1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/http_log_util.h"
7 #include "base/strings/string_util.h"
8 #include "base/strings/stringprintf.h"
9 #include "net/http/http_auth_challenge_tokenizer.h"
10 #include "net/http/http_util.h"
16 bool ShouldRedactChallenge(HttpAuthChallengeTokenizer
* challenge
) {
17 // Ignore lines with commas, as they may contain lists of schemes, and
18 // the information we want to hide is Base64 encoded, so has no commas.
19 if (challenge
->challenge_text().find(',') != std::string::npos
)
22 std::string scheme
= base::StringToLowerASCII(challenge
->scheme());
27 // Ignore Basic and Digest authentication challenges, as they contain
28 // public information.
29 if (scheme
== "basic" || scheme
== "digest")
37 #if defined(SPDY_PROXY_AUTH_ORIGIN)
38 void ElideChromeProxyDirective(const std::string
& header_value
,
39 const std::string
& directive
,
40 std::string::const_iterator
* redact_begin
,
41 std::string::const_iterator
* redact_end
) {
42 HttpUtil::ValuesIterator
it(header_value
.begin(), header_value
.end(), ',');
43 while (it
.GetNext()) {
44 if (LowerCaseEqualsASCII(it
.value_begin(),
45 it
.value_begin() + directive
.size(),
47 *redact_begin
= it
.value_begin();
48 *redact_end
= it
.value_end();
55 std::string
ElideHeaderValueForNetLog(NetLog::LogLevel log_level
,
56 const std::string
& header
,
57 const std::string
& value
) {
58 std::string::const_iterator redact_begin
= value
.begin();
59 std::string::const_iterator redact_end
= value
.begin();
60 #if defined(SPDY_PROXY_AUTH_ORIGIN)
61 if (!base::strcasecmp(header
.c_str(), "chrome-proxy")) {
62 ElideChromeProxyDirective(value
, "sid=", &redact_begin
, &redact_end
);
66 if (redact_begin
== redact_end
&&
67 log_level
>= NetLog::LOG_STRIP_PRIVATE_DATA
) {
69 // Note: this logic should be kept in sync with stripCookiesAndLoginInfo in
70 // chrome/browser/resources/net_internals/log_view_painter.js.
72 if (!base::strcasecmp(header
.c_str(), "set-cookie") ||
73 !base::strcasecmp(header
.c_str(), "set-cookie2") ||
74 !base::strcasecmp(header
.c_str(), "cookie") ||
75 !base::strcasecmp(header
.c_str(), "authorization") ||
76 !base::strcasecmp(header
.c_str(), "proxy-authorization")) {
77 redact_begin
= value
.begin();
78 redact_end
= value
.end();
79 } else if (!base::strcasecmp(header
.c_str(), "www-authenticate") ||
80 !base::strcasecmp(header
.c_str(), "proxy-authenticate")) {
81 // Look for authentication information from data received from the server
82 // in multi-round Negotiate authentication.
83 HttpAuthChallengeTokenizer
challenge(value
.begin(), value
.end());
84 if (ShouldRedactChallenge(&challenge
)) {
85 redact_begin
= challenge
.params_begin();
86 redact_end
= challenge
.params_end();
91 if (redact_begin
== redact_end
)
94 return std::string(value
.begin(), redact_begin
) +
95 base::StringPrintf("[%ld bytes were stripped]",
96 static_cast<long>(redact_end
- redact_begin
)) +
97 std::string(redact_end
, value
.end());