Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(820)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_log_util.cc

Issue 361053002: Elide data reduction proxy credentials from NetLog (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Addressed comments Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/http/http_log_util_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_log_util.h" 5 #include "net/http/http_log_util.h"
6 6
7 #include "base/strings/string_util.h" 7 #include "base/strings/string_util.h"
8 #include "base/strings/stringprintf.h" 8 #include "base/strings/stringprintf.h"
9 #include "net/http/http_auth_challenge_tokenizer.h" 9 #include "net/http/http_auth_challenge_tokenizer.h"
10 #include "net/http/http_util.h"
10 11
11 namespace net { 12 namespace net {
12 13
13 namespace { 14 namespace {
14 15
15 bool ShouldRedactChallenge(HttpAuthChallengeTokenizer* challenge) { 16 bool ShouldRedactChallenge(HttpAuthChallengeTokenizer* challenge) {
16 // Ignore lines with commas, as they may contain lists of schemes, and 17 // Ignore lines with commas, as they may contain lists of schemes, and
17 // the information we want to hide is Base64 encoded, so has no commas. 18 // the information we want to hide is Base64 encoded, so has no commas.
18 if (challenge->challenge_text().find(',') != std::string::npos) 19 if (challenge->challenge_text().find(',') != std::string::npos)
19 return false; 20 return false;
20 21
21 std::string scheme = StringToLowerASCII(challenge->scheme()); 22 std::string scheme = StringToLowerASCII(challenge->scheme());
22 // Invalid input. 23 // Invalid input.
23 if (scheme.empty()) 24 if (scheme.empty())
24 return false; 25 return false;
25 26
26 // Ignore Basic and Digest authentication challenges, as they contain 27 // Ignore Basic and Digest authentication challenges, as they contain
27 // public information. 28 // public information.
28 if (scheme == "basic" || scheme == "digest") 29 if (scheme == "basic" || scheme == "digest")
29 return false; 30 return false;
30 31
31 return true; 32 return true;
32 } 33 }
33 34
34 } // namespace 35 } // namespace
35 36
37 #if defined(SPDY_PROXY_AUTH_ORIGIN)
38 void ElideChromeProxyDirective(const std::string& header_value,
39 const std::string& directive,
40 std::string::const_iterator* redact_begin,
41 std::string::const_iterator* redact_end) {
42 HttpUtil::ValuesIterator it(header_value.begin(), header_value.end(), ',');
43 while (it.GetNext()) {
44 if (LowerCaseEqualsASCII(it.value_begin(),
45 it.value_begin() + directive.size(),
46 directive.c_str())) {
47 *redact_begin = it.value_begin();
48 *redact_end = it.value_end();
49 return;
50 }
51 }
52 }
53 #endif
54
36 std::string ElideHeaderValueForNetLog(NetLog::LogLevel log_level, 55 std::string ElideHeaderValueForNetLog(NetLog::LogLevel log_level,
37 const std::string& header, 56 const std::string& header,
38 const std::string& value) { 57 const std::string& value) {
58 std::string::const_iterator redact_begin = value.begin();
59 std::string::const_iterator redact_end = value.begin();
39 #if defined(SPDY_PROXY_AUTH_ORIGIN) 60 #if defined(SPDY_PROXY_AUTH_ORIGIN)
40 if (!base::strcasecmp(header.c_str(), "proxy-authorization") || 61 if (!base::strcasecmp(header.c_str(), "chrome-proxy")) {
41 !base::strcasecmp(header.c_str(), "proxy-authenticate")) { 62 ElideChromeProxyDirective(value, "sid=", &redact_begin, &redact_end);
42 return "[elided]";
43 } 63 }
44 #endif 64 #endif
45 65
46 if (log_level < NetLog::LOG_STRIP_PRIVATE_DATA) 66 if (redact_begin == redact_end &&
47 return value; 67 log_level >= NetLog::LOG_STRIP_PRIVATE_DATA) {
48 68
49 // Note: this logic should be kept in sync with stripCookiesAndLoginInfo in 69 // Note: this logic should be kept in sync with stripCookiesAndLoginInfo in
50 // chrome/browser/resources/net_internals/log_view_painter.js. 70 // chrome/browser/resources/net_internals/log_view_painter.js.
51 71
52 std::string::const_iterator redact_begin = value.begin(); 72 if (!base::strcasecmp(header.c_str(), "set-cookie") ||
53 std::string::const_iterator redact_end = value.begin(); 73 !base::strcasecmp(header.c_str(), "set-cookie2") ||
54 if (!base::strcasecmp(header.c_str(), "set-cookie") || 74 !base::strcasecmp(header.c_str(), "cookie") ||
55 !base::strcasecmp(header.c_str(), "set-cookie2") || 75 !base::strcasecmp(header.c_str(), "authorization") ||
56 !base::strcasecmp(header.c_str(), "cookie") || 76 !base::strcasecmp(header.c_str(), "proxy-authorization")) {
57 !base::strcasecmp(header.c_str(), "authorization") || 77 redact_begin = value.begin();
58 !base::strcasecmp(header.c_str(), "proxy-authorization")) { 78 redact_end = value.end();
59 redact_begin = value.begin(); 79 } else if (!base::strcasecmp(header.c_str(), "www-authenticate") ||
60 redact_end = value.end(); 80 !base::strcasecmp(header.c_str(), "proxy-authenticate")) {
61 } else if (!base::strcasecmp(header.c_str(), "www-authenticate") || 81 // Look for authentication information from data received from the server
62 !base::strcasecmp(header.c_str(), "proxy-authenticate")) { 82 // in multi-round Negotiate authentication.
63 // Look for authentication information from data received from the server in 83 HttpAuthChallengeTokenizer challenge(value.begin(), value.end());
64 // multi-round Negotiate authentication. 84 if (ShouldRedactChallenge(&challenge)) {
65 HttpAuthChallengeTokenizer challenge(value.begin(), value.end()); 85 redact_begin = challenge.params_begin();
66 if (ShouldRedactChallenge(&challenge)) { 86 redact_end = challenge.params_end();
67 redact_begin = challenge.params_begin(); 87 }
68 redact_end = challenge.params_end();
69 } 88 }
70 } 89 }
71 90
72 if (redact_begin == redact_end) 91 if (redact_begin == redact_end)
73 return value; 92 return value;
74 93
75 return std::string(value.begin(), redact_begin) + 94 return std::string(value.begin(), redact_begin) +
76 base::StringPrintf("[%ld bytes were stripped]", 95 base::StringPrintf("[%ld bytes were stripped]",
77 static_cast<long>(redact_end - redact_begin)) + 96 static_cast<long>(redact_end - redact_begin)) +
78 std::string(redact_end, value.end()); 97 std::string(redact_end, value.end());
79 } 98 }
80 99
81 } // namespace net 100 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/http/http_log_util_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698