| | 1 | | // Copyright (c) Microsoft Corporation. All rights reserved. |
| | 2 | | // Licensed under the MIT License. |
| | 3 | |
|
| | 4 | | using System; |
| | 5 | | using System.Collections.Generic; |
| | 6 | | using System.Text; |
| | 7 | | using System.Linq; |
| | 8 | |
|
| | 9 | | namespace Azure.Core |
| | 10 | | { |
| | 11 | | internal class HttpMessageSanitizer |
| | 12 | | { |
| | 13 | | private const string LogAllValue = "*"; |
| | 14 | | private readonly bool _logAllHeaders; |
| | 15 | | private readonly bool _logFullQueries; |
| | 16 | | private readonly string[] _allowedQueryParameters; |
| | 17 | | private readonly string _redactedPlaceholder; |
| | 18 | | private readonly HashSet<string> _allowedHeaders; |
| | 19 | |
|
| 50 | 20 | | public HttpMessageSanitizer(string[] allowedQueryParameters, string[] allowedHeaders, string redactedPlaceholder |
| | 21 | | { |
| 50 | 22 | | _logAllHeaders = allowedHeaders.Contains(LogAllValue); |
| 50 | 23 | | _logFullQueries = allowedQueryParameters.Contains(LogAllValue); |
| | 24 | |
|
| 50 | 25 | | _allowedQueryParameters = allowedQueryParameters; |
| 50 | 26 | | _redactedPlaceholder = redactedPlaceholder; |
| 50 | 27 | | _allowedHeaders = new HashSet<string>(allowedHeaders, StringComparer.InvariantCultureIgnoreCase); |
| 50 | 28 | | } |
| | 29 | |
|
| | 30 | | public string SanitizeHeader(string name, string value) |
| | 31 | | { |
| 8 | 32 | | if (_logAllHeaders || _allowedHeaders.Contains(name)) |
| | 33 | | { |
| 4 | 34 | | return value; |
| | 35 | | } |
| | 36 | |
|
| 4 | 37 | | return _redactedPlaceholder; |
| | 38 | | } |
| | 39 | |
|
| | 40 | | public string SanitizeUrl(string url) |
| | 41 | | { |
| 0 | 42 | | if (_logFullQueries) |
| | 43 | | { |
| 0 | 44 | | return url; |
| | 45 | | } |
| | 46 | |
|
| 0 | 47 | | int indexOfQuerySeparator = url.IndexOf('?'); |
| 0 | 48 | | if (indexOfQuerySeparator == -1) |
| | 49 | | { |
| 0 | 50 | | return url; |
| | 51 | | } |
| | 52 | |
|
| 0 | 53 | | StringBuilder stringBuilder = new StringBuilder(url.Length); |
| 0 | 54 | | stringBuilder.Append(url, 0, indexOfQuerySeparator); |
| | 55 | |
|
| 0 | 56 | | string query = url.Substring(indexOfQuerySeparator); |
| | 57 | |
|
| 0 | 58 | | int queryIndex = 1; |
| 0 | 59 | | stringBuilder.Append('?'); |
| | 60 | |
|
| | 61 | | do |
| | 62 | | { |
| 0 | 63 | | int endOfParameterValue = query.IndexOf('&', queryIndex); |
| 0 | 64 | | int endOfParameterName = query.IndexOf('=', queryIndex); |
| 0 | 65 | | bool noValue = false; |
| | 66 | |
|
| | 67 | | // Check if we have parameter without value |
| 0 | 68 | | if ((endOfParameterValue == -1 && endOfParameterName == -1) || |
| 0 | 69 | | (endOfParameterValue != -1 && (endOfParameterName == -1 || endOfParameterName > endOfParameterValue) |
| | 70 | | { |
| 0 | 71 | | endOfParameterName = endOfParameterValue; |
| 0 | 72 | | noValue = true; |
| | 73 | | } |
| | 74 | |
|
| 0 | 75 | | if (endOfParameterName == -1) |
| | 76 | | { |
| 0 | 77 | | endOfParameterName = query.Length; |
| | 78 | | } |
| | 79 | |
|
| 0 | 80 | | if (endOfParameterValue == -1) |
| | 81 | | { |
| 0 | 82 | | endOfParameterValue = query.Length; |
| | 83 | | } |
| | 84 | | else |
| | 85 | | { |
| | 86 | | // include the separator |
| 0 | 87 | | endOfParameterValue++; |
| | 88 | | } |
| | 89 | |
|
| 0 | 90 | | ReadOnlySpan<char> parameterName = query.AsSpan(queryIndex, endOfParameterName - queryIndex); |
| | 91 | |
|
| 0 | 92 | | bool isAllowed = false; |
| 0 | 93 | | foreach (string name in _allowedQueryParameters) |
| | 94 | | { |
| 0 | 95 | | if (parameterName.Equals(name.AsSpan(), StringComparison.OrdinalIgnoreCase)) |
| | 96 | | { |
| 0 | 97 | | isAllowed = true; |
| 0 | 98 | | break; |
| | 99 | | } |
| | 100 | | } |
| | 101 | |
|
| 0 | 102 | | int valueLength = endOfParameterValue - queryIndex; |
| 0 | 103 | | int nameLength = endOfParameterName - queryIndex; |
| | 104 | |
|
| 0 | 105 | | if (isAllowed) |
| | 106 | | { |
| 0 | 107 | | stringBuilder.Append(query, queryIndex, valueLength); |
| | 108 | | } |
| | 109 | | else |
| | 110 | | { |
| 0 | 111 | | if (noValue) |
| | 112 | | { |
| 0 | 113 | | stringBuilder.Append(query, queryIndex, valueLength); |
| | 114 | | } |
| | 115 | | else |
| | 116 | | { |
| 0 | 117 | | stringBuilder.Append(query, queryIndex, nameLength); |
| 0 | 118 | | stringBuilder.Append("="); |
| 0 | 119 | | stringBuilder.Append(_redactedPlaceholder); |
| 0 | 120 | | if (query[endOfParameterValue - 1] == '&') |
| | 121 | | { |
| 0 | 122 | | stringBuilder.Append("&"); |
| | 123 | | } |
| | 124 | | } |
| | 125 | | } |
| | 126 | |
|
| 0 | 127 | | queryIndex += valueLength; |
| | 128 | |
|
| 0 | 129 | | } while (queryIndex < query.Length); |
| | 130 | |
|
| 0 | 131 | | return stringBuilder.ToString(); |
| | 132 | | } |
| | 133 | | } |
| | 134 | | } |