// Copyright 2014 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/http/http_log_util.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "net/http/http_auth_challenge_tokenizer.h" namespace net { namespace { bool ShouldRedactChallenge(HttpAuthChallengeTokenizer* challenge) { // Ignore lines with commas, as they may contain lists of schemes, and // the information we want to hide is Base64 encoded, so has no commas. if (challenge->challenge_text().find(',') != std::string::npos) return false; std::string scheme = StringToLowerASCII(challenge->scheme()); // Invalid input. if (scheme.empty()) return false; // Ignore Basic and Digest authentication challenges, as they contain // public information. if (scheme == "basic" || scheme == "digest") return false; return true; } } // namespace std::string ElideHeaderValueForNetLog(NetLog::LogLevel log_level, const std::string& header, const std::string& value) { #if defined(SPDY_PROXY_AUTH_ORIGIN) if (!base::strcasecmp(header.c_str(), "proxy-authorization") || !base::strcasecmp(header.c_str(), "proxy-authenticate")) { return "[elided]"; } #endif if (log_level < NetLog::LOG_STRIP_PRIVATE_DATA) return value; // Note: this logic should be kept in sync with stripCookiesAndLoginInfo in // chrome/browser/resources/net_internals/log_view_painter.js. std::string::const_iterator redact_begin = value.begin(); std::string::const_iterator redact_end = value.begin(); if (!base::strcasecmp(header.c_str(), "set-cookie") || !base::strcasecmp(header.c_str(), "set-cookie2") || !base::strcasecmp(header.c_str(), "cookie") || !base::strcasecmp(header.c_str(), "authorization") || !base::strcasecmp(header.c_str(), "proxy-authorization")) { redact_begin = value.begin(); redact_end = value.end(); } else if (!base::strcasecmp(header.c_str(), "www-authenticate") || !base::strcasecmp(header.c_str(), "proxy-authenticate")) { // Look for authentication information from data received from the server in // multi-round Negotiate authentication. HttpAuthChallengeTokenizer challenge(value.begin(), value.end()); if (ShouldRedactChallenge(&challenge)) { redact_begin = challenge.params_begin(); redact_end = challenge.params_end(); } } if (redact_begin == redact_end) return value; return std::string(value.begin(), redact_begin) + base::StringPrintf("[%ld bytes were stripped]", static_cast<long>(redact_end - redact_begin)) + std::string(redact_end, value.end()); } } // namespace net