Add flag MaskSensitiveInfo

yadij · yadij · commit e393f1c09efe · 2025-09-16T16:43:14.000+12:00
to allow for explicit caller controlled redaction of
Authentication credentials in generated outputs.
diff --git a/src/HttpHeader.cc b/src/HttpHeader.cc
@@ -669,16 +669,15 @@ HttpHeader::parse(const char *header_start, size_t hdrLen, Http::ContentLengthIn
 
 /* packs all the entries using supplied packer */
 void
-HttpHeader::packInto(Packable * p, bool mask_sensitive_info) const
+HttpHeader::packInto(Packable * p, Security::MaskSensitiveInfo masking) const
 {
     HttpHeaderPos pos = HttpHeaderInitPos;
     const HttpHeaderEntry *e;
     assert(p);
-    debugs(55, 7, this << " into " << p <<
-           (mask_sensitive_info ? " while masking" : ""));
+    debugs(55, 7, this << " into " << p << (masking == Security::MaskSensitiveInfo::on ? " while masking" : ""));
     /* pack all entries one by one */
     while ((e = getEntry(&pos))) {
-        if (!mask_sensitive_info) {
+        if (masking == Security::MaskSensitiveInfo::off) {
             e->packInto(p);
             continue;
         }
diff --git a/src/HttpHeader.h b/src/HttpHeader.h
@@ -16,6 +16,7 @@
 #include "HttpHeaderMask.h"
 #include "mem/PoolingAllocator.h"
 #include "sbuf/forward.h"
+#include "security/forward.h"
 #include "SquidString.h"
 
 #include <vector>
@@ -96,7 +97,9 @@ class HttpHeader
     /// \returns 0 when needs more data
     /// \returns -1 on error
     int parse(const char *buf, size_t buf_len, bool atEnd, size_t &hdr_sz, Http::ContentLengthInterpreter &interpreter);
-    void packInto(Packable * p, bool mask_sensitive_info=false) const;
+    /// Serialize HTTP Fields using HTTP/1.1 syntax in RFC 9112 section 5.
+    /// Optionally redact credentials in HTTP Authentication headers.
+    void packInto(Packable *, Security::MaskSensitiveInfo) const;
     HttpHeaderEntry *getEntry(HttpHeaderPos * pos) const;
     HttpHeaderEntry *findEntry(Http::HdrType id) const;
     /// deletes all fields with a given name, if any.
diff --git a/src/HttpReply.cc b/src/HttpReply.cc
@@ -87,7 +87,7 @@ void
 HttpReply::packHeadersUsingFastPacker(Packable &p) const
 {
     sline.packInto(&p);
-    header.packInto(&p);
+    header.packInto(&p, Security::MaskSensitiveInfo::off);
     p.append("\r\n", 2);
 }
 
diff --git a/src/HttpRequest.cc b/src/HttpRequest.cc
@@ -334,19 +334,19 @@ HttpRequest::swapOut(StoreEntry * e)
 {
     assert(e);
     e->buffer();
-    pack(e);
+    pack(e, Security::MaskSensitiveInfo::off);
     e->flush();
 }
 
 /* packs request-line and headers, appends <crlf> terminator */
 void
-HttpRequest::pack(Packable * p, bool mask_sensitive_data) const
+HttpRequest::pack(Packable * p, Security::MaskSensitiveInfo mask) const
 {
     assert(p);
     /* pack request-line */
     packFirstLineInto(p, false /* origin-form */);
     /* headers */
-    header.packInto(p, mask_sensitive_data);
+    header.packInto(p, mask);
     /* frame terminator */
     p->append("\r\n", 2);
 }
@@ -358,7 +358,7 @@ void
 httpRequestPack(void *obj, Packable *p)
 {
     HttpRequest *request = static_cast<HttpRequest*>(obj);
-    request->pack(p);
+    request->pack(p, Security::MaskSensitiveInfo::off);
 }
 
 /* returns the length of request line + headers + crlf */
diff --git a/src/HttpRequest.h b/src/HttpRequest.h
@@ -204,7 +204,9 @@ class HttpRequest: public Http::Message
 
     void swapOut(StoreEntry * e);
 
-    void pack(Packable * p, bool mask_sensitive_info = false) const;
+    /// Serialize HTTP Request using HTTP/1.1 origin-form syntax in RFC 9112 section 3.
+    /// \copydoc HttpHeader::packInto()
+    void pack(Packable *, Security::MaskSensitiveInfo) const;
 
     static void httpRequestPack(void *obj, Packable *p);
 
diff --git a/src/client_side.cc b/src/client_side.cc
@@ -327,22 +327,22 @@ prepareLogWithRequestDetails(HttpRequest *request, const AccessLogEntryPointer &
     if (Config.onoff.log_mime_hdrs) {
         MemBuf mb;
         mb.init();
-        request->header.packInto(&mb);
+        request->header.packInto(&mb, Security::MaskSensitiveInfo::off);
         //This is the request after adaptation or redirection
         aLogEntry->headers.adapted_request = xstrdup(mb.buf);
 
         // the virgin request is saved to aLogEntry->request
         if (aLogEntry->request) {
             mb.reset();
-            aLogEntry->request->header.packInto(&mb);
+            aLogEntry->request->header.packInto(&mb, Security::MaskSensitiveInfo::off);
             aLogEntry->headers.request = xstrdup(mb.buf);
         }
 
 #if USE_ADAPTATION
         const Adaptation::History::Pointer ah = request->adaptLogHistory();
         if (ah != nullptr) {
             mb.reset();
-            ah->lastMeta.packInto(&mb);
+            ah->lastMeta.packInto(&mb, Security::MaskSensitiveInfo::off);
             aLogEntry->adapt.last_meta = xstrdup(mb.buf);
         }
 #endif
@@ -724,7 +724,7 @@ clientPackRangeHdr(const HttpReplyPointer &rep, const HttpHdrRangeSpec * spec, S
 
     httpHeaderAddContRange(&hdr, *spec, rep->content_length);
 
-    hdr.packInto(mb);
+    hdr.packInto(mb, Security::MaskSensitiveInfo::off);
     hdr.clean();
 
     /* append <crlf> (we packed a header, not a reply) */
diff --git a/src/clients/HttpTunneler.cc b/src/clients/HttpTunneler.cc
@@ -152,7 +152,7 @@ Http::Tunneler::writeRequest()
                                               &hdr_out,
                                               connection->getPeer(),
                                               flags);
-        hdr_out.packInto(&mb);
+        hdr_out.packInto(&mb, Security::MaskSensitiveInfo::off);
         hdr_out.clean();
         mb.append("\r\n", 2);
 
diff --git a/src/errorpage.cc b/src/errorpage.cc
@@ -886,7 +886,7 @@ ErrorState::Dump(MemBuf * mb)
         body << "HTTP Request:\r\n";
         MemBuf r;
         r.init();
-        request->pack(&r, true /* hide authorization data */);
+        request->pack(&r, Security::MaskSensitiveInfo::on);
         body << r.content();
     }
 
@@ -1149,7 +1149,7 @@ ErrorState::compileLegacyCode(Build &build)
             break;
         }
         else if (request)
-            request->pack(&mb, true /* hide authorization data */);
+            request->pack(&mb, Security::MaskSensitiveInfo::on);
         else
             p = "[no request]";
         break;
diff --git a/src/htcp.cc b/src/htcp.cc
@@ -833,7 +833,7 @@ htcpTstReply(htcpDataHeader * dhdr, StoreEntry * e, htcpSpecifier * spec, Ip::Ad
             hdr.putInt(Http::HdrType::AGE, 0);
         MemBuf mb;
         mb.init();
-        hdr.packInto(&mb);
+        hdr.packInto(&mb, Security::MaskSensitiveInfo::off);
         stuff.D.resp_hdrs = xstrdup(mb.buf);
         stuff.D.respHdrsSz = mb.contentSize();
         debugs(31, 3, "htcpTstReply: resp_hdrs = {" << stuff.D.resp_hdrs << "}");
@@ -846,7 +846,7 @@ htcpTstReply(htcpDataHeader * dhdr, StoreEntry * e, htcpSpecifier * spec, Ip::Ad
         if (e && e->lastModified() > -1)
             hdr.putTime(Http::HdrType::LAST_MODIFIED, e->lastModified());
 
-        hdr.packInto(&mb);
+        hdr.packInto(&mb, Security::MaskSensitiveInfo::off);
 
         stuff.D.entity_hdrs = xstrdup(mb.buf);
         stuff.D.entityHdrsSz = mb.contentSize();
@@ -872,7 +872,7 @@ htcpTstReply(htcpDataHeader * dhdr, StoreEntry * e, htcpSpecifier * spec, Ip::Ad
         }
 #endif /* USE_ICMP */
 
-        hdr.packInto(&mb);
+        hdr.packInto(&mb, Security::MaskSensitiveInfo::off);
         stuff.D.cache_hdrs = xstrdup(mb.buf);
         stuff.D.cacheHdrsSz = mb.contentSize();
         debugs(31, 3, "htcpTstReply: cache_hdrs = {" << stuff.D.cache_hdrs << "}");
@@ -1534,7 +1534,7 @@ htcpQuery(StoreEntry * e, HttpRequest * req, CachePeer * p)
     HttpStateData::httpBuildRequestHeader(req, e, nullptr, &hdr, p, flags);
     MemBuf mb;
     mb.init();
-    hdr.packInto(&mb);
+    hdr.packInto(&mb, Security::MaskSensitiveInfo::off);
     hdr.clean();
     stuff.S.req_hdrs = mb.buf;
     pktlen = htcpBuildPacket(pkt, sizeof(pkt), &stuff);
@@ -1588,7 +1588,7 @@ htcpClear(StoreEntry * e, HttpRequest * req, const HttpRequestMethod &, CachePee
     if (reason != HTCP_CLR_INVALIDATION) {
         HttpStateData::httpBuildRequestHeader(req, e, nullptr, &hdr, p, flags);
         mb.init();
-        hdr.packInto(&mb);
+        hdr.packInto(&mb, Security::MaskSensitiveInfo::off);
         hdr.clean();
         stuff.S.req_hdrs = mb.buf;
     } else {
diff --git a/src/http.cc b/src/http.cc
@@ -2399,7 +2399,7 @@ HttpStateData::buildRequestPrefix(MemBuf * mb)
             upgradeHeaderOut = new String(hdr.getList(Http::HdrType::UPGRADE));
         }
 
-        hdr.packInto(mb);
+        hdr.packInto(mb, Security::MaskSensitiveInfo::off);
         hdr.clean();
     }
     /* append header terminator */
diff --git a/src/http/Message.cc b/src/http/Message.cc
@@ -253,7 +253,7 @@ void
 Http::Message::packInto(Packable *p, bool full_uri) const
 {
     packFirstLineInto(p, full_uri);
-    header.packInto(p);
+    header.packInto(p, Security::MaskSensitiveInfo::off);
     p->append("\r\n", 2);
 }
 
diff --git a/src/security/forward.h b/src/security/forward.h
@@ -11,6 +11,7 @@
 
 #include "base/CbDataList.h"
 #include "base/forward.h"
+#include "base/OnOff.h"
 #include "base/ToCpp.h"
 #include "security/LockingPointer.h"
 
@@ -207,6 +208,9 @@ class PeerConnector;
 class BlindPeerConnector;
 class PeerOptions;
 
+/// Flags for explicit decisions on handling of sensitive information.
+using MaskSensitiveInfo = OnOff;
+
 class ServerOptions;
 
 class FuturePeerContext;
diff --git a/src/servers/FtpServer.cc b/src/servers/FtpServer.cc
@@ -1310,7 +1310,7 @@ Ftp::Server::handleRequest(HttpRequest *request)
     if (Debug::Enabled(9, 2)) {
         MemBuf mb;
         mb.init();
-        request->pack(&mb);
+        request->pack(&mb, Security::MaskSensitiveInfo::off);
 
         debugs(9, 2, "FTP Client " << clientConnection);
         debugs(9, 2, "FTP Client REQUEST:\n---------\n" << mb.buf <<
diff --git a/src/tests/stub_HttpHeader.cc b/src/tests/stub_HttpHeader.cc
@@ -31,7 +31,7 @@ void HttpHeader::update(const HttpHeader *) STUB
 void HttpHeader::compact() STUB
 int HttpHeader::parse(const char *, size_t, Http::ContentLengthInterpreter &) STUB_RETVAL(-1)
 int HttpHeader::parse(const char *, size_t, bool, size_t &, Http::ContentLengthInterpreter &) STUB_RETVAL(-1)
-void HttpHeader::packInto(Packable *, bool) const STUB
+void HttpHeader::packInto(Packable *, Security::MaskSensitiveInfo) const STUB
 HttpHeaderEntry *HttpHeader::getEntry(HttpHeaderPos *) const STUB_RETVAL(nullptr)
 HttpHeaderEntry *HttpHeader::findEntry(Http::HdrType) const STUB_RETVAL(nullptr)
 int HttpHeader::delByName(const SBuf &) STUB_RETVAL(0)
diff --git a/src/tests/stub_HttpRequest.cc b/src/tests/stub_HttpRequest.cc
@@ -45,7 +45,7 @@ bool HttpRequest::expectingBody(const HttpRequestMethod &, int64_t &) const STUB
 bool HttpRequest::bodyNibbled() const STUB_RETVAL(false)
 int HttpRequest::prefixLen() const STUB_RETVAL(0)
 void HttpRequest::swapOut(StoreEntry *) STUB
-void HttpRequest::pack(Packable *, bool) const STUB
+void HttpRequest::pack(Packable *, Security::MaskSensitiveInfo) const STUB
 void HttpRequest::httpRequestPack(void *, Packable *) STUB
 HttpRequest * HttpRequest::FromUrl(const SBuf &, const MasterXaction::Pointer &, const HttpRequestMethod &) STUB_RETVAL(nullptr)
 HttpRequest * HttpRequest::FromUrlXXX(const char *, const MasterXaction::Pointer &, const HttpRequestMethod &) STUB_RETVAL(nullptr)

Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ void`
`87`	`87`	`HttpReply::packHeadersUsingFastPacker(Packable &p) const`
`88`	`88`	`{`
`89`	`89`	`sline.packInto(&p);`
`90`		`- header.packInto(&p);`
	`90`	`+ header.packInto(&p, Security::MaskSensitiveInfo::off);`
`91`	`91`	`p.append("\r\n", 2);`
`92`	`92`	`}`
`93`	`93`
Original file line number	Diff line number	Diff line change
`@@ -334,19 +334,19 @@ HttpRequest::swapOut(StoreEntry * e)`
`334`	`334`	`{`
`335`	`335`	`assert(e);`
`336`	`336`	`e->buffer();`
`337`		`- pack(e);`
	`337`	`+ pack(e, Security::MaskSensitiveInfo::off);`
`338`	`338`	`e->flush();`
`339`	`339`	`}`
`340`	`340`
`341`	`341`	`/* packs request-line and headers, appends <crlf> terminator */`
`342`	`342`	`void`
`343`		`-HttpRequest::pack(Packable * p, bool mask_sensitive_data) const`
	`343`	`+HttpRequest::pack(Packable * p, Security::MaskSensitiveInfo mask) const`
`344`	`344`	`{`
`345`	`345`	`assert(p);`
`346`	`346`	`/* pack request-line */`
`347`	`347`	`packFirstLineInto(p, false /* origin-form */);`
`348`	`348`	`/* headers */`
`349`		`- header.packInto(p, mask_sensitive_data);`
	`349`	`+ header.packInto(p, mask);`
`350`	`350`	`/* frame terminator */`
`351`	`351`	`p->append("\r\n", 2);`
`352`	`352`	`}`
`@@ -358,7 +358,7 @@ void`
`358`	`358`	`httpRequestPack(void obj, Packable p)`
`359`	`359`	`{`
`360`	`360`	`HttpRequest request = static_cast<HttpRequest>(obj);`
`361`		`- request->pack(p);`
	`361`	`+ request->pack(p, Security::MaskSensitiveInfo::off);`
`362`	`362`	`}`
`363`	`363`
`364`	`364`	`/* returns the length of request line + headers + crlf */`
Original file line number	Diff line number	Diff line change
`@@ -2399,7 +2399,7 @@ HttpStateData::buildRequestPrefix(MemBuf * mb)`
`2399`	`2399`	`upgradeHeaderOut = new String(hdr.getList(Http::HdrType::UPGRADE));`
`2400`	`2400`	`}`
`2401`	`2401`
`2402`		`- hdr.packInto(mb);`
	`2402`	`+ hdr.packInto(mb, Security::MaskSensitiveInfo::off);`
`2403`	`2403`	`hdr.clean();`
`2404`	`2404`	`}`
`2405`	`2405`	`/* append header terminator */`