ClickHouse/src/Common/HTTPHeaderFilter.cpp

#include <Common/HTTPHeaderFilter.h>
#include <Common/StringUtils/StringUtils.h>
#include <Common/Exception.h>

#ifdef __clang__
#  pragma clang diagnostic push
#  pragma clang diagnostic ignored "-Wzero-as-null-pointer-constant"
#endif
#include <re2/re2.h>
#ifdef __clang__
#  pragma clang diagnostic pop
#endif

namespace DB
{

namespace ErrorCodes
{
    extern const int BAD_ARGUMENTS;
}

void HTTPHeaderFilter::checkHeaders(const HTTPHeaderEntries & entries) const
{
    std::lock_guard guard(mutex);

    for (const auto & entry : entries)
    {
        if (entry.name.contains('\n') || entry.value.contains('\n'))
           throw Exception(ErrorCodes::BAD_ARGUMENTS, "HTTP header \"{}\" has invalid character", entry.name);

        if (forbidden_headers.contains(entry.name))
            throw Exception(ErrorCodes::BAD_ARGUMENTS, "HTTP header \"{}\" is forbidden in configuration file, "
                                                    "see <http_forbid_headers>", entry.name);

        for (const auto & header_regex : forbidden_headers_regexp)
            if (re2::RE2::FullMatch(entry.name, header_regex))
                throw Exception(ErrorCodes::BAD_ARGUMENTS, "HTTP header \"{}\" is forbidden in configuration file, "
                                                        "see <http_forbid_headers>", entry.name);
    }
}

void HTTPHeaderFilter::setValuesFromConfig(const Poco::Util::AbstractConfiguration & config)
{
    std::lock_guard guard(mutex);

    forbidden_headers.clear();
    forbidden_headers_regexp.clear();

    if (config.has("http_forbid_headers"))
    {
        std::vector<std::string> keys;
        config.keys("http_forbid_headers", keys);

        for (const auto & key : keys)
        {
            if (startsWith(key, "header_regexp"))
                forbidden_headers_regexp.push_back(config.getString("http_forbid_headers." + key));
            else if (startsWith(key, "header"))
                forbidden_headers.insert(config.getString("http_forbid_headers." + key));
        }
    }
}

}
Add HTTP header filtering 2023-06-15 13:49:49 +00:00			`#include <Common/HTTPHeaderFilter.h>`
			`#include <Common/StringUtils/StringUtils.h>`
			`#include <Common/Exception.h>`

Remove broken lockless variant of re2 2023-09-14 16:12:29 +00:00			`#ifdef __clang__`
			`# pragma clang diagnostic push`
			`# pragma clang diagnostic ignored "-Wzero-as-null-pointer-constant"`
			`#endif`
Add HTTP header filtering 2023-06-15 13:49:49 +00:00			`#include <re2/re2.h>`
Remove broken lockless variant of re2 2023-09-14 16:12:29 +00:00			`#ifdef __clang__`
			`# pragma clang diagnostic pop`
			`#endif`
Add HTTP header filtering 2023-06-15 13:49:49 +00:00
			`namespace DB`
			`{`

			`namespace ErrorCodes`
			`{`
			`extern const int BAD_ARGUMENTS;`
			`}`

			`void HTTPHeaderFilter::checkHeaders(const HTTPHeaderEntries & entries) const`
			`{`
			`std::lock_guard guard(mutex);`

			`for (const auto & entry : entries)`
			`{`
Small fix for HTTPHeaderFilter 2023-08-08 06:38:16 +00:00			`if (entry.name.contains('\n') \|\| entry.value.contains('\n'))`
			`throw Exception(ErrorCodes::BAD_ARGUMENTS, "HTTP header \"{}\" has invalid character", entry.name);`
Update src/Common/HTTPHeaderFilter.cpp Co-authored-by: Nikolay Degterinsky <43110995+evillique@users.noreply.github.com> 2023-08-08 07:13:43 +00:00
Add HTTP header filtering 2023-06-15 13:49:49 +00:00			`if (forbidden_headers.contains(entry.name))`
			`throw Exception(ErrorCodes::BAD_ARGUMENTS, "HTTP header \"{}\" is forbidden in configuration file, "`
			`"see <http_forbid_headers>", entry.name);`

Fix build 2023-06-21 10:05:44 +00:00			`for (const auto & header_regex : forbidden_headers_regexp)`
Add HTTP header filtering 2023-06-15 13:49:49 +00:00			`if (re2::RE2::FullMatch(entry.name, header_regex))`
			`throw Exception(ErrorCodes::BAD_ARGUMENTS, "HTTP header \"{}\" is forbidden in configuration file, "`
			`"see <http_forbid_headers>", entry.name);`
			`}`
			`}`

			`void HTTPHeaderFilter::setValuesFromConfig(const Poco::Util::AbstractConfiguration & config)`
			`{`
			`std::lock_guard guard(mutex);`

Fix HTTP Header Filtering 2023-08-03 00:40:06 +00:00			`forbidden_headers.clear();`
			`forbidden_headers_regexp.clear();`
Fix style 2023-08-03 01:01:33 +00:00
Add HTTP header filtering 2023-06-15 13:49:49 +00:00			`if (config.has("http_forbid_headers"))`
			`{`
			`std::vector<std::string> keys;`
			`config.keys("http_forbid_headers", keys);`

			`for (const auto & key : keys)`
			`{`
			`if (startsWith(key, "header_regexp"))`
			`forbidden_headers_regexp.push_back(config.getString("http_forbid_headers." + key));`
			`else if (startsWith(key, "header"))`
			`forbidden_headers.insert(config.getString("http_forbid_headers." + key));`
			`}`
			`}`
			`}`

			`}`