XrdOucUtils.cc File Reference

#include <cctype>
#include <grp.h>
#include <cstdio>
#include <list>
#include <vector>
#include <unordered_set>
#include <algorithm>
#include <charconv>
#include <regex.h>
#include <fcntl.h>
#include <math.h>
#include <pwd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <map>
#include <iomanip>
#include "XrdNet/XrdNetUtils.hh"
#include "XrdOuc/XrdOucCRC.hh"
#include "XrdOuc/XrdOucEnv.hh"
#include "XrdOuc/XrdOucSHA3.hh"
#include "XrdOuc/XrdOucStream.hh"
#include "XrdOuc/XrdOucString.hh"
#include "XrdOuc/XrdOucUtils.hh"
#include "XrdOuc/XrdOucPrivateUtils.hh"
#include "XrdSys/XrdSysE2T.hh"
#include "XrdSys/XrdSysError.hh"
#include "XrdSys/XrdSysPlatform.hh"
#include "XrdSys/XrdSysPthread.hh"

Include dependency graph for XrdOucUtils.cc:

Go to the source code of this file.

Macros
#define	ENODATA   ENOATTR
#define	SHFT(k)
#define	SHFT(k, m)

Functions
static int	from_hex (char c)
static bool	is_rfc3986_unreserved (unsigned char c)
static bool	is_token_character (int c)
std::string	obfuscateAuth (const std::string &input)
void	stripCgi (std::string &url, const std::unordered_set< std::string > &cgiKeys)
void	stripCgi (XrdOucString &url, const std::unordered_set< std::string > &cgiKeys)

Macro Definition Documentation

ENODATA

#define ENODATA   ENOATTR

Definition at line 68 of file XrdOucUtils.cc.

SHFT [1/2]

#define SHFT

(

k

)

Value:

if (n >= (1ULL << k)) { i += k; n >>= k; }

Referenced by XrdOucUtils::Log10(), and XrdOucUtils::Log2().

SHFT [2/2]

#define SHFT	(		k,
			m )

Value:

if (n >= m) { i += k; n /= m; }

Function Documentation

from_hex()

int from_hex ( char c )

static

Definition at line 1654 of file XrdOucUtils.cc.

{
  if (c >= '0' && c <= '9') return c - '0';
  if (c >= 'A' && c <= 'F') return c - 'A' + 10;
  if (c >= 'a' && c <= 'f') return c - 'a' + 10;
  return -1;
}

Referenced by XrdOucUtils::UrlDecode().

Here is the caller graph for this function:

is_rfc3986_unreserved()

bool is_rfc3986_unreserved ( unsigned char c )

static

Definition at line 1623 of file XrdOucUtils.cc.

{
  return std::isalnum(c) || c == '-' || c == '_' || c == '.' || c == '~';
}

Referenced by XrdOucUtils::UrlEncode().

Here is the caller graph for this function:

is_token_character()

bool is_token_character ( int c )

static

Returns a boolean indicating whether 'c' is a valid token character or not. See https://datatracker.ietf.org/doc/html/rfc6750#section-2.1 for details.

Definition at line 1569 of file XrdOucUtils.cc.

{
  if (isalnum(c))
    return true;
 
  static constexpr char token_chars[] = "-._~+/=:%";
 
  for (char ch : token_chars)
    if (c == ch)
      return true;
 
  return false;
}

Referenced by obfuscateAuth(), and stripCgi().

Here is the caller graph for this function:

obfuscateAuth()

std::string obfuscateAuth

(

const std::string &

input

)

This function obfuscates away authz= cgi elements and/or HTTP authorization headers from URL or other log line strings which might contain them.

Parameters

input

the string to obfuscate

Returns

the string with token values obfuscated

Definition at line 1591 of file XrdOucUtils.cc.

{
  static const regex_t auth_regex = []() {
    constexpr char re[] =
      "(authz=|(transferheader)?(www-|proxy-)?auth(orization|enticate)[[:space:]]*:[[:space:]]*)"
      "(Bearer([[:space:]]|%20)?(token([[:space:]]|%20)?)?)?";
 
    regex_t regex;
 
    if (regcomp(&regex, re, REG_EXTENDED | REG_ICASE) != 0)
      throw std::runtime_error("Failed to compile regular expression");
 
    return regex;
  }();
 
  regmatch_t match;
  size_t offset = 0;
  std::string redacted;
  const char *const text = input.c_str();
 
  while (regexec(&auth_regex, text + offset, 1, &match, 0) == 0) {
    redacted.append(text + offset, match.rm_eo).append("REDACTED");
 
    offset += match.rm_eo;
 
    while (offset < input.size() && is_token_character(input[offset]))
      ++offset;
  }
 
  return redacted.append(text + offset);
}

References is_token_character().

Referenced by XrdPfc::Cache::Attach(), XrdPosixXrootd::Close(), XrdPosixFile::DelayedDestroy(), XrdPosixFile::DelayedDestroy(), XrdPosixPrepIO::Disable(), XrdCl::URL::FromString(), XrdPssSys::FSctl(), XrdPssCks::Get(), XrdCl::URL::GetObfuscatedURL(), XrdCl::Utils::LogPropertyList(), main(), XrdPssSys::Mkdir(), XrdPssFile::Open(), XrdPssDir::Opendir(), XrdHttpProtocol::Process(), XrdHttpReq::ProcessHTTPReq(), XrdPssSys::Remdir(), XrdPssSys::Rename(), XrdCl::Message::SetDescription(), XrdPssSys::Stat(), XrdPssSys::Truncate(), and XrdPssSys::Unlink().

Here is the call graph for this function:

Here is the caller graph for this function:

stripCgi() [1/2]

void stripCgi	(	std::string &	url,
		const std::unordered_set< std::string > &	cgiKeys )

Strip selected CGI elements (e.g. "authz=...") from a string/URL.

Parameters

url	the string/URL to sanitize
cgiKeys	CGI parameter names to remove (without the trailing '=')

Definition at line 1698 of file XrdOucUtils.cc.

{
  for (const auto &key : cgiKeys) {
    if (key.empty())
      continue;
 
    const std::string needle = key + "=";
    size_t spos = 0, epos = 0;
 
    while ((spos = url.find(needle, spos)) != std::string::npos) {
      epos = spos;
      while (epos < url.size() && is_token_character(url[epos]))
        ++epos;
      url.erase(spos, epos - spos);
    }
  }
 
  // If a stripped CGI was the first element, remove the extra &
  size_t spos = 0;
  if ((spos = url.find("?&")) != std::string::npos)
    url.erase(spos + 1, 1);
 
  // If stripping removed the only query parameter, remove the dangling ?
  if (!url.empty() && url.back() == '?')
    url.pop_back();
}

References is_token_character().

Referenced by XrdHttpReq::Redir(), and stripCgi().

Here is the call graph for this function:

Here is the caller graph for this function:

stripCgi() [2/2]

void stripCgi	(	XrdOucString &	url,
		const std::unordered_set< std::string > &	cgiKeys )

Definition at line 1725 of file XrdOucUtils.cc.

{
  std::string tmp = url.c_str();
  stripCgi(tmp, cgiKeys);
  url = tmp.c_str();
}

References XrdOucString::c_str(), and stripCgi().

Here is the call graph for this function: