XRootD
Functions
XrdOucPrivateUtils.hh File Reference
#include "XrdOuc/XrdOucString.hh"
#include <regex>
#include <string>
#include <unordered_set>
#include <string_view>
#include <vector>
+ Include dependency graph for XrdOucPrivateUtils.hh:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

static bool is_subdirectory (const std::string_view dir, const std::string_view subdir)
 
std::string obfuscateAuth (const std::string &input)
 
void stripCgi (std::string &url, const std::unordered_set< std::string > &cgiKeys)
 
void stripCgi (XrdOucString &url, const std::unordered_set< std::string > &cgiKeys)
 

Function Documentation

◆ is_subdirectory()

static bool is_subdirectory ( const std::string_view  dir,
const std::string_view  subdir 
)
inlinestatic

PRIVATE HEADER for utility functions, implementation in XrdOucUtils.cc Returns true if path subdir is a subdirectory of dir.

Definition at line 37 of file XrdOucPrivateUtils.hh.

39 {
40  if (subdir.size() < dir.size() || dir.empty())
41  return false;
42 
43  if (subdir.compare(0, dir.size(), dir, 0, dir.size()) != 0)
44  return false;
45 
46  return dir.size() == subdir.size() || subdir[dir.size()] == '/' || dir.back() == '/';
47 }

Referenced by SubpathMatch::apply(), and DoMv().

+ Here is the caller graph for this function:

◆ obfuscateAuth()

std::string obfuscateAuth ( const std::string &  input)

Obfuscates strings containing "authz=value", "Authorization: value", "TransferHeaderAuthorization: value", "WhateverAuthorization: value" in a case insensitive way.

Parameters
inputthe string to obfuscate

This function obfuscates away authz= cgi elements and/or HTTP authorization headers from URL or other log line strings which might contain them.

Parameters
inputthe string to obfuscate
Returns
the string with token values obfuscated

Definition at line 1591 of file XrdOucUtils.cc.

1592 {
1593  static const regex_t auth_regex = []() {
1594  constexpr char re[] =
1595  "(access_token=|authz=|(transferheader)?(www-|proxy-)?auth(orization|enticate)[[:space:]]*:[[:space:]]*)"
1596  "(Bearer([[:space:]]|%20)?(token([[:space:]]|%20)?)?)?";
1597 
1598  regex_t regex;
1599 
1600  if (regcomp(&regex, re, REG_EXTENDED | REG_ICASE) != 0)
1601  throw std::runtime_error("Failed to compile regular expression");
1602 
1603  return regex;
1604  }();
1605 
1606  regmatch_t match;
1607  size_t offset = 0;
1608  std::string redacted;
1609  const char *const text = input.c_str();
1610 
1611  while (regexec(&auth_regex, text + offset, 1, &match, 0) == 0) {
1612  redacted.append(text + offset, match.rm_eo).append("REDACTED");
1613 
1614  offset += match.rm_eo;
1615 
1616  while (offset < input.size() && is_token_character(input[offset]))
1617  ++offset;
1618  }
1619 
1620  return redacted.append(text + offset);
1621 }
is_token_character
static bool is_token_character(int c)
Definition: XrdOucUtils.cc:1569

References is_token_character().

Referenced by XrdPfc::Cache::Attach(), XrdPosixXrootd::Close(), XrdPosixFile::DelayedDestroy(), XrdPosixPrepIO::Disable(), XrdCl::URL::FromString(), XrdPssSys::FSctl(), XrdPssCks::Get(), XrdCl::URL::GetObfuscatedURL(), XrdCl::Utils::LogPropertyList(), main(), XrdPssSys::Mkdir(), XrdPssFile::Open(), XrdPssDir::Opendir(), XrdHttpProtocol::Process(), XrdHttpReq::ProcessHTTPReq(), XrdPssSys::Remdir(), XrdPssSys::Rename(), XrdCl::Message::SetDescription(), XrdPssSys::Stat(), XrdPssSys::Truncate(), and XrdPssSys::Unlink().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ stripCgi() [1/2]

void stripCgi ( std::string &  url,
const std::unordered_set< std::string > &  cgiKeys 
)

Strip selected CGI elements (e.g. "authz=...") from a string/URL. The function removes occurrences of "<key>=<token>" for each key in cgiKeys

Parameters
urlthe string/URL to sanitize (modified in-place)
cgiKeysCGI parameter names to remove (without the trailing '=')

Strip selected CGI elements (e.g. "authz=...") from a string/URL.

Parameters
urlthe string/URL to sanitize
cgiKeysCGI parameter names to remove (without the trailing '=')

Definition at line 1698 of file XrdOucUtils.cc.

1699 {
1700  for (const auto &key : cgiKeys) {
1701  if (key.empty())
1702  continue;
1703 
1704  const std::string needle = key + "=";
1705  size_t spos = 0, epos = 0;
1706 
1707  while ((spos = url.find(needle, spos)) != std::string::npos) {
1708  epos = spos;
1709  while (epos < url.size() && is_token_character(url[epos]))
1710  ++epos;
1711  url.erase(spos, epos - spos);
1712  }
1713  }
1714 
1715  // If a stripped CGI was the first element, remove the extra &
1716  size_t spos = 0;
1717  if ((spos = url.find("?&")) != std::string::npos)
1718  url.erase(spos + 1, 1);
1719 
1720  // If stripping removed the only query parameter, remove the dangling ?
1721  if (!url.empty() && url.back() == '?')
1722  url.pop_back();
1723 }

References is_token_character().

Referenced by XrdHttpReq::Redir(), and stripCgi().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ stripCgi() [2/2]

void stripCgi ( XrdOucString url,
const std::unordered_set< std::string > &  cgiKeys 
)

Definition at line 1725 of file XrdOucUtils.cc.

1726 {
1727  std::string tmp = url.c_str();
1728  stripCgi(tmp, cgiKeys);
1729  url = tmp.c_str();
1730 }
stripCgi
void stripCgi(std::string &url, const std::unordered_set< std::string > &cgiKeys)
Definition: XrdOucUtils.cc:1698
XrdOucString::c_str
const char * c_str() const
Definition: XrdOucString.hh:278

References XrdOucString::c_str(), and stripCgi().

+ Here is the call graph for this function: