XRootD
Loading...
Searching...
No Matches
XrdOucPrivateUtils.hh File Reference
#include "XrdOuc/XrdOucString.hh"
#include <regex>
#include <string>
#include <unordered_set>
#include <vector>
Include dependency graph for XrdOucPrivateUtils.hh:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

static bool is_subdirectory (const std::string &dir, const std::string &subdir)
std::string obfuscateAuth (const std::string &input)
void stripCgi (std::string &url, const std::unordered_set< std::string > &cgiKeys)
void stripCgi (XrdOucString &url, const std::unordered_set< std::string > &cgiKeys)

Function Documentation

◆ is_subdirectory()

bool is_subdirectory ( const std::string & dir,
const std::string & subdir )
inlinestatic

PRIVATE HEADER for utility functions, implementation in XrdOucUtils.cc Returns true if path subdir is a subdirectory of dir.

Definition at line 36 of file XrdOucPrivateUtils.hh.

38{
39 if (subdir.size() < dir.size() || dir.empty())
40 return false;
41
42 if (subdir.compare(0, dir.size(), dir, 0, dir.size()) != 0)
43 return false;
44
45 return dir.size() == subdir.size() || subdir[dir.size()] == '/' || dir.back() == '/';
46}

Referenced by XrdAccRules::apply(), and DoMv().

Here is the caller graph for this function:

◆ obfuscateAuth()

std::string obfuscateAuth ( const std::string & input)

Obfuscates strings containing "authz=value", "Authorization: value", "TransferHeaderAuthorization: value", "WhateverAuthorization: value" in a case insensitive way.

Parameters
inputthe string to obfuscate

This function obfuscates away authz= cgi elements and/or HTTP authorization headers from URL or other log line strings which might contain them.

Parameters
inputthe string to obfuscate
Returns
the string with token values obfuscated

Definition at line 1591 of file XrdOucUtils.cc.

1592{
1593 static const regex_t auth_regex = []() {
1594 constexpr char re[] =
1595 "(authz=|(transferheader)?(www-|proxy-)?auth(orization|enticate)[[:space:]]*:[[:space:]]*)"
1596 "(Bearer([[:space:]]|%20)?(token([[:space:]]|%20)?)?)?";
1597
1598 regex_t regex;
1599
1600 if (regcomp(&regex, re, REG_EXTENDED | REG_ICASE) != 0)
1601 throw std::runtime_error("Failed to compile regular expression");
1602
1603 return regex;
1604 }();
1605
1606 regmatch_t match;
1607 size_t offset = 0;
1608 std::string redacted;
1609 const char *const text = input.c_str();
1610
1611 while (regexec(&auth_regex, text + offset, 1, &match, 0) == 0) {
1612 redacted.append(text + offset, match.rm_eo).append("REDACTED");
1613
1614 offset += match.rm_eo;
1615
1616 while (offset < input.size() && is_token_character(input[offset]))
1617 ++offset;
1618 }
1619
1620 return redacted.append(text + offset);
1621}
is_token_character
static bool is_token_character(int c)
Definition XrdOucUtils.cc:1569

References is_token_character().

Referenced by XrdPfc::Cache::Attach(), XrdPosixXrootd::Close(), XrdPosixFile::DelayedDestroy(), XrdPosixFile::DelayedDestroy(), XrdPosixPrepIO::Disable(), XrdCl::URL::FromString(), XrdPssSys::FSctl(), XrdPssCks::Get(), XrdCl::URL::GetObfuscatedURL(), XrdCl::Utils::LogPropertyList(), main(), XrdPssSys::Mkdir(), XrdPssFile::Open(), XrdPssDir::Opendir(), XrdHttpProtocol::Process(), XrdHttpReq::ProcessHTTPReq(), XrdPssSys::Remdir(), XrdPssSys::Rename(), XrdCl::Message::SetDescription(), XrdPssSys::Stat(), XrdPssSys::Truncate(), and XrdPssSys::Unlink().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ stripCgi() [1/2]

void stripCgi ( std::string & url,
const std::unordered_set< std::string > & cgiKeys )

Strip selected CGI elements (e.g. "authz=...") from a string/URL. The function removes occurrences of "<key>=<token>" for each key in cgiKeys

Parameters
urlthe string/URL to sanitize (modified in-place)
cgiKeysCGI parameter names to remove (without the trailing '=')

Strip selected CGI elements (e.g. "authz=...") from a string/URL.

Parameters
urlthe string/URL to sanitize
cgiKeysCGI parameter names to remove (without the trailing '=')

Definition at line 1698 of file XrdOucUtils.cc.

1699{
1700 for (const auto &key : cgiKeys) {
1701 if (key.empty())
1702 continue;
1703
1704 const std::string needle = key + "=";
1705 size_t spos = 0, epos = 0;
1706
1707 while ((spos = url.find(needle, spos)) != std::string::npos) {
1708 epos = spos;
1709 while (epos < url.size() && is_token_character(url[epos]))
1710 ++epos;
1711 url.erase(spos, epos - spos);
1712 }
1713 }
1714
1715 // If a stripped CGI was the first element, remove the extra &
1716 size_t spos = 0;
1717 if ((spos = url.find("?&")) != std::string::npos)
1718 url.erase(spos + 1, 1);
1719
1720 // If stripping removed the only query parameter, remove the dangling ?
1721 if (!url.empty() && url.back() == '?')
1722 url.pop_back();
1723}

References is_token_character().

Referenced by XrdHttpReq::Redir(), and stripCgi().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ stripCgi() [2/2]

void stripCgi ( XrdOucString & url,
const std::unordered_set< std::string > & cgiKeys )

Definition at line 1725 of file XrdOucUtils.cc.

1726{
1727 std::string tmp = url.c_str();
1728 stripCgi(tmp, cgiKeys);
1729 url = tmp.c_str();
1730}
stripCgi
void stripCgi(std::string &url, const std::unordered_set< std::string > &cgiKeys)
Definition XrdOucUtils.cc:1698
XrdOucString::c_str
const char * c_str() const
Definition XrdOucString.hh:278

References XrdOucString::c_str(), and stripCgi().

Here is the call graph for this function: