XRootD
XrdOucPrivateUtils.hh File Reference
#include <regex>
#include <string>
#include <vector>
+ Include dependency graph for XrdOucPrivateUtils.hh:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

static bool is_subdirectory (const std::string_view dir, const std::string_view subdir)
 
std::string obfuscateAuth (const std::string &input)
 

Function Documentation

◆ is_subdirectory()

static bool is_subdirectory ( const std::string_view  dir,
const std::string_view  subdir 
)
inlinestatic

PRIVATE HEADER for utility functions, implementation in XrdOucUtils.cc Returns true if path subdir is a subdirectory of dir.

Definition at line 33 of file XrdOucPrivateUtils.hh.

35 {
36  if (subdir.size() < dir.size())
37  return false;
38 
39  if (subdir.compare(0, dir.size(), dir, 0, dir.size()) != 0)
40  return false;
41 
42  return dir.size() == subdir.size() || subdir[dir.size()] == '/' || dir == "/";
43 }

Referenced by SubpathMatch::apply(), and DoMv().

+ Here is the caller graph for this function:

◆ obfuscateAuth()

std::string obfuscateAuth ( const std::string &  input)

Obfuscates strings containing "authz=value", "Authorization: value", "TransferHeaderAuthorization: value", "WhateverAuthorization: value" in a case insensitive way.

Parameters
inputthe string to obfuscate

This function obfuscates away authz= cgi elements and/or HTTP authorization headers from URL or other log line strings which might contain them.

Parameters
inputthe string to obfuscate
Returns
the string with token values obfuscated

Definition at line 1479 of file XrdOucUtils.cc.

1480 {
1481  static const regex_t auth_regex = []() {
1482  constexpr char re[] =
1483  "(access_token=|authz=|(transferheader)?(www-|proxy-)?auth(orization|enticate)[[:space:]]*:[[:space:]]*)"
1484  "(Bearer([[:space:]]|%20)?(token([[:space:]]|%20)?)?)?";
1485 
1486  regex_t regex;
1487 
1488  if (regcomp(&regex, re, REG_EXTENDED | REG_ICASE) != 0)
1489  throw std::runtime_error("Failed to compile regular expression");
1490 
1491  return regex;
1492  }();
1493 
1494  regmatch_t match;
1495  size_t offset = 0;
1496  std::string redacted;
1497  const char *const text = input.c_str();
1498 
1499  while (regexec(&auth_regex, text + offset, 1, &match, 0) == 0) {
1500  redacted.append(text + offset, match.rm_eo).append("REDACTED");
1501 
1502  offset += match.rm_eo;
1503 
1504  while (offset < input.size() && is_token_character(input[offset]))
1505  ++offset;
1506  }
1507 
1508  return redacted.append(text + offset);
1509 }
static bool is_token_character(int c)

References is_token_character().

Referenced by XrdPfc::Cache::Attach(), XrdPosixXrootd::Close(), XrdPosixFile::DelayedDestroy(), XrdPosixPrepIO::Disable(), XrdCl::URL::FromString(), XrdPssCks::Get(), XrdCl::URL::GetObfuscatedURL(), XrdCl::Utils::LogPropertyList(), main(), XrdPssSys::Mkdir(), XrdPssFile::Open(), XrdPssDir::Opendir(), XrdHttpProtocol::Process(), XrdHttpReq::ProcessHTTPReq(), XrdHttpReq::Redir(), XrdPssSys::Remdir(), XrdPssSys::Rename(), XrdCl::Message::SetDescription(), XrdPssSys::Stat(), XrdPssSys::Truncate(), and XrdPssSys::Unlink().

+ Here is the call graph for this function:
+ Here is the caller graph for this function: