xref: /aosp_15_r20/external/cronet/net/http/http_log_util.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1*6777b538SAndroid Build Coastguard Worker // Copyright 2014 The Chromium Authors
2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be
3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file.
4*6777b538SAndroid Build Coastguard Worker 
5*6777b538SAndroid Build Coastguard Worker #include "net/http/http_log_util.h"
6*6777b538SAndroid Build Coastguard Worker 
7*6777b538SAndroid Build Coastguard Worker #include "base/strings/string_util.h"
8*6777b538SAndroid Build Coastguard Worker #include "base/strings/stringprintf.h"
9*6777b538SAndroid Build Coastguard Worker #include "net/http/http_auth_challenge_tokenizer.h"
10*6777b538SAndroid Build Coastguard Worker #include "net/http/http_auth_scheme.h"
11*6777b538SAndroid Build Coastguard Worker #include "net/http/http_request_headers.h"
12*6777b538SAndroid Build Coastguard Worker #include "net/http/http_response_headers.h"
13*6777b538SAndroid Build Coastguard Worker #include "net/log/net_log_with_source.h"
14*6777b538SAndroid Build Coastguard Worker 
15*6777b538SAndroid Build Coastguard Worker namespace net {
16*6777b538SAndroid Build Coastguard Worker 
17*6777b538SAndroid Build Coastguard Worker namespace {
18*6777b538SAndroid Build Coastguard Worker 
ShouldRedactChallenge(HttpAuthChallengeTokenizer * challenge)19*6777b538SAndroid Build Coastguard Worker bool ShouldRedactChallenge(HttpAuthChallengeTokenizer* challenge) {
20*6777b538SAndroid Build Coastguard Worker   // Ignore lines with commas, as they may contain lists of schemes, and
21*6777b538SAndroid Build Coastguard Worker   // the information we want to hide is Base64 encoded, so has no commas.
22*6777b538SAndroid Build Coastguard Worker   if (challenge->challenge_text().find(',') != std::string::npos)
23*6777b538SAndroid Build Coastguard Worker     return false;
24*6777b538SAndroid Build Coastguard Worker 
25*6777b538SAndroid Build Coastguard Worker   std::string scheme = challenge->auth_scheme();
26*6777b538SAndroid Build Coastguard Worker   // Invalid input.
27*6777b538SAndroid Build Coastguard Worker   if (scheme.empty())
28*6777b538SAndroid Build Coastguard Worker     return false;
29*6777b538SAndroid Build Coastguard Worker 
30*6777b538SAndroid Build Coastguard Worker   // Ignore Basic and Digest authentication challenges, as they contain
31*6777b538SAndroid Build Coastguard Worker   // public information.
32*6777b538SAndroid Build Coastguard Worker   if (scheme == kBasicAuthScheme || scheme == kDigestAuthScheme)
33*6777b538SAndroid Build Coastguard Worker     return false;
34*6777b538SAndroid Build Coastguard Worker 
35*6777b538SAndroid Build Coastguard Worker   return true;
36*6777b538SAndroid Build Coastguard Worker }
37*6777b538SAndroid Build Coastguard Worker 
38*6777b538SAndroid Build Coastguard Worker }  // namespace
39*6777b538SAndroid Build Coastguard Worker 
ElideHeaderValueForNetLog(NetLogCaptureMode capture_mode,const std::string & header,const std::string & value)40*6777b538SAndroid Build Coastguard Worker std::string ElideHeaderValueForNetLog(NetLogCaptureMode capture_mode,
41*6777b538SAndroid Build Coastguard Worker                                       const std::string& header,
42*6777b538SAndroid Build Coastguard Worker                                       const std::string& value) {
43*6777b538SAndroid Build Coastguard Worker   std::string::const_iterator redact_begin = value.begin();
44*6777b538SAndroid Build Coastguard Worker   std::string::const_iterator redact_end = value.begin();
45*6777b538SAndroid Build Coastguard Worker 
46*6777b538SAndroid Build Coastguard Worker   if (redact_begin == redact_end &&
47*6777b538SAndroid Build Coastguard Worker       !NetLogCaptureIncludesSensitive(capture_mode)) {
48*6777b538SAndroid Build Coastguard Worker     if (base::EqualsCaseInsensitiveASCII(header, "set-cookie") ||
49*6777b538SAndroid Build Coastguard Worker         base::EqualsCaseInsensitiveASCII(header, "set-cookie2") ||
50*6777b538SAndroid Build Coastguard Worker         base::EqualsCaseInsensitiveASCII(header, "cookie") ||
51*6777b538SAndroid Build Coastguard Worker         base::EqualsCaseInsensitiveASCII(header, "authorization") ||
52*6777b538SAndroid Build Coastguard Worker         base::EqualsCaseInsensitiveASCII(header, "proxy-authorization")) {
53*6777b538SAndroid Build Coastguard Worker       redact_begin = value.begin();
54*6777b538SAndroid Build Coastguard Worker       redact_end = value.end();
55*6777b538SAndroid Build Coastguard Worker     } else if (base::EqualsCaseInsensitiveASCII(header, "www-authenticate") ||
56*6777b538SAndroid Build Coastguard Worker                base::EqualsCaseInsensitiveASCII(header, "proxy-authenticate")) {
57*6777b538SAndroid Build Coastguard Worker       // Look for authentication information from data received from the server
58*6777b538SAndroid Build Coastguard Worker       // in multi-round Negotiate authentication.
59*6777b538SAndroid Build Coastguard Worker       HttpAuthChallengeTokenizer challenge(value.begin(), value.end());
60*6777b538SAndroid Build Coastguard Worker       if (ShouldRedactChallenge(&challenge)) {
61*6777b538SAndroid Build Coastguard Worker         redact_begin = challenge.params_begin();
62*6777b538SAndroid Build Coastguard Worker         redact_end = challenge.params_end();
63*6777b538SAndroid Build Coastguard Worker       }
64*6777b538SAndroid Build Coastguard Worker     }
65*6777b538SAndroid Build Coastguard Worker   }
66*6777b538SAndroid Build Coastguard Worker 
67*6777b538SAndroid Build Coastguard Worker   if (redact_begin == redact_end)
68*6777b538SAndroid Build Coastguard Worker     return value;
69*6777b538SAndroid Build Coastguard Worker 
70*6777b538SAndroid Build Coastguard Worker   return std::string(value.begin(), redact_begin) +
71*6777b538SAndroid Build Coastguard Worker       base::StringPrintf("[%ld bytes were stripped]",
72*6777b538SAndroid Build Coastguard Worker                          static_cast<long>(redact_end - redact_begin)) +
73*6777b538SAndroid Build Coastguard Worker       std::string(redact_end, value.end());
74*6777b538SAndroid Build Coastguard Worker }
75*6777b538SAndroid Build Coastguard Worker 
NetLogResponseHeaders(const NetLogWithSource & net_log,NetLogEventType type,const HttpResponseHeaders * headers)76*6777b538SAndroid Build Coastguard Worker NET_EXPORT void NetLogResponseHeaders(const NetLogWithSource& net_log,
77*6777b538SAndroid Build Coastguard Worker                                       NetLogEventType type,
78*6777b538SAndroid Build Coastguard Worker                                       const HttpResponseHeaders* headers) {
79*6777b538SAndroid Build Coastguard Worker   net_log.AddEvent(type, [&](NetLogCaptureMode capture_mode) {
80*6777b538SAndroid Build Coastguard Worker     return headers->NetLogParams(capture_mode);
81*6777b538SAndroid Build Coastguard Worker   });
82*6777b538SAndroid Build Coastguard Worker }
83*6777b538SAndroid Build Coastguard Worker 
NetLogRequestHeaders(const NetLogWithSource & net_log,NetLogEventType type,const std::string & request_line,const HttpRequestHeaders * headers)84*6777b538SAndroid Build Coastguard Worker void NetLogRequestHeaders(const NetLogWithSource& net_log,
85*6777b538SAndroid Build Coastguard Worker                           NetLogEventType type,
86*6777b538SAndroid Build Coastguard Worker                           const std::string& request_line,
87*6777b538SAndroid Build Coastguard Worker                           const HttpRequestHeaders* headers) {
88*6777b538SAndroid Build Coastguard Worker   net_log.AddEvent(type, [&](NetLogCaptureMode capture_mode) {
89*6777b538SAndroid Build Coastguard Worker     return headers->NetLogParams(request_line, capture_mode);
90*6777b538SAndroid Build Coastguard Worker   });
91*6777b538SAndroid Build Coastguard Worker }
92*6777b538SAndroid Build Coastguard Worker 
93*6777b538SAndroid Build Coastguard Worker }  // namespace net
94