1 // Copyright 2014 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/http_log_util.h"
6
7 #include "base/strings/string_util.h"
8 #include "base/strings/stringprintf.h"
9 #include "net/http/http_auth_challenge_tokenizer.h"
10 #include "net/http/http_auth_scheme.h"
11 #include "net/http/http_request_headers.h"
12 #include "net/http/http_response_headers.h"
13 #include "net/log/net_log_with_source.h"
14
15 namespace net {
16
17 namespace {
18
ShouldRedactChallenge(HttpAuthChallengeTokenizer * challenge)19 bool ShouldRedactChallenge(HttpAuthChallengeTokenizer* challenge) {
20 // Ignore lines with commas, as they may contain lists of schemes, and
21 // the information we want to hide is Base64 encoded, so has no commas.
22 if (challenge->challenge_text().find(',') != std::string::npos)
23 return false;
24
25 std::string scheme = challenge->auth_scheme();
26 // Invalid input.
27 if (scheme.empty())
28 return false;
29
30 // Ignore Basic and Digest authentication challenges, as they contain
31 // public information.
32 if (scheme == kBasicAuthScheme || scheme == kDigestAuthScheme)
33 return false;
34
35 return true;
36 }
37
38 } // namespace
39
ElideHeaderValueForNetLog(NetLogCaptureMode capture_mode,const std::string & header,const std::string & value)40 std::string ElideHeaderValueForNetLog(NetLogCaptureMode capture_mode,
41 const std::string& header,
42 const std::string& value) {
43 std::string::const_iterator redact_begin = value.begin();
44 std::string::const_iterator redact_end = value.begin();
45
46 if (redact_begin == redact_end &&
47 !NetLogCaptureIncludesSensitive(capture_mode)) {
48 if (base::EqualsCaseInsensitiveASCII(header, "set-cookie") ||
49 base::EqualsCaseInsensitiveASCII(header, "set-cookie2") ||
50 base::EqualsCaseInsensitiveASCII(header, "cookie") ||
51 base::EqualsCaseInsensitiveASCII(header, "authorization") ||
52 base::EqualsCaseInsensitiveASCII(header, "proxy-authorization")) {
53 redact_begin = value.begin();
54 redact_end = value.end();
55 } else if (base::EqualsCaseInsensitiveASCII(header, "www-authenticate") ||
56 base::EqualsCaseInsensitiveASCII(header, "proxy-authenticate")) {
57 // Look for authentication information from data received from the server
58 // in multi-round Negotiate authentication.
59 HttpAuthChallengeTokenizer challenge(value.begin(), value.end());
60 if (ShouldRedactChallenge(&challenge)) {
61 redact_begin = challenge.params_begin();
62 redact_end = challenge.params_end();
63 }
64 }
65 }
66
67 if (redact_begin == redact_end)
68 return value;
69
70 return std::string(value.begin(), redact_begin) +
71 base::StringPrintf("[%ld bytes were stripped]",
72 static_cast<long>(redact_end - redact_begin)) +
73 std::string(redact_end, value.end());
74 }
75
NetLogResponseHeaders(const NetLogWithSource & net_log,NetLogEventType type,const HttpResponseHeaders * headers)76 NET_EXPORT void NetLogResponseHeaders(const NetLogWithSource& net_log,
77 NetLogEventType type,
78 const HttpResponseHeaders* headers) {
79 net_log.AddEvent(type, [&](NetLogCaptureMode capture_mode) {
80 return headers->NetLogParams(capture_mode);
81 });
82 }
83
NetLogRequestHeaders(const NetLogWithSource & net_log,NetLogEventType type,const std::string & request_line,const HttpRequestHeaders * headers)84 void NetLogRequestHeaders(const NetLogWithSource& net_log,
85 NetLogEventType type,
86 const std::string& request_line,
87 const HttpRequestHeaders* headers) {
88 net_log.AddEvent(type, [&](NetLogCaptureMode capture_mode) {
89 return headers->NetLogParams(request_line, capture_mode);
90 });
91 }
92
93 } // namespace net
94