XRootD
Loading...
Searching...
No Matches
XrdOucUtils.cc File Reference
#include <cctype>
#include <grp.h>
#include <cstdio>
#include <list>
#include <vector>
#include <unordered_set>
#include <algorithm>
#include <charconv>
#include <regex.h>
#include <fcntl.h>
#include <math.h>
#include <pwd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <map>
#include <iomanip>
#include "XrdNet/XrdNetUtils.hh"
#include "XrdOuc/XrdOucCRC.hh"
#include "XrdOuc/XrdOucEnv.hh"
#include "XrdOuc/XrdOucSHA3.hh"
#include "XrdOuc/XrdOucStream.hh"
#include "XrdOuc/XrdOucString.hh"
#include "XrdOuc/XrdOucUtils.hh"
#include "XrdOuc/XrdOucPrivateUtils.hh"
#include "XrdSys/XrdSysE2T.hh"
#include "XrdSys/XrdSysError.hh"
#include "XrdSys/XrdSysPlatform.hh"
#include "XrdSys/XrdSysPthread.hh"
Include dependency graph for XrdOucUtils.cc:

Go to the source code of this file.

Macros

#define ENODATA   ENOATTR
#define SHFT(k)
#define SHFT(k, m)

Functions

static int from_hex (char c)
static bool is_rfc3986_unreserved (unsigned char c)
static bool is_token_character (int c)
std::string obfuscateAuth (const std::string &input)
void stripCgi (std::string &url, const std::unordered_set< std::string > &cgiKeys)
void stripCgi (XrdOucString &url, const std::unordered_set< std::string > &cgiKeys)

Macro Definition Documentation

◆ ENODATA

#define ENODATA   ENOATTR

Definition at line 68 of file XrdOucUtils.cc.

◆ SHFT [1/2]

#define SHFT ( k)
Value:
if (n >= (1ULL << k)) { i += k; n >>= k; }

Referenced by XrdOucUtils::Log10(), and XrdOucUtils::Log2().

◆ SHFT [2/2]

#define SHFT ( k,
m )
Value:
if (n >= m) { i += k; n /= m; }

Function Documentation

◆ from_hex()

int from_hex ( char c)
static

Definition at line 1654 of file XrdOucUtils.cc.

1655{
1656 if (c >= '0' && c <= '9') return c - '0';
1657 if (c >= 'A' && c <= 'F') return c - 'A' + 10;
1658 if (c >= 'a' && c <= 'f') return c - 'a' + 10;
1659 return -1;
1660}

Referenced by XrdOucUtils::UrlDecode().

Here is the caller graph for this function:

◆ is_rfc3986_unreserved()

bool is_rfc3986_unreserved ( unsigned char c)
static

Definition at line 1623 of file XrdOucUtils.cc.

1624{
1625 return std::isalnum(c) || c == '-' || c == '_' || c == '.' || c == '~';
1626}

Referenced by XrdOucUtils::UrlEncode().

Here is the caller graph for this function:

◆ is_token_character()

bool is_token_character ( int c)
static

Returns a boolean indicating whether 'c' is a valid token character or not. See https://datatracker.ietf.org/doc/html/rfc6750#section-2.1 for details.

Definition at line 1569 of file XrdOucUtils.cc.

1570{
1571 if (isalnum(c))
1572 return true;
1573
1574 static constexpr char token_chars[] = "-._~+/=:%";
1575
1576 for (char ch : token_chars)
1577 if (c == ch)
1578 return true;
1579
1580 return false;
1581}

Referenced by obfuscateAuth(), and stripCgi().

Here is the caller graph for this function:

◆ obfuscateAuth()

std::string obfuscateAuth ( const std::string & input)

This function obfuscates away authz= cgi elements and/or HTTP authorization headers from URL or other log line strings which might contain them.

Parameters
inputthe string to obfuscate
Returns
the string with token values obfuscated

Obfuscates strings containing "authz=value", "Authorization: value", "TransferHeaderAuthorization: value", "WhateverAuthorization: value" in a case insensitive way.

Parameters
inputthe string to obfuscate

Definition at line 1591 of file XrdOucUtils.cc.

1592{
1593 static const regex_t auth_regex = []() {
1594 constexpr char re[] =
1595 "(authz=|(transferheader)?(www-|proxy-)?auth(orization|enticate)[[:space:]]*:[[:space:]]*)"
1596 "(Bearer([[:space:]]|%20)?(token([[:space:]]|%20)?)?)?";
1597
1598 regex_t regex;
1599
1600 if (regcomp(&regex, re, REG_EXTENDED | REG_ICASE) != 0)
1601 throw std::runtime_error("Failed to compile regular expression");
1602
1603 return regex;
1604 }();
1605
1606 regmatch_t match;
1607 size_t offset = 0;
1608 std::string redacted;
1609 const char *const text = input.c_str();
1610
1611 while (regexec(&auth_regex, text + offset, 1, &match, 0) == 0) {
1612 redacted.append(text + offset, match.rm_eo).append("REDACTED");
1613
1614 offset += match.rm_eo;
1615
1616 while (offset < input.size() && is_token_character(input[offset]))
1617 ++offset;
1618 }
1619
1620 return redacted.append(text + offset);
1621}
is_token_character
static bool is_token_character(int c)
Definition XrdOucUtils.cc:1569

References is_token_character().

Referenced by XrdPfc::Cache::Attach(), XrdPosixXrootd::Close(), XrdPosixFile::DelayedDestroy(), XrdPosixFile::DelayedDestroy(), XrdPosixPrepIO::Disable(), XrdCl::URL::FromString(), XrdPssSys::FSctl(), XrdPssCks::Get(), XrdCl::URL::GetObfuscatedURL(), XrdCl::Utils::LogPropertyList(), main(), XrdPssSys::Mkdir(), XrdPssFile::Open(), XrdPssDir::Opendir(), XrdHttpProtocol::Process(), XrdHttpReq::ProcessHTTPReq(), XrdPssSys::Remdir(), XrdPssSys::Rename(), XrdCl::Message::SetDescription(), XrdPssSys::Stat(), XrdPssSys::Truncate(), and XrdPssSys::Unlink().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ stripCgi() [1/2]

void stripCgi ( std::string & url,
const std::unordered_set< std::string > & cgiKeys )

Strip selected CGI elements (e.g. "authz=...") from a string/URL.

Parameters
urlthe string/URL to sanitize
cgiKeysCGI parameter names to remove (without the trailing '=')

Strip selected CGI elements (e.g. "authz=...") from a string/URL. The function removes occurrences of "<key>=<token>" for each key in cgiKeys

Parameters
urlthe string/URL to sanitize (modified in-place)
cgiKeysCGI parameter names to remove (without the trailing '=')

Definition at line 1698 of file XrdOucUtils.cc.

1699{
1700 for (const auto &key : cgiKeys) {
1701 if (key.empty())
1702 continue;
1703
1704 const std::string needle = key + "=";
1705 size_t spos = 0, epos = 0;
1706
1707 while ((spos = url.find(needle, spos)) != std::string::npos) {
1708 epos = spos;
1709 while (epos < url.size() && is_token_character(url[epos]))
1710 ++epos;
1711 url.erase(spos, epos - spos);
1712 }
1713 }
1714
1715 // If a stripped CGI was the first element, remove the extra &
1716 size_t spos = 0;
1717 if ((spos = url.find("?&")) != std::string::npos)
1718 url.erase(spos + 1, 1);
1719
1720 // If stripping removed the only query parameter, remove the dangling ?
1721 if (!url.empty() && url.back() == '?')
1722 url.pop_back();
1723}

References is_token_character().

Referenced by XrdHttpReq::Redir(), and stripCgi().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ stripCgi() [2/2]

void stripCgi ( XrdOucString & url,
const std::unordered_set< std::string > & cgiKeys )

Definition at line 1725 of file XrdOucUtils.cc.

1726{
1727 std::string tmp = url.c_str();
1728 stripCgi(tmp, cgiKeys);
1729 url = tmp.c_str();
1730}
stripCgi
void stripCgi(std::string &url, const std::unordered_set< std::string > &cgiKeys)
Definition XrdOucUtils.cc:1698
XrdOucString::c_str
const char * c_str() const
Definition XrdOucString.hh:278

References XrdOucString::c_str(), and stripCgi().

Here is the call graph for this function: