Add small wxSecretString helper for wiping strings values

This is simpler and more robust than remembering to call WipeString() manually.
2021-01-10 01:21:45 +01:00
parent f8aa5785ce
commit fe197d7527
2 changed files with 64 additions and 0 deletions
--- a/include/wx/secretstore.h
+++ b/include/wx/secretstore.h
@@ -230,4 +230,30 @@ private:

 #endif // wxUSE_SECRETSTORE/!wxUSE_SECRETSTORE

+// Helper class ensuring WipeString() is called.
+//
+// It should only be used as a local variable and never polymorphically.
+class wxSecretString : public wxString
+{
+public:
+    wxSecretString()
+    {
+    }
+
+    wxSecretString(const wxString& value)
+        : wxString(value)
+    {
+    }
+
+    explicit wxSecretString(const wxSecretValue& value)
+        : wxString(value.GetAsString())
+    {
+    }
+
+    ~wxSecretString()
+    {
+        wxSecretValue::WipeString(*this);
+    }
+};
+
 #endif // _WX_SECRETSTORE_H_
--- a/interface/wx/secretstore.h
+++ b/interface/wx/secretstore.h
@@ -7,6 +7,42 @@
 /////////////////////////////////////////////////////////////////////////////


+/**
+    Temporary string whose contents will be overwritten when it is destroyed.
+
+    Objects of this class must not be used polymorphically as it derives from
+    wxString which doesn't have a virtual destructor. Typically, they are used
+    as local variables, e.g.
+    @code
+        void TryToAuthenticate(const wxString& secretValue)
+        {
+            wxSecretString password(secretValue);
+
+            ... use password as any wxString ...
+
+            // Here password memory is overwritten to prevent the password from
+            // remaining in memory.
+        }
+    @endcode
+
+    @since 3.1.5
+ */
+class wxSecretString : public wxString
+{
+public:
+    /// Default constructor creates an empty string.
+    wxSecretString();
+
+    /// Constructor from a plain string.
+    wxSecretString(const wxString& value);
+
+    /// Constructor from a secret value.
+    explicit wxSecretString(const wxSecretValue& value);
+
+    /// Destructor calls wxSecretValue::WipeString()
+    ~wxSecretString();
+};
+
 /**
    Represents the value of a secret in wxSecretStore.

@@ -131,6 +167,8 @@ public:

    /**
        Overwrite the contents of the given string.
+
+        @see wxSecretString
     */
    static void WipeString(wxString& str);
 };