XRootD
XrdOucPrivateUtils.hh File Reference
#include "XrdOuc/XrdOucString.hh"
#include <regex>
#include <string>
#include <unordered_set>
#include <string_view>
#include <vector>
+ Include dependency graph for XrdOucPrivateUtils.hh:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

static bool is_subdirectory (const std::string_view dir, const std::string_view subdir)
 
std::string obfuscateAuth (const std::string &input)
 
void splitHostCgi (std::string_view target, std::string &host, std::string &cgi)
 
void stripCgi (std::string &url, const std::unordered_set< std::string > &cgiKeys)
 
void stripCgi (XrdOucString &url, const std::unordered_set< std::string > &cgiKeys)
 

Function Documentation

◆ is_subdirectory()

static bool is_subdirectory ( const std::string_view  dir,
const std::string_view  subdir 
)
inlinestatic

PRIVATE HEADER for utility functions, implementation in XrdOucUtils.cc Returns true if path subdir is a subdirectory of dir.

Definition at line 37 of file XrdOucPrivateUtils.hh.

39 {
40  if (subdir.size() < dir.size() || dir.empty())
41  return false;
42 
43  if (subdir.compare(0, dir.size(), dir, 0, dir.size()) != 0)
44  return false;
45 
46  return dir.size() == subdir.size() || subdir[dir.size()] == '/' || dir.back() == '/';
47 }

Referenced by SubpathMatch::apply(), and DoMv().

+ Here is the caller graph for this function:

◆ obfuscateAuth()

std::string obfuscateAuth ( const std::string &  input)

Obfuscates strings containing "authz=value", "Authorization: value", "TransferHeaderAuthorization: value", "WhateverAuthorization: value" in a case insensitive way.

Parameters
inputthe string to obfuscate

This function obfuscates away authz= cgi elements and/or HTTP authorization headers from URL or other log line strings which might contain them.

Parameters
inputthe string to obfuscate
Returns
the string with token values obfuscated

Definition at line 1610 of file XrdOucUtils.cc.

1611 {
1612  static const regex_t auth_regex = []() {
1613  constexpr char re[] =
1614  "(access_token=|authz=|(transferheader)?(www-|proxy-)?auth(orization|enticate)[[:space:]]*:[[:space:]]*)"
1615  "(Bearer([[:space:]]|%20)?(token([[:space:]]|%20)?)?)?";
1616 
1617  regex_t regex;
1618 
1619  if (regcomp(&regex, re, REG_EXTENDED | REG_ICASE) != 0)
1620  throw std::runtime_error("Failed to compile regular expression");
1621 
1622  return regex;
1623  }();
1624 
1625  regmatch_t match;
1626  size_t offset = 0;
1627  std::string redacted;
1628  const char *const text = input.c_str();
1629 
1630  while (regexec(&auth_regex, text + offset, 1, &match, 0) == 0) {
1631  redacted.append(text + offset, match.rm_eo).append("REDACTED");
1632 
1633  offset += match.rm_eo;
1634 
1635  while (offset < input.size() && is_token_character(input[offset]))
1636  ++offset;
1637  }
1638 
1639  return redacted.append(text + offset);
1640 }
static bool is_token_character(int c)

References is_token_character().

Referenced by XrdPfc::Cache::Attach(), XrdPosixXrootd::Close(), XrdPosixFile::DelayedDestroy(), XrdPosixPrepIO::Disable(), XrdCl::URL::FromString(), XrdPssSys::FSctl(), XrdPssCks::Get(), XrdCl::URL::GetObfuscatedURL(), XrdCl::Utils::LogPropertyList(), main(), XrdPssSys::Mkdir(), XrdPssFile::Open(), XrdPssDir::Opendir(), XrdHttpProtocol::Process(), XrdHttpReq::ProcessHTTPReq(), XrdPssSys::Remdir(), XrdPssSys::Rename(), XrdCl::Message::SetDescription(), XrdPssSys::Stat(), XrdPssSys::Truncate(), and XrdPssSys::Unlink().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ splitHostCgi()

void splitHostCgi ( std::string_view  target,
std::string &  host,
std::string &  cgi 
)

Split a "host[?cgi]" string at its first '?'.

Parameters
targetthe "host[?cgi]" string to split
hostoutput: the portion before the first '?', or the whole string when target contains no '?'
cgioutput: the first '?' and everything after it (so it begins with '?'), or empty when target contains no '?'

Definition at line 1751 of file XrdOucUtils.cc.

1753 {
1754  const size_t q = target.find('?');
1755  if (q == std::string::npos) {host.assign(target); cgi.clear();}
1756  else {host.assign(target.data(), q);
1757  cgi.assign(target.data() + q, target.size() - q);
1758  }
1759 }

Referenced by XrdXrootdRedirHelper::Redirect().

+ Here is the caller graph for this function:

◆ stripCgi() [1/2]

void stripCgi ( std::string &  url,
const std::unordered_set< std::string > &  cgiKeys 
)

Strip selected CGI elements (e.g. "authz=...") from a string/URL. The function removes occurrences of "<key>=<token>" for each key in cgiKeys

Parameters
urlthe string/URL to sanitize (modified in-place)
cgiKeysCGI parameter names to remove (without the trailing '=')

Strip selected CGI elements (e.g. "authz=...") from a string/URL.

Parameters
urlthe string/URL to sanitize
cgiKeysCGI parameter names to remove (without the trailing '=')

Definition at line 1717 of file XrdOucUtils.cc.

1718 {
1719  for (const auto &key : cgiKeys) {
1720  if (key.empty())
1721  continue;
1722 
1723  const std::string needle = key + "=";
1724  size_t spos = 0, epos = 0;
1725 
1726  while ((spos = url.find(needle, spos)) != std::string::npos) {
1727  epos = spos;
1728  while (epos < url.size() && is_token_character(url[epos]))
1729  ++epos;
1730  url.erase(spos, epos - spos);
1731  }
1732  }
1733 
1734  // If a stripped CGI was the first element, remove the extra &
1735  size_t spos = 0;
1736  if ((spos = url.find("?&")) != std::string::npos)
1737  url.erase(spos + 1, 1);
1738 
1739  // If stripping removed the only query parameter, remove the dangling ?
1740  if (!url.empty() && url.back() == '?')
1741  url.pop_back();
1742 }

References is_token_character().

Referenced by XrdHttpReq::Redir(), and stripCgi().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ stripCgi() [2/2]

void stripCgi ( XrdOucString url,
const std::unordered_set< std::string > &  cgiKeys 
)

Definition at line 1744 of file XrdOucUtils.cc.

1745 {
1746  std::string tmp = url.c_str();
1747  stripCgi(tmp, cgiKeys);
1748  url = tmp.c_str();
1749 }
void stripCgi(std::string &url, const std::unordered_set< std::string > &cgiKeys)
const char * c_str() const

References XrdOucString::c_str(), and stripCgi().

+ Here is the call graph for this function: