mask set-cookie in http response (#10316)

Author: StekPerepolnen

ydb/library/actors/http/http.h

@@ -198,7 +198,56 @@ class THttpResponse {
 };
 
 template <typename HeaderType, typename BufferType>
-class THttpParser : public HeaderType, public BufferType {
+class THttpBase : public HeaderType, public BufferType {
+public:
+    TStringBuf GetRawData() const {
+        return TStringBuf(BufferType::Data(), BufferType::Size());
+    }
+
+    TString GetObfuscatedData() const {
+        THeaders headers(HeaderType::Headers);
+        TStringBuf authorization(headers["Authorization"]);
+        TStringBuf cookie(headers["Cookie"]);
+        TStringBuf set_cookie(headers["Set-Cookie"]);
+        TStringBuf x_ydb_auth_ticket(headers["x-ydb-auth-ticket"]);
+        TStringBuf x_yacloud_subjecttoken(headers["x-yacloud-subjecttoken"]);
+        TString data(GetRawData());
+        if (!authorization.empty()) {
+            auto pos = data.find(authorization);
+            if (pos != TString::npos) {
+                data.replace(pos, authorization.size(), TString("<obfuscated>"));
+            }
+        }
+        if (!cookie.empty()) {
+            auto pos = data.find(cookie);
+            if (pos != TString::npos) {
+                data.replace(pos, cookie.size(), TString("<obfuscated>"));
+            }
+        }
+        if (!set_cookie.empty()) {
+            auto pos = data.find(set_cookie);
+            if (pos != TString::npos) {
+                data.replace(pos, set_cookie.size(), TString("<obfuscated>"));
+            }
+        }
+        if (!x_ydb_auth_ticket.empty()) {
+            auto pos = data.find(x_ydb_auth_ticket);
+            if (pos != TString::npos) {
+                data.replace(pos, x_ydb_auth_ticket.size(), TString("<obfuscated>"));
+            }
+        }
+        if (!x_yacloud_subjecttoken.empty()) {
+            auto pos = data.find(x_yacloud_subjecttoken);
+            if (pos != TString::npos) {
+                data.replace(pos, x_yacloud_subjecttoken.size(), TString("<obfuscated>"));
+            }
+        }
+        return data;
+    }
+};
+
+template <typename HeaderType, typename BufferType>
+class THttpParser : public THttpBase<HeaderType, BufferType> {
 public:
     enum class EParseStage : ui8 {
         Method,
@@ -236,8 +285,7 @@ class THttpParser : public HeaderType, public BufferType {
     std::optional<size_t> TotalSize;
 
     THttpParser(const THttpParser& src)
-        : HeaderType(src)
-        , BufferType(src)
+        : THttpBase<HeaderType, BufferType>(src)
         , Stage(src.Stage)
         , LastSuccessStage(src.LastSuccessStage)
         , Line()
@@ -403,44 +451,6 @@ class THttpParser : public HeaderType, public BufferType {
         Advance(size);
     }
 
-    TStringBuf GetRawData() const {
-        return TStringBuf(BufferType::Data(), BufferType::Size());
-    }
-
-    TString GetObfuscatedData() const {
-        THeaders headers(HeaderType::Headers);
-        TStringBuf authorization(headers["Authorization"]);
-        TStringBuf cookie(headers["Cookie"]);
-        TStringBuf x_ydb_auth_ticket(headers["x-ydb-auth-ticket"]);
-        TStringBuf x_yacloud_subjecttoken(headers["x-yacloud-subjecttoken"]);
-        TString data(GetRawData());
-        if (!authorization.empty()) {
-            auto pos = data.find(authorization);
-            if (pos != TString::npos) {
-                data.replace(pos, authorization.size(), TString("<obfuscated>"));
-            }
-        }
-        if (!cookie.empty()) {
-            auto pos = data.find(cookie);
-            if (pos != TString::npos) {
-                data.replace(pos, cookie.size(), TString("<obfuscated>"));
-            }
-        }
-        if (!x_ydb_auth_ticket.empty()) {
-            auto pos = data.find(x_ydb_auth_ticket);
-            if (pos != TString::npos) {
-                data.replace(pos, x_ydb_auth_ticket.size(), TString("<obfuscated>"));
-            }
-        }
-        if (!x_yacloud_subjecttoken.empty()) {
-            auto pos = data.find(x_yacloud_subjecttoken);
-            if (pos != TString::npos) {
-                data.replace(pos, x_yacloud_subjecttoken.size(), TString("<obfuscated>"));
-            }
-        }
-        return data;
-    }
-
     static EParseStage GetInitialStage();
 
     THttpParser()
@@ -460,7 +470,7 @@ class THttpParser : public HeaderType, public BufferType {
 };
 
 template <typename HeaderType, typename BufferType>
-class THttpRenderer : public HeaderType, public BufferType {
+class THttpRenderer : public THttpBase<HeaderType, BufferType> {
 public:
     enum class ERenderStage {
         Init,
@@ -654,10 +664,6 @@ class THttpRenderer : public HeaderType, public BufferType {
         }
         Y_ABORT_UNLESS(size == BufferType::Size());
     }
-
-    TStringBuf GetRawData() const {
-        return TStringBuf(BufferType::Data(), BufferType::Size());
-    }
 };
 
 template <>

ydb/library/actors/http/http_proxy_incoming.cpp

@@ -217,7 +217,7 @@ class TIncomingConnectionActor : public TActor<TIncomingConnectionActor<TSocketI
                         << ","
                         << Address
                         << ") Response: "
-                        << TString(response->GetRawData()).substr(0, MAX_LOGGED_SIZE));
+                        << response->GetObfuscatedData().substr(0, MAX_LOGGED_SIZE));
         }
         THolder<TEvHttpProxy::TEvReportSensors> sensors(BuildIncomingRequestSensors(request, response));
         ctx.Send(Endpoint->Owner, sensors.Release());