net/http/http_log_util.cc - Issue 361053002: Elide data reduction proxy credentials from NetLog

Side by Side Diff: net/http/http_log_util.cc

Issue 361053002: Elide data reduction proxy credentials from NetLog (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Addressed comment Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/http/http_log_util.h"	5 #include "net/http/http_log_util.h"

6	6

7 #include "base/strings/string_util.h"	7 #include "base/strings/string_util.h"

8 #include "base/strings/stringprintf.h"	8 #include "base/strings/stringprintf.h"

9 #include "net/http/http_auth_challenge_tokenizer.h"	9 #include "net/http/http_auth_challenge_tokenizer.h"

	10 #include "net/http/http_util.h"

10	11

11 namespace net {	12 namespace net {

12	13

13 namespace {	14 namespace {

14	15

15 bool ShouldRedactChallenge(HttpAuthChallengeTokenizer* challenge) {	16 bool ShouldRedactChallenge(HttpAuthChallengeTokenizer* challenge) {

16 // Ignore lines with commas, as they may contain lists of schemes, and	17 // Ignore lines with commas, as they may contain lists of schemes, and

17 // the information we want to hide is Base64 encoded, so has no commas.	18 // the information we want to hide is Base64 encoded, so has no commas.

18 if (challenge->challenge_text().find(',') != std::string::npos)	19 if (challenge->challenge_text().find(',') != std::string::npos)

19 return false;	20 return false;

20	21

21 std::string scheme = StringToLowerASCII(challenge->scheme());	22 std::string scheme = StringToLowerASCII(challenge->scheme());

22 // Invalid input.	23 // Invalid input.

23 if (scheme.empty())	24 if (scheme.empty())

24 return false;	25 return false;

25	26

26 // Ignore Basic and Digest authentication challenges, as they contain	27 // Ignore Basic and Digest authentication challenges, as they contain

27 // public information.	28 // public information.

28 if (scheme == "basic" \|\| scheme == "digest")	29 if (scheme == "basic" \|\| scheme == "digest")

29 return false;	30 return false;

30	31

31 return true;	32 return true;

32 }	33 }

33	34

34 } // namespace	35 } // namespace

35	36

	37 #if defined(SPDY_PROXY_AUTH_ORIGIN)

	38 bool ElideChromeProxyDirective(const std::string& header_value,

	39 const std::string& directive,

	40 std::string::const_iterator* redact_begin,

	41 std::string::const_iterator* redact_end) {

	42 HttpUtil::ValuesIterator it(header_value.begin(), header_value.end(), ',');

	43 while (it.GetNext()) {

	44 if (LowerCaseEqualsASCII(it.value_begin(),

	45 it.value_begin() + directive.size(),

	46 directive.c_str())) {

	47 *redact_begin = it.value_begin();

	48 *redact_end = it.value_end();

	49 return true;

	50 }

	51 }

	52 return false;

	53 }

	54 #endif

	55

36 std::string ElideHeaderValueForNetLog(NetLog::LogLevel log_level,	56 std::string ElideHeaderValueForNetLog(NetLog::LogLevel log_level,

37 const std::string& header,	57 const std::string& header,

38 const std::string& value) {	58 const std::string& value) {

	59 std::string::const_iterator redact_begin = value.begin();

	60 std::string::const_iterator redact_end = value.begin();

	61 bool unconditionally_redacted = false;

39 #if defined(SPDY_PROXY_AUTH_ORIGIN)	62 #if defined(SPDY_PROXY_AUTH_ORIGIN)

40 if (!base::strcasecmp(header.c_str(), "proxy-authorization") \|\|	63 if (!base::strcasecmp(header.c_str(), "chrome-proxy")) {

41 !base::strcasecmp(header.c_str(), "proxy-authenticate")) {	64 unconditionally_redacted =

42 return "[elided]";	65 ElideChromeProxyDirective(value, "sid=", &redact_begin, &redact_end);

43 }	66 }

44 #endif	67 #endif

45	68

46 if (log_level < NetLog::LOG_STRIP_PRIVATE_DATA)	69 if (!unconditionally_redacted) {
	mmenke 2014/07/02 18:34:25 Think you can get rid of this bool, and just use " Think you can get rid of this bool, and just use "if (redact_begin != redact_end)" here (If they're the same, you aren't redacting anything, anyways). Optionally, could combine the two ifs... if (redact_begin != redact_end && log_level >= NetLog::LOG_STRIP_PRIVATE_DATA) Then there are only two return statements, which I think is a little cleaner. bengr 2014/07/02 19:31:58 Done. Show quoted text On 2014/07/02 18:34:25, mmenke wrote: > Think you can get rid of this bool, and just use "if (redact_begin != > redact_end)" here (If they're the same, you aren't redacting anything, anyways). > > Optionally, could combine the two ifs... > > if (redact_begin != redact_end && log_level >= NetLog::LOG_STRIP_PRIVATE_DATA) > > Then there are only two return statements, which I think is a little cleaner. Done.
47 return value;	70 if (log_level < NetLog::LOG_STRIP_PRIVATE_DATA)

	71 return value;

48	72

49 // Note: this logic should be kept in sync with stripCookiesAndLoginInfo in	73 // Note: this logic should be kept in sync with stripCookiesAndLoginInfo in

50 // chrome/browser/resources/net_internals/log_view_painter.js.	74 // chrome/browser/resources/net_internals/log_view_painter.js.

51	75

52 std::string::const_iterator redact_begin = value.begin();	76 if (!base::strcasecmp(header.c_str(), "set-cookie") \|\|

53 std::string::const_iterator redact_end = value.begin();	77 !base::strcasecmp(header.c_str(), "set-cookie2") \|\|

54 if (!base::strcasecmp(header.c_str(), "set-cookie") \|\|	78 !base::strcasecmp(header.c_str(), "cookie") \|\|

55 !base::strcasecmp(header.c_str(), "set-cookie2") \|\|	79 !base::strcasecmp(header.c_str(), "authorization") \|\|

56 !base::strcasecmp(header.c_str(), "cookie") \|\|	80 !base::strcasecmp(header.c_str(), "proxy-authorization")) {

57 !base::strcasecmp(header.c_str(), "authorization") \|\|	81 redact_begin = value.begin();

58 !base::strcasecmp(header.c_str(), "proxy-authorization")) {	82 redact_end = value.end();

59 redact_begin = value.begin();	83 } else if (!base::strcasecmp(header.c_str(), "www-authenticate") \|\|

60 redact_end = value.end();	84 !base::strcasecmp(header.c_str(), "proxy-authenticate")) {

61 } else if (!base::strcasecmp(header.c_str(), "www-authenticate") \|\|	85 // Look for authentication information from data received from the server

62 !base::strcasecmp(header.c_str(), "proxy-authenticate")) {	86 // in multi-round Negotiate authentication.

63 // Look for authentication information from data received from the server in	87 HttpAuthChallengeTokenizer challenge(value.begin(), value.end());

64 // multi-round Negotiate authentication.	88 if (ShouldRedactChallenge(&challenge)) {

65 HttpAuthChallengeTokenizer challenge(value.begin(), value.end());	89 redact_begin = challenge.params_begin();

66 if (ShouldRedactChallenge(&challenge)) {	90 redact_end = challenge.params_end();

67 redact_begin = challenge.params_begin();	91 }

68 redact_end = challenge.params_end();

69 }	92 }

70 }	93 }

71	94

72 if (redact_begin == redact_end)	95 if (redact_begin == redact_end)

73 return value;	96 return value;

74	97

75 return std::string(value.begin(), redact_begin) +	98 return std::string(value.begin(), redact_begin) +

76 base::StringPrintf("[%ld bytes were stripped]",	99 base::StringPrintf("[%ld bytes were stripped]",

77 static_cast<long>(redact_end - redact_begin)) +	100 static_cast<long>(redact_end - redact_begin)) +

78 std::string(redact_end, value.end());	101 std::string(redact_end, value.end());

79 }	102 }

80	103

81 } // namespace net	104 } // namespace net

OLD	NEW

« no previous file with comments | « no previous file | net/http/http_log_util_unittest.cc » ('j') | net/http/http_log_util_unittest.cc » ('J')