Re: [PATCH 2/2] http: update curl http/2 info matching for curl 8.3.0

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Junio C Hamano <gitster@pobox.com>
To: Jeff King <peff@peff.net>
Cc: git@vger.kernel.org
Subject: Re: [PATCH 2/2] http: update curl http/2 info matching for curl 8.3.0
Date: Fri, 15 Sep 2023 11:21:55 -0700	[thread overview]
Message-ID: <xmqqsf7fe1q4.fsf@gitster.g> (raw)
In-Reply-To: <20230915113443.GB3531587@coredump.intra.peff.net> (Jeff King's message of "Fri, 15 Sep 2023 07:34:43 -0400")

Jeff King <peff@peff.net> writes:

> @@ -751,6 +753,18 @@ static int match_curl_h2_trace(const char *line, const char **out)
>  	    skip_iprefix(line, "h2 [", out))
>  		return 1;
>  
> +	/*
> +	 * curl 8.3.0 uses:
> +	 *   [HTTP/2] [<stream-id>] [<header-name>: <header-val>]
> +	 * where <stream-id> is numeric.
> +	 */
> +	if (skip_iprefix(line, "[HTTP/2] [", &p)) {
> +		while (isdigit(*p))
> +			p++;
> +		if (skip_prefix(p, "] [", out))
> +			return 1;
> +	}

Looking good assuming that <stream-id> part will never be updated to
allow spaces around the ID, or allow non-digits in the ID, in the
future.  Is there much harm if this code allowed false positives and
sent something that is *not* a curl trace, like "foo]" parsed out of
"[HTTP/2] [PATCH] [foo]", to redact_sensitive_header() function?

By the way, would this patch make sense?  Everybody in the function
that try to notice a sensitive header seems to check the sentting
independently, which seems error prone for those who want to add a
new header to redact.

 http.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git c/http.c w/http.c
index 8f71bf00d8..3dfa34fe65 100644
--- c/http.c
+++ w/http.c
@@ -684,8 +684,10 @@ static int redact_sensitive_header(struct strbuf *header, size_t offset)
 	int ret = 0;
 	const char *sensitive_header;
 
-	if (trace_curl_redact &&
-	    (skip_iprefix(header->buf + offset, "Authorization:", &sensitive_header) ||
+	if (!trace_curl_redact)
+		return ret;
+
+	if ((skip_iprefix(header->buf + offset, "Authorization:", &sensitive_header) ||
 	     skip_iprefix(header->buf + offset, "Proxy-Authorization:", &sensitive_header))) {
 		/* The first token is the type, which is OK to log */
 		while (isspace(*sensitive_header))
@@ -696,8 +698,7 @@ static int redact_sensitive_header(struct strbuf *header, size_t offset)
 		strbuf_setlen(header,  sensitive_header - header->buf);
 		strbuf_addstr(header, " <redacted>");
 		ret = 1;
-	} else if (trace_curl_redact &&
-		   skip_iprefix(header->buf + offset, "Cookie:", &sensitive_header)) {
+	} else if (skip_iprefix(header->buf + offset, "Cookie:", &sensitive_header)) {
 		struct strbuf redacted_header = STRBUF_INIT;
 		const char *cookie;

next prev parent reply	other threads:[~2023-09-15 18:23 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-15 11:32 [PATCH 0/2] updating curl http/2 header matching (again) Jeff King
2023-09-15 11:33 ` [PATCH 1/2] http: factor out matching of curl http/2 trace lines Jeff King
2023-09-15 18:29   ` Taylor Blau
2023-09-15 11:34 ` [PATCH 2/2] http: update curl http/2 info matching for curl 8.3.0 Jeff King
2023-09-15 18:21   ` Junio C Hamano [this message]
2023-09-16  5:25     ` Jeff King
2023-09-15 18:38   ` Taylor Blau
2023-09-16  5:32     ` Jeff King
2023-09-19 17:56       ` Taylor Blau
2023-09-15 18:28 ` [PATCH 0/2] updating curl http/2 header matching (again) Taylor Blau

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8f71bf00d dfblob:3dfa34fe6 )
 OR (
bs:"Re: [PATCH 2/2] http: update curl http/2 info matching for curl 8.3.0" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=xmqqsf7fe1q4.fsf@gitster.g \
    --to=gitster@pobox.com \
    --cc=git@vger.kernel.org \
    --cc=peff@peff.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).