Skip to content

GitLab

T
tangled
Commit e085f53e authored by Eric Lawrence's avatar Eric Lawrence Committed by Commit Bot
Browse files
Options

NetLog: Escape data in AUTH_HANDLER_CREATE_RESULT 

Authentication-related headers may contain data that is not valid UTF-8,
and which cannot be recorded in NetLogs without escaping. Escape such
data.

Bug: 1125250
Change-Id: I3c5e0b58a11a8b83ecd1b5048289f70a961c683b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2393980Reviewed-by: default avatarMatt Menke <mmenke@chromium.org>
Commit-Queue: Eric Lawrence [MSFT] <ericlaw@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#804610}
parent e9dc4e64
Hide whitespace changes
Inline Side-by-side
Showing with 8 additions and 3 deletions
net/http/http_auth_handler_factory.cc
View file @ e085f53e
......@@ -19,6 +19,7 @@
#include "net/http/http_auth_handler_ntlm.h"
#include "net/http/http_auth_preferences.h"
#include "net/http/http_auth_scheme.h"
#include "net/log/net_log_values.h"
#include "net/net_buildflags.h"
#include "net/ssl/ssl_info.h"
......@@ -33,9 +34,9 @@ base::Value NetLogParamsForCreateAuth(const std::string& scheme,
const int net_error,
net::NetLogCaptureMode capture_mode) {
base::Value dict(base::Value::Type::DICTIONARY);
dict.SetStringKey("scheme", scheme);
dict.SetKey("scheme", net::NetLogStringValue(scheme));
if (net::NetLogCaptureIncludesSensitive(capture_mode))
dict.SetStringKey("challenge", challenge);
dict.SetKey("challenge", net::NetLogStringValue(challenge));
if (net_error < 0)
dict.SetIntKey("net_error", net_error);
return dict;
......
net/http/http_auth_handler_factory_unittest.cc
View file @ e085f53e
......@@ -15,6 +15,7 @@
#include "net/http/http_auth_scheme.h"
#include "net/http/mock_allow_http_auth_preferences.h"
#include "net/http/url_security_manager.h"
#include "net/log/net_log_values.h"
#include "net/log/net_log_with_source.h"
#include "net/log/test_net_log.h"
#include "net/net_buildflags.h"
......@@ -239,6 +240,8 @@ TEST(HttpAuthHandlerFactoryTest, LogCreateAuthHandlerResults) {
"Digest"},
{ERR_UNSUPPORTED_AUTH_SCHEME, "UNSUPPORTED realm=\"FooBar\"",
HttpAuth::AUTH_SERVER, "UNSUPPORTED"},
{ERR_UNSUPPORTED_AUTH_SCHEME, "invalid\xff\x0a", HttpAuth::AUTH_SERVER,
"%ESCAPED:\xE2\x80\x8B invalid%FF\n"},
{ERR_UNSUPPORTED_AUTH_SCHEME, "UNSUPPORTED2 realm=\"FooBar\"",
HttpAuth::AUTH_PROXY, "UNSUPPORTED2"}};
......@@ -275,7 +278,8 @@ TEST(HttpAuthHandlerFactoryTest, LogCreateAuthHandlerResults) {
ASSERT_EQ(nullptr, challenge);
} else {
ASSERT_NE(nullptr, challenge);
EXPECT_STREQ(test_case.challenge, challenge->data());
EXPECT_EQ(net::NetLogStringValue(test_case.challenge).GetString(),
challenge->data());
}
test_net_log.Clear();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment