summaryrefslogtreecommitdiffstats
path: root/src/rgw/rgw_crypt_sanitize.cc
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-21 11:54:28 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-21 11:54:28 +0000
commite6918187568dbd01842d8d1d2c808ce16a894239 (patch)
tree64f88b554b444a49f656b6c656111a145cbbaa28 /src/rgw/rgw_crypt_sanitize.cc
parentInitial commit. (diff)
downloadceph-e6918187568dbd01842d8d1d2c808ce16a894239.tar.xz
ceph-e6918187568dbd01842d8d1d2c808ce16a894239.zip
Adding upstream version 18.2.2.upstream/18.2.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/rgw/rgw_crypt_sanitize.cc')
-rw-r--r--src/rgw/rgw_crypt_sanitize.cc88
1 files changed, 88 insertions, 0 deletions
diff --git a/src/rgw/rgw_crypt_sanitize.cc b/src/rgw/rgw_crypt_sanitize.cc
new file mode 100644
index 000000000..05aec6d3b
--- /dev/null
+++ b/src/rgw/rgw_crypt_sanitize.cc
@@ -0,0 +1,88 @@
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
+// vim: ts=8 sw=2 smarttab ft=cpp
+
+/*
+ * rgw_crypt_sanitize.cc
+ *
+ * Created on: Mar 3, 2017
+ * Author: adam
+ */
+
+#include "rgw_common.h"
+#include "rgw_crypt_sanitize.h"
+#include "boost/algorithm/string/predicate.hpp"
+
+namespace rgw {
+namespace crypt_sanitize {
+const char* HTTP_X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY = "HTTP_X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY";
+const char* x_amz_server_side_encryption_customer_key = "x-amz-server-side-encryption-customer-key";
+const char* dollar_x_amz_server_side_encryption_customer_key = "$x-amz-server-side-encryption-customer-key";
+const char* suppression_message = "=suppressed due to key presence=";
+
+std::ostream& operator<<(std::ostream& out, const env& e) {
+ if (g_ceph_context->_conf->rgw_crypt_suppress_logs) {
+ if (boost::algorithm::iequals(
+ e.name,
+ HTTP_X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY))
+ {
+ out << suppression_message;
+ return out;
+ }
+ if (boost::algorithm::iequals(e.name, "QUERY_STRING") &&
+ boost::algorithm::ifind_first(
+ e.value,
+ x_amz_server_side_encryption_customer_key))
+ {
+ out << suppression_message;
+ return out;
+ }
+ }
+ out << e.value;
+ return out;
+}
+
+std::ostream& operator<<(std::ostream& out, const x_meta_map& x) {
+ if (g_ceph_context->_conf->rgw_crypt_suppress_logs &&
+ boost::algorithm::iequals(x.name, x_amz_server_side_encryption_customer_key))
+ {
+ out << suppression_message;
+ return out;
+ }
+ out << x.value;
+ return out;
+}
+
+std::ostream& operator<<(std::ostream& out, const s3_policy& x) {
+ if (g_ceph_context->_conf->rgw_crypt_suppress_logs &&
+ boost::algorithm::iequals(x.name, dollar_x_amz_server_side_encryption_customer_key))
+ {
+ out << suppression_message;
+ return out;
+ }
+ out << x.value;
+ return out;
+}
+
+std::ostream& operator<<(std::ostream& out, const auth& x) {
+ if (g_ceph_context->_conf->rgw_crypt_suppress_logs &&
+ x.s->info.env->get(HTTP_X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY, nullptr) != nullptr)
+ {
+ out << suppression_message;
+ return out;
+ }
+ out << x.value;
+ return out;
+}
+
+std::ostream& operator<<(std::ostream& out, const log_content& x) {
+ if (g_ceph_context->_conf->rgw_crypt_suppress_logs &&
+ boost::algorithm::ifind_first(x.buf, x_amz_server_side_encryption_customer_key)) {
+ out << suppression_message;
+ return out;
+ }
+ out << x.buf;
+ return out;
+}
+
+}
+}