XrdOucPrivateUtils.hh File Reference

#include "XrdOuc/XrdOucString.hh"
#include <regex>
#include <string>
#include <unordered_set>
#include <string_view>
#include <vector>

Include dependency graph for XrdOucPrivateUtils.hh:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions
static bool	is_subdirectory (const std::string_view dir, const std::string_view subdir)
std::string	obfuscateAuth (const std::string &input)
void	splitHostCgi (std::string_view target, std::string &host, std::string &cgi)
void	stripCgi (std::string &url, const std::unordered_set< std::string > &cgiKeys)
void	stripCgi (XrdOucString &url, const std::unordered_set< std::string > &cgiKeys)

Function Documentation

is_subdirectory()

bool is_subdirectory ( const std::string_view dir, const std::string_view subdir )

inlinestatic

PRIVATE HEADER for utility functions, implementation in XrdOucUtils.cc Returns true if path subdir is a subdirectory of dir.

Definition at line 37 of file XrdOucPrivateUtils.hh.

{
    if (subdir.size() < dir.size() || dir.empty())
      return false;
 
    if (subdir.compare(0, dir.size(), dir, 0, dir.size()) != 0)
      return false;
 
    return dir.size() == subdir.size() || subdir[dir.size()] == '/' || dir.back() == '/';
}

Referenced by XrdAccRules::apply(), and DoMv().

Here is the caller graph for this function:

obfuscateAuth()

std::string obfuscateAuth

(

const std::string &

input

)

Obfuscates strings containing "authz=value", "Authorization: value", "TransferHeaderAuthorization: value", "WhateverAuthorization: value" in a case insensitive way.

Parameters

input

the string to obfuscate

This function obfuscates away authz= cgi elements and/or HTTP authorization headers from URL or other log line strings which might contain them.

Parameters

input

the string to obfuscate

Returns

the string with token values obfuscated

Definition at line 1610 of file XrdOucUtils.cc.

{
  static const regex_t auth_regex = []() {
    constexpr char re[] =
      "(authz=|(transferheader)?(www-|proxy-)?auth(orization|enticate)[[:space:]]*:[[:space:]]*)"
      "(Bearer([[:space:]]|%20)?(token([[:space:]]|%20)?)?)?";
 
    regex_t regex;
 
    if (regcomp(&regex, re, REG_EXTENDED | REG_ICASE) != 0)
      throw std::runtime_error("Failed to compile regular expression");
 
    return regex;
  }();
 
  regmatch_t match;
  size_t offset = 0;
  std::string redacted;
  const char *const text = input.c_str();
 
  while (regexec(&auth_regex, text + offset, 1, &match, 0) == 0) {
    redacted.append(text + offset, match.rm_eo).append("REDACTED");
 
    offset += match.rm_eo;
 
    while (offset < input.size() && is_token_character(input[offset]))
      ++offset;
  }
 
  return redacted.append(text + offset);
}

References is_token_character().

Referenced by XrdPfc::Cache::Attach(), XrdPosixXrootd::Close(), XrdPosixFile::DelayedDestroy(), XrdPosixFile::DelayedDestroy(), XrdPosixPrepIO::Disable(), XrdCl::URL::FromString(), XrdPssSys::FSctl(), XrdPssCks::Get(), XrdCl::URL::GetObfuscatedURL(), XrdCl::Utils::LogPropertyList(), main(), XrdPssSys::Mkdir(), XrdPssFile::Open(), XrdPssDir::Opendir(), XrdHttpProtocol::Process(), XrdHttpReq::ProcessHTTPReq(), XrdPssSys::Remdir(), XrdPssSys::Rename(), XrdCl::Message::SetDescription(), XrdPssSys::Stat(), XrdPssSys::Truncate(), and XrdPssSys::Unlink().

Here is the call graph for this function:

Here is the caller graph for this function:

splitHostCgi()

void splitHostCgi	(	std::string_view	target,
		std::string &	host,
		std::string &	cgi )

Split a "host[?cgi]" string at its first '?'.

Parameters

target	the "host[?cgi]" string to split
host	output: the portion before the first '?', or the whole string when target contains no '?'
cgi	output: the first '?' and everything after it (so it begins with '?'), or empty when target contains no '?'

Definition at line 1751 of file XrdOucUtils.cc.

{
  const size_t q = target.find('?');
  if (q == std::string::npos) {host.assign(target); cgi.clear();}
     else {host.assign(target.data(), q);
           cgi.assign(target.data() + q, target.size() - q);
          }
}

Referenced by XrdXrootdRedirHelper::Redirect().

Here is the caller graph for this function:

stripCgi() [1/2]

void stripCgi	(	std::string &	url,
		const std::unordered_set< std::string > &	cgiKeys )

Strip selected CGI elements (e.g. "authz=...") from a string/URL. The function removes occurrences of "<key>=<token>" for each key in cgiKeys

Parameters

url	the string/URL to sanitize (modified in-place)
cgiKeys	CGI parameter names to remove (without the trailing '=')

Strip selected CGI elements (e.g. "authz=...") from a string/URL.

Parameters

url	the string/URL to sanitize
cgiKeys	CGI parameter names to remove (without the trailing '=')

Definition at line 1717 of file XrdOucUtils.cc.

{
  for (const auto &key : cgiKeys) {
    if (key.empty())
      continue;
 
    const std::string needle = key + "=";
    size_t spos = 0, epos = 0;
 
    while ((spos = url.find(needle, spos)) != std::string::npos) {
      epos = spos;
      while (epos < url.size() && is_token_character(url[epos]))
        ++epos;
      url.erase(spos, epos - spos);
    }
  }
 
  // If a stripped CGI was the first element, remove the extra &
  size_t spos = 0;
  if ((spos = url.find("?&")) != std::string::npos)
    url.erase(spos + 1, 1);
 
  // If stripping removed the only query parameter, remove the dangling ?
  if (!url.empty() && url.back() == '?')
    url.pop_back();
}

References is_token_character().

Referenced by XrdHttpReq::Redir(), and stripCgi().

Here is the call graph for this function:

Here is the caller graph for this function:

stripCgi() [2/2]

void stripCgi	(	XrdOucString &	url,
		const std::unordered_set< std::string > &	cgiKeys )

Definition at line 1744 of file XrdOucUtils.cc.

{
  std::string tmp = url.c_str();
  stripCgi(tmp, cgiKeys);
  url = tmp.c_str();
}

References XrdOucString::c_str(), and stripCgi().

Here is the call graph for this function: