XRootD
XrdOucPrivateUtils.hh File Reference
#include <regex>
#include <string>
#include <vector>
+ Include dependency graph for XrdOucPrivateUtils.hh:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

std::string obfuscateAuth (const std::string &input)
 

Function Documentation

◆ obfuscateAuth()

std::string obfuscateAuth ( const std::string &  input)

PRIVATE HEADER for utility functions, implementation in XrdOucUtils.cc Obfuscates strings containing "authz=value", "Authorization: value", "TransferHeaderAuthorization: value", "WhateverAuthorization: value" in a case insensitive way.

Parameters
inputthe string to obfuscate

This function obfuscates away authz= cgi elements and/or HTTP authorization headers from URL or other log line strings which might contain them.

Parameters
inputthe string to obfuscate
Returns
the string with token values obfuscated

Definition at line 1447 of file XrdOucUtils.cc.

1448 {
1449  static const regex_t auth_regex = []() {
1450  constexpr char re[] =
1451  "(access_token=|authz=|(transferheader)?(www-|proxy-)?auth(orization|enticate)[[:space:]]*:[[:space:]]*)"
1452  "(Bearer([[:space:]]|%20)?(token([[:space:]]|%20)?)?)?";
1453 
1454  regex_t regex;
1455 
1456  if (regcomp(&regex, re, REG_EXTENDED | REG_ICASE) != 0)
1457  throw std::runtime_error("Failed to compile regular expression");
1458 
1459  return regex;
1460  }();
1461 
1462  regmatch_t match;
1463  size_t offset = 0;
1464  std::string redacted;
1465  const char *const text = input.c_str();
1466 
1467  while (regexec(&auth_regex, text + offset, 1, &match, 0) == 0) {
1468  redacted.append(text + offset, match.rm_eo).append("REDACTED");
1469 
1470  offset += match.rm_eo;
1471 
1472  while (offset < input.size() && is_token_character(input[offset]))
1473  ++offset;
1474  }
1475 
1476  return redacted.append(text + offset);
1477 }
static bool is_token_character(int c)

References is_token_character().

Referenced by XrdPfc::Cache::Attach(), XrdPosixXrootd::Close(), XrdPosixFile::DelayedDestroy(), XrdPosixPrepIO::Disable(), XrdCl::URL::FromString(), XrdPssCks::Get(), XrdCl::URL::GetObfuscatedURL(), XrdCl::Utils::LogPropertyList(), main(), XrdPssSys::Mkdir(), XrdPssFile::Open(), XrdPssDir::Opendir(), XrdHttpProtocol::Process(), XrdHttpReq::ProcessHTTPReq(), XrdHttpReq::Redir(), XrdPssSys::Remdir(), XrdPssSys::Rename(), XrdCl::Message::SetDescription(), XrdPssSys::Stat(), XrdPssSys::Truncate(), and XrdPssSys::Unlink().

+ Here is the call graph for this function:
+ Here is the caller graph for this function: