net/http/http_log_util.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/http/http_log_util.h"
   6
   7 #include "base/strings/string_util.h"
   8 #include "base/strings/stringprintf.h"
   9 #include "net/http/http_auth_challenge_tokenizer.h"
  10 #include "net/http/http_util.h"
  11
  12 namespace net {
  13
  14 namespace {
  15
  16 bool ShouldRedactChallenge(HttpAuthChallengeTokenizer* challenge) {
  17   // Ignore lines with commas, as they may contain lists of schemes, and
  18   // the information we want to hide is Base64 encoded, so has no commas.
  19   if (challenge->challenge_text().find(',') != std::string::npos)
  20     return false;
  21
  22   std::string scheme = base::ToLowerASCII(challenge->scheme());
  23   // Invalid input.
  24   if (scheme.empty())
  25     return false;
  26
  27   // Ignore Basic and Digest authentication challenges, as they contain
  28   // public information.
  29   if (scheme == "basic" || scheme == "digest")
  30     return false;
  31
  32   return true;
  33 }
  34
  35 }  // namespace
  36
  37 std::string ElideHeaderValueForNetLog(NetLogCaptureMode capture_mode,
  38                                       const std::string& header,
  39                                       const std::string& value) {
  40   std::string::const_iterator redact_begin = value.begin();
  41   std::string::const_iterator redact_end = value.begin();
  42
  43   if (redact_begin == redact_end &&
  44       !capture_mode.include_cookies_and_credentials()) {
  45     // Note: this logic should be kept in sync with stripCookiesAndLoginInfo in
  46     // chrome/browser/resources/net_internals/log_view_painter.js.
  47
  48     if (base::EqualsCaseInsensitiveASCII(header, "set-cookie") ||
  49         base::EqualsCaseInsensitiveASCII(header, "set-cookie2") ||
  50         base::EqualsCaseInsensitiveASCII(header, "cookie") ||
  51         base::EqualsCaseInsensitiveASCII(header, "authorization") ||
  52         base::EqualsCaseInsensitiveASCII(header, "proxy-authorization")) {
  53       redact_begin = value.begin();
  54       redact_end = value.end();
  55     } else if (base::EqualsCaseInsensitiveASCII(header, "www-authenticate") ||
  56                base::EqualsCaseInsensitiveASCII(header, "proxy-authenticate")) {
  57       // Look for authentication information from data received from the server
  58       // in multi-round Negotiate authentication.
  59       HttpAuthChallengeTokenizer challenge(value.begin(), value.end());
  60       if (ShouldRedactChallenge(&challenge)) {
  61         redact_begin = challenge.params_begin();
  62         redact_end = challenge.params_end();
  63       }
  64     }
  65   }
  66
  67   if (redact_begin == redact_end)
  68     return value;
  69
  70   return std::string(value.begin(), redact_begin) +
  71       base::StringPrintf("[%ld bytes were stripped]",
  72                          static_cast<long>(redact_end - redact_begin)) +
  73       std::string(redact_end, value.end());
  74 }
  75
  76 }  // namespace net