#include <regex>
#include <string>
#include <vector>

Include dependency graph for XrdOucPrivateUtils.hh:

This graph shows which files directly or indirectly include this file:

Functions
static bool	is_subdirectory (const std::string &dir, const std::string &subdir)

std::string	obfuscateAuth (const std::string &input)

Function Documentation

◆ is_subdirectory()

static bool is_subdirectory	(	const std::string &	dir,
		const std::string &	subdir
	)

inlinestatic

PRIVATE HEADER for utility functions, implementation in XrdOucUtils.cc Returns true if path subdir is a subdirectory of dir.

Definition at line 33 of file XrdOucPrivateUtils.hh.

 {
     if (subdir.size() < dir.size() || dir.empty())
       return false;
  
     if (subdir.compare(0, dir.size(), dir, 0, dir.size()) != 0)
       return false;
  
     return dir.size() == subdir.size() || subdir[dir.size()] == '/' || dir.back() == '/';
 }

Referenced by XrdAccRules::apply(), and DoMv().

Here is the caller graph for this function:

◆ obfuscateAuth()

std::string obfuscateAuth ( const std::string & input )

Obfuscates strings containing "authz=value", "Authorization: value", "TransferHeaderAuthorization: value", "WhateverAuthorization: value" in a case insensitive way.

Parameters

input the string to obfuscate

This function obfuscates away authz= cgi elements and/or HTTP authorization headers from URL or other log line strings which might contain them.

Parameters

input the string to obfuscate

Returns: the string with token values obfuscated

Definition at line 1534 of file XrdOucUtils.cc.

 {
   static const regex_t auth_regex = []() {
     constexpr char re[] =
       "(authz=|(transferheader)?(www-|proxy-)?auth(orization|enticate)[[:space:]]*:[[:space:]]*)"
       "(Bearer([[:space:]]|%20)?(token([[:space:]]|%20)?)?)?";
  
     regex_t regex;
  
     if (regcomp(&regex, re, REG_EXTENDED | REG_ICASE) != 0)
       throw std::runtime_error("Failed to compile regular expression");
  
     return regex;
   }();
  
   regmatch_t match;
   size_t offset = 0;
   std::string redacted;
   const char *const text = input.c_str();
  
   while (regexec(&auth_regex, text + offset, 1, &match, 0) == 0) {
     redacted.append(text + offset, match.rm_eo).append("REDACTED");
  
     offset += match.rm_eo;
  
     while (offset < input.size() && is_token_character(input[offset]))
       ++offset;
   }
  
   return redacted.append(text + offset);
 }

References is_token_character().

Referenced by XrdPfc::Cache::Attach(), XrdPosixXrootd::Close(), XrdPosixFile::DelayedDestroy(), XrdPosixPrepIO::Disable(), XrdCl::URL::FromString(), XrdPssCks::Get(), XrdCl::URL::GetObfuscatedURL(), XrdCl::Utils::LogPropertyList(), main(), XrdPssSys::Mkdir(), XrdPssFile::Open(), XrdPssDir::Opendir(), XrdHttpProtocol::Process(), XrdHttpReq::ProcessHTTPReq(), XrdHttpReq::Redir(), XrdPssSys::Remdir(), XrdPssSys::Rename(), XrdCl::Message::SetDescription(), XrdPssSys::Stat(), XrdPssSys::Truncate(), and XrdPssSys::Unlink().

Here is the call graph for this function:

Here is the caller graph for this function:

Functions

Function Documentation

◆ is_subdirectory()

◆ obfuscateAuth()