Skip to content

Commit

Permalink
Merge c7e7b32 into 509064d
Browse files Browse the repository at this point in the history
  • Loading branch information
@StekPerepolnen
StekPerepolnen authored Nov 1, 2024
2 parents 509064d + c7e7b32 commit 66527ae
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 21 deletions.
63 changes: 42 additions & 21 deletions ydb/library/actors/http/http.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
#include <util/generic/hash_set.h>
#include <util/generic/buffer.h>
#include <util/generic/intrlist.h>
#include <ydb/library/security/util.h>
#include "http_config.h"

// TODO(xenoxeno): hide in implementation
Expand Down Expand Up @@ -208,40 +209,60 @@ class THttpBase : public HeaderType, public BufferType {
public:
TString GetObfuscatedData() const {
THeaders headers(HeaderType::Headers);
TStringBuf authorization(headers["Authorization"]);
TStringBuf cookie(headers["Cookie"]);
TStringBuf set_cookie(headers["Set-Cookie"]);
TStringBuf x_ydb_auth_ticket(headers["x-ydb-auth-ticket"]);
TStringBuf x_yacloud_subjecttoken(headers["x-yacloud-subjecttoken"]);
TStringBuf authorizationHeader(headers["Authorization"]);
TStringBuf cookieHeader(headers["Cookie"]);
TStringBuf setCookieHeader(headers["Set-Cookie"]);
TStringBuf xYdbAuthTicketHeader(headers["x-ydb-auth-ticket"]);
TStringBuf xYacloudSubjecttokenHeader(headers["x-yacloud-subjecttoken"]);
TString data(GetRawData());
if (!authorization.empty()) {
auto pos = data.find(authorization);
if (!authorizationHeader.empty()) {
auto pos = data.find(authorizationHeader);
if (pos != TString::npos) {
data.replace(pos, authorization.size(), TString("<obfuscated>"));
data.replace(pos, authorizationHeader.size(), TString("<obfuscated>"));
}
}
if (!cookie.empty()) {
auto pos = data.find(cookie);
if (!cookieHeader.empty()) {
TString obfuscated = TString(cookieHeader);
NHttp::TCookies cookies(headers.Get("Cookie"));
for (auto& [name, value] : cookies.Cookies) {
TString obfuscatedValue = NKikimr::MaskTicket(value);
auto posValue = obfuscated.find(value);
if (posValue != TString::npos) {
obfuscated.replace(posValue, value.size(), obfuscatedValue);
}
}
auto pos = data.find(cookieHeader);
if (pos != TString::npos) {
data.replace(pos, cookie.size(), TString("<obfuscated>"));
data.replace(pos, cookieHeader.size(), obfuscated);
}
}
if (!set_cookie.empty()) {
auto pos = data.find(set_cookie);
if (pos != TString::npos) {
data.replace(pos, set_cookie.size(), TString("<obfuscated>"));
if (!setCookieHeader.empty()) {
TStringBuf setCookieParser(setCookieHeader);
TStringBuf name = setCookieParser.NextTok('=');
TStringBuf value = setCookieParser.NextTok(';');
if (!name.empty()) {
TString obfuscatedValue = NKikimr::MaskTicket(value);
TString obfuscated = TString(setCookieHeader);
auto posValue = obfuscated.find(value);
if (posValue != TString::npos) {
obfuscated.replace(posValue, value.size(), obfuscatedValue);
}
auto pos = data.find(setCookieHeader);
if (pos != TString::npos) {
data.replace(pos, setCookieHeader.size(), obfuscated);
}
}
}
if (!x_ydb_auth_ticket.empty()) {
auto pos = data.find(x_ydb_auth_ticket);
if (!xYdbAuthTicketHeader.empty()) {
auto pos = data.find(xYdbAuthTicketHeader);
if (pos != TString::npos) {
data.replace(pos, x_ydb_auth_ticket.size(), TString("<obfuscated>"));
data.replace(pos, xYdbAuthTicketHeader.size(), TString("<obfuscated>"));
}
}
if (!x_yacloud_subjecttoken.empty()) {
auto pos = data.find(x_yacloud_subjecttoken);
if (!xYacloudSubjecttokenHeader.empty()) {
auto pos = data.find(xYacloudSubjecttokenHeader);
if (pos != TString::npos) {
data.replace(pos, x_yacloud_subjecttoken.size(), TString("<obfuscated>"));
data.replace(pos, xYacloudSubjecttokenHeader.size(), TString("<obfuscated>"));
}
}
return data;
Expand Down
1 change: 1 addition & 0 deletions ydb/library/actors/http/ya.make
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ PEERDIR(
contrib/libs/zlib
ydb/library/actors/core
ydb/library/actors/interconnect
ydb/library/security
library/cpp/dns
library/cpp/monlib/metrics
library/cpp/string_utils/quote
Expand Down

0 comments on commit 66527ae

Please sign in to comment.