NetLog: Escape data in AUTH_HANDLER_CREATE_RESULT

Authentication-related headers may contain data that is not valid UTF-8, and which cannot be recorded in NetLogs without escaping. Escape such data. Bug: 1125250 Change-Id: I3c5e0b58a11a8b83ecd1b5048289f70a961c683b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2393980Reviewed-by: Matt Menke <mmenke@chromium.org> Commit-Queue: Eric Lawrence [MSFT] <ericlaw@microsoft.com> Cr-Commit-Position: refs/heads/master@{#804610}

NetLog: Escape data in AUTH_HANDLER_CREATE_RESULT
Authentication-related headers may contain data that is not valid UTF-8, and which cannot be recorded in NetLogs without escaping. Escape such data. Bug: 1125250 Change-Id: I3c5e0b58a11a8b83ecd1b5048289f70a961c683b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2393980Reviewed-by: Matt Menke <mmenke@chromium.org> Commit-Queue: Eric Lawrence [MSFT] <ericlaw@microsoft.com> Cr-Commit-Position: refs/heads/master@{#804610}
e085f53e · Eric Lawrence · Commit Bot · e9dc4e64 · e085f53e · e085f53e
Commit e085f53e authored Sep 05, 2020 by Eric Lawrence Committed by Commit Bot Sep 05, 2020
Showing with 8 additions and 3 deletions

net/http/http_auth_handler_factory.cc net/http/http_auth_handler_factory.cc +3 -2

net/http/http_auth_handler_factory_unittest.cc net/http/http_auth_handler_factory_unittest.cc +5 -1

No files found.
--- a/net/http/http_auth_handler_factory.cc
+++ b/net/http/http_auth_handler_factory.cc
@@ -19,6 +19,7 @@
 #include "net/http/http_auth_handler_ntlm.h"
 #include "net/http/http_auth_preferences.h"
 #include "net/http/http_auth_scheme.h"
+#include "net/log/net_log_values.h"
 #include "net/net_buildflags.h"
 #include "net/ssl/ssl_info.h"
@@ -33,9 +34,9 @@ base::Value NetLogParamsForCreateAuth(const std::string& scheme,
                                      const int net_error,
                                      net::NetLogCaptureMode capture_mode) {
  base::Value dict(base::Value::Type::DICTIONARY);
-  dict.SetStringKey("scheme", scheme);
+  dict.SetKey("scheme", net::NetLogStringValue(scheme));
  if (net::NetLogCaptureIncludesSensitive(capture_mode))
-    dict.SetStringKey("challenge", challenge);
+    dict.SetKey("challenge", net::NetLogStringValue(challenge));
  if (net_error < 0)
    dict.SetIntKey("net_error", net_error);
  return dict;

--- a/net/http/http_auth_handler_factory_unittest.cc
+++ b/net/http/http_auth_handler_factory_unittest.cc
@@ -15,6 +15,7 @@
 #include "net/http/http_auth_scheme.h"
 #include "net/http/mock_allow_http_auth_preferences.h"
 #include "net/http/url_security_manager.h"
+#include "net/log/net_log_values.h"
 #include "net/log/net_log_with_source.h"
 #include "net/log/test_net_log.h"
 #include "net/net_buildflags.h"
@@ -239,6 +240,8 @@ TEST(HttpAuthHandlerFactoryTest, LogCreateAuthHandlerResults) {
       "Digest"},
      {ERR_UNSUPPORTED_AUTH_SCHEME, "UNSUPPORTED realm=\"FooBar\"",
       HttpAuth::AUTH_SERVER, "UNSUPPORTED"},
+      {ERR_UNSUPPORTED_AUTH_SCHEME, "invalid\xff\x0a", HttpAuth::AUTH_SERVER,
+       "%ESCAPED:\xE2\x80\x8B invalid%FF\n"},
      {ERR_UNSUPPORTED_AUTH_SCHEME, "UNSUPPORTED2 realm=\"FooBar\"",
       HttpAuth::AUTH_PROXY, "UNSUPPORTED2"}};
@@ -275,7 +278,8 @@ TEST(HttpAuthHandlerFactoryTest, LogCreateAuthHandlerResults) {
        ASSERT_EQ(nullptr, challenge);
      } else {
        ASSERT_NE(nullptr, challenge);
-        EXPECT_STREQ(test_case.challenge, challenge->data());
+        EXPECT_EQ(net::NetLogStringValue(test_case.challenge).GetString(),
+                  challenge->data());
      }
      test_net_log.Clear();