From 4a29047fd27b2d387f14662c96a6a1f67ec1d8cb Mon Sep 17 00:00:00 2001 From: StekPerepolnen Date: Thu, 31 Oct 2024 15:49:54 +0000 Subject: [PATCH 1/2] return cookie names --- ydb/library/actors/http/http.h | 77 ++++++++++++++++++++++++--------- ydb/library/actors/http/ya.make | 1 + 2 files changed, 57 insertions(+), 21 deletions(-) diff --git a/ydb/library/actors/http/http.h b/ydb/library/actors/http/http.h index d499c7788fba..e5a0aed0ba4c 100644 --- a/ydb/library/actors/http/http.h +++ b/ydb/library/actors/http/http.h @@ -6,6 +6,7 @@ #include #include #include +#include #include "http_config.h" // TODO(xenoxeno): hide in implementation @@ -208,40 +209,74 @@ class THttpBase : public HeaderType, public BufferType { public: TString GetObfuscatedData() const { THeaders headers(HeaderType::Headers); - TStringBuf authorization(headers["Authorization"]); - TStringBuf cookie(headers["Cookie"]); - TStringBuf set_cookie(headers["Set-Cookie"]); - TStringBuf x_ydb_auth_ticket(headers["x-ydb-auth-ticket"]); - TStringBuf x_yacloud_subjecttoken(headers["x-yacloud-subjecttoken"]); + TStringBuf authorizationHeader(headers["Authorization"]); + TStringBuf cookieHeader(headers["Cookie"]); + TStringBuf setCookieHeader(headers["Set-Cookie"]); + TStringBuf xYdbAuthTicketHeader(headers["x-ydb-auth-ticket"]); + TStringBuf xYacloudSubjecttokenHeader(headers["x-yacloud-subjecttoken"]); TString data(GetRawData()); - if (!authorization.empty()) { - auto pos = data.find(authorization); + if (!authorizationHeader.empty()) { + auto pos = data.find(authorizationHeader); if (pos != TString::npos) { - data.replace(pos, authorization.size(), TString("")); + data.replace(pos, authorizationHeader.size(), TString("")); } } - if (!cookie.empty()) { - auto pos = data.find(cookie); + if (!cookieHeader.empty()) { + Cerr << "iiii cookieHeader: " << cookieHeader << Endl; + TString obfuscated = TString(cookieHeader); + NHttp::TCookies cookies(headers.Get("Cookie")); + for (auto& [name, value] : cookies.Cookies) { + Cerr << "i old value: " << value << Endl; + TString obfuscatedValue = NKikimr::MaskTicket(value); + auto posValue = obfuscated.find(value); + if (posValue != TString::npos) { + Cerr << "i found!" << Endl; + obfuscated.replace(posValue, value.size(), obfuscatedValue); + } + Cerr << "i new value: " << value << Endl; + } + Cerr << "iiii obfuscated: " << obfuscated << Endl; + auto pos = data.find(cookieHeader); if (pos != TString::npos) { - data.replace(pos, cookie.size(), TString("")); + data.replace(pos, cookieHeader.size(), obfuscated); } } - if (!set_cookie.empty()) { - auto pos = data.find(set_cookie); - if (pos != TString::npos) { - data.replace(pos, set_cookie.size(), TString("")); + if (!setCookieHeader.empty()) { + Cerr << "iiii setCookieHeader: " << setCookieHeader << Endl; + TStringBuf setCookieParser(setCookieHeader); + TStringBuf name = setCookieParser.NextTok('='); + TStringBuf value = setCookieParser.NextTok(';'); + Cerr << "iiii name: " << name << Endl; + if (!name.empty()) { + TString obfuscatedValue = NKikimr::MaskTicket(value); + TString obfuscated = TString(setCookieHeader); + Cerr << "i old header: " << obfuscated << Endl; + Cerr << "i old value: " << value << Endl; + Cerr << "i new value: " << obfuscatedValue << Endl; + auto posValue = obfuscated.find(value); + if (posValue != TString::npos) { + Cerr << "i found!" << Endl; + obfuscated.replace(posValue, value.size(), obfuscatedValue); + Cerr << "i new header: " << obfuscated << Endl; + } + Cerr << "iiii obfuscated: " << obfuscated << Endl; + auto pos = data.find(setCookieHeader); + if (pos != TString::npos) { + Cerr << "iiii found!" << Endl; + data.replace(pos, setCookieHeader.size(), obfuscated); + } } } - if (!x_ydb_auth_ticket.empty()) { - auto pos = data.find(x_ydb_auth_ticket); + if (!xYdbAuthTicketHeader.empty()) { + auto pos = data.find(xYdbAuthTicketHeader); if (pos != TString::npos) { - data.replace(pos, x_ydb_auth_ticket.size(), TString("")); + data.replace(pos, xYdbAuthTicketHeader.size(), TString("")); } } - if (!x_yacloud_subjecttoken.empty()) { - auto pos = data.find(x_yacloud_subjecttoken); + if (!xYacloudSubjecttokenHeader.empty()) { + auto pos = data.find(xYacloudSubjecttokenHeader); if (pos != TString::npos) { - data.replace(pos, x_yacloud_subjecttoken.size(), TString("")); + data.replace(pos, xYacloudSubjecttokenHeader.size(), TString("")); } } return data; diff --git a/ydb/library/actors/http/ya.make b/ydb/library/actors/http/ya.make index bd1bbd7ebe5c..5943cad80116 100644 --- a/ydb/library/actors/http/ya.make +++ b/ydb/library/actors/http/ya.make @@ -24,6 +24,7 @@ PEERDIR( contrib/libs/zlib ydb/library/actors/core ydb/library/actors/interconnect + ydb/library/security library/cpp/dns library/cpp/monlib/metrics library/cpp/string_utils/quote From c7e7b32a5d700cc6d840d1404115dcbcb41d2b85 Mon Sep 17 00:00:00 2001 From: StekPerepolnen Date: Fri, 1 Nov 2024 15:51:55 +0000 Subject: [PATCH 2/2] remove logs --- ydb/library/actors/http/http.h | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/ydb/library/actors/http/http.h b/ydb/library/actors/http/http.h index e5a0aed0ba4c..dd8a840d76a8 100644 --- a/ydb/library/actors/http/http.h +++ b/ydb/library/actors/http/http.h @@ -222,47 +222,33 @@ class THttpBase : public HeaderType, public BufferType { } } if (!cookieHeader.empty()) { - Cerr << "iiii cookieHeader: " << cookieHeader << Endl; TString obfuscated = TString(cookieHeader); NHttp::TCookies cookies(headers.Get("Cookie")); for (auto& [name, value] : cookies.Cookies) { - Cerr << "i old value: " << value << Endl; TString obfuscatedValue = NKikimr::MaskTicket(value); auto posValue = obfuscated.find(value); if (posValue != TString::npos) { - Cerr << "i found!" << Endl; obfuscated.replace(posValue, value.size(), obfuscatedValue); } - Cerr << "i new value: " << value << Endl; } - Cerr << "iiii obfuscated: " << obfuscated << Endl; auto pos = data.find(cookieHeader); if (pos != TString::npos) { data.replace(pos, cookieHeader.size(), obfuscated); } } if (!setCookieHeader.empty()) { - Cerr << "iiii setCookieHeader: " << setCookieHeader << Endl; TStringBuf setCookieParser(setCookieHeader); TStringBuf name = setCookieParser.NextTok('='); TStringBuf value = setCookieParser.NextTok(';'); - Cerr << "iiii name: " << name << Endl; if (!name.empty()) { TString obfuscatedValue = NKikimr::MaskTicket(value); TString obfuscated = TString(setCookieHeader); - Cerr << "i old header: " << obfuscated << Endl; - Cerr << "i old value: " << value << Endl; - Cerr << "i new value: " << obfuscatedValue << Endl; auto posValue = obfuscated.find(value); if (posValue != TString::npos) { - Cerr << "i found!" << Endl; obfuscated.replace(posValue, value.size(), obfuscatedValue); - Cerr << "i new header: " << obfuscated << Endl; } - Cerr << "iiii obfuscated: " << obfuscated << Endl; auto pos = data.find(setCookieHeader); if (pos != TString::npos) { - Cerr << "iiii found!" << Endl; data.replace(pos, setCookieHeader.size(), obfuscated); } }