETSTORE_H_ diff --git a/interface/wx/secretstore.h b/interface/wx/secretstore.h index 0a8c4afad0..f094e702de 100644 --- a/interface/wx/secretstore.h +++ b/interface/wx/secretstore.h @@ -7,6 +7,42 @@ ///////////////////////////////////////////////////////////////////////////// +/** + Temporary string whose contents will be overwritten when it is destroyed. + + Objects of this class must not be used polymorphically as it derives from + wxString which doesn't have a virtual destructor. Typically, they are used + as local variables, e.g. + @code + void TryToAuthenticate(const wxString& secretValue) + { + wxSecretString password(secretValue); + + ... use password as any wxString ... + + // Here password memory is overwritten to prevent the password from + // remaining in memory. + } + @endcode + + @since 3.1.5 + */ +class wxSecretString : public wxString +{ +public: + /// Default constructor creates an empty string. + wxSecretString(); + + /// Constructor from a plain string. + wxSecretString(const wxString& value); + + /// Constructor from a secret value. + explicit wxSecretString(const wxSecretValue& value); + + /// Destructor calls wxSecretValue::WipeString() + ~wxSecretString(); +}; + /** Represents the value of a secret in wxSecretStore. @@ -131,6 +167,8 @@ public: /** Overwrite the contents of the given string. + + @see wxSecretString */ static void WipeString(wxString& str); };