fixes and improvements

Author: yordadev

src/Clients/AzureKeyVaultClient.php

@@ -54,6 +54,9 @@ public function listSecrets(): array
             do {
                 $response = $this->httpClient->get($url);
                 $data = json_decode($response->getBody()->getContents(), true);
+                if (json_last_error() !== JSON_ERROR_NONE) {
+                    throw new SecretProviderException('Invalid JSON response from Azure Key Vault: '.json_last_error_msg());
+                }
 
                 foreach ($data['value'] ?? [] as $secret) {
                     $secrets[] = [
@@ -87,6 +90,9 @@ public function getSecretValue(string $name, string $version = ''): array
             $path = $version ? "/secrets/{$name}/{$version}" : "/secrets/{$name}";
             $response = $this->httpClient->get($path.'?api-version='.self::API_VERSION);
             $data = json_decode($response->getBody()->getContents(), true);
+            if (json_last_error() !== JSON_ERROR_NONE) {
+                throw new SecretProviderException('Invalid JSON response from Azure Key Vault: '.json_last_error_msg());
+            }
 
             // Extract secret name from ID URL: https://vault.azure.net/secrets/{name}/{version}
             $secretName = $name;
@@ -203,6 +209,9 @@ protected function getManagedIdentityToken(): string
                 ]);
 
                 $data = json_decode($response->getBody()->getContents(), true);
+                if (json_last_error() !== JSON_ERROR_NONE) {
+                    throw new SecretProviderException('Invalid JSON response from Azure Managed Identity endpoint: '.json_last_error_msg());
+                }
                 if (! isset($data['access_token'])) {
                     throw new SecretProviderException('Invalid response from Azure Managed Identity endpoint: missing access_token');
                 }
@@ -221,6 +230,9 @@ protected function getManagedIdentityToken(): string
             ]);
 
             $data = json_decode($response->getBody()->getContents(), true);
+            if (json_last_error() !== JSON_ERROR_NONE) {
+                throw new SecretProviderException('Invalid JSON response from Azure IMDS endpoint: '.json_last_error_msg());
+            }
             if (! isset($data['access_token'])) {
                 throw new SecretProviderException('Invalid response from Azure IMDS endpoint: missing access_token');
             }
@@ -250,6 +262,9 @@ protected function getClientCredentialsToken(string $tenantId, string $clientId,
             ]);
 
             $data = json_decode($response->getBody()->getContents(), true);
+            if (json_last_error() !== JSON_ERROR_NONE) {
+                throw new SecretProviderException('Invalid JSON response from Azure OAuth endpoint: '.json_last_error_msg());
+            }
             if (! isset($data['access_token'])) {
                 throw new SecretProviderException('Invalid response from Azure OAuth endpoint: missing access_token');
             }

src/Clients/GoogleSecretManagerClient.php

@@ -60,6 +60,9 @@ public function listSecrets(): array
                     'query' => $query,
                 ]);
                 $data = json_decode($response->getBody()->getContents(), true);
+                if (json_last_error() !== JSON_ERROR_NONE) {
+                    throw new SecretProviderException('Invalid JSON response from Google Cloud: '.json_last_error_msg());
+                }
 
                 foreach ($data['secrets'] ?? [] as $secret) {
                     $secrets[] = [
@@ -89,6 +92,9 @@ public function getSecretValue(string $name, string $version = 'latest'): array
                 "/projects/{$this->projectId}/secrets/{$name}/versions/{$version}:access"
             );
             $data = json_decode($response->getBody()->getContents(), true);
+            if (json_last_error() !== JSON_ERROR_NONE) {
+                throw new SecretProviderException('Invalid JSON response from Google Cloud: '.json_last_error_msg());
+            }
 
             // GCP returns base64-encoded payload
             $value = '';
@@ -169,6 +175,9 @@ protected function getMetadataToken(): string
             );
 
             $data = json_decode($response->getBody()->getContents(), true);
+            if (json_last_error() !== JSON_ERROR_NONE) {
+                throw new SecretProviderException('Invalid JSON response from GCP metadata server: '.json_last_error_msg());
+            }
             if (! isset($data['access_token'])) {
                 throw new SecretProviderException('Invalid response from GCP metadata server: missing access_token');
             }

src/Repositories/RegexRepository.php

@@ -10,12 +10,12 @@ public function __construct(
         protected Collection $regexCollection
     ) {}
 
-    public static function checkAndSanitize(string $regex, string $replace, string $content, int &$hits = 0): string
+    public static function checkAndSanitize(string $regex, string $replace, string $content, int &$hits = 0): ?string
     {
         return preg_replace("~$regex~Si", $replace, $content, -1, $hits);
     }
 
-    public static function check(string $regex, string $content): int
+    public static function check(string $regex, string $content): int|false
     {
         return preg_match_all("~$regex~Si", $content);
     }