// // Decompiled by Procyon v0.6.0 // package io.sentry.util; import java.util.Arrays; import java.util.Iterator; import java.util.ArrayList; import java.util.Collections; import org.jetbrains.annotations.Nullable; import java.util.Enumeration; import java.util.Locale; import org.jetbrains.annotations.NotNull; import io.sentry.HttpStatusCodeRange; import java.util.List; import org.jetbrains.annotations.ApiStatus; @ApiStatus.Internal public final class HttpUtils { public static final String COOKIE_HEADER_NAME = "Cookie"; private static final List SENSITIVE_HEADERS; private static final List SECURITY_COOKIES; private static final HttpStatusCodeRange CLIENT_ERROR_STATUS_CODES; private static final HttpStatusCodeRange SEVER_ERROR_STATUS_CODES; public static boolean containsSensitiveHeader(@NotNull final String header) { return HttpUtils.SENSITIVE_HEADERS.contains(header.toUpperCase(Locale.ROOT)); } @Nullable public static List filterOutSecurityCookiesFromHeader(@Nullable final Enumeration headers, @Nullable final String headerName, @Nullable final List additionalCookieNamesToFilter) { if (headers == null) { return null; } return filterOutSecurityCookiesFromHeader(Collections.list(headers), headerName, additionalCookieNamesToFilter); } @Nullable public static List filterOutSecurityCookiesFromHeader(@Nullable final List headers, @Nullable final String headerName, @Nullable final List additionalCookieNamesToFilter) { if (headers == null) { return null; } if (headerName != null && !"Cookie".equalsIgnoreCase(headerName)) { return headers; } final ArrayList filteredHeaders = new ArrayList(); for (final String header : headers) { filteredHeaders.add(filterOutSecurityCookies(header, additionalCookieNamesToFilter)); } return filteredHeaders; } @Nullable public static String filterOutSecurityCookies(@Nullable final String cookieString, @Nullable final List additionalCookieNamesToFilter) { if (cookieString == null) { return null; } try { final String[] cookies = cookieString.split(";", -1); final StringBuilder filteredCookieString = new StringBuilder(); boolean isFirst = true; for (final String cookie : cookies) { if (!isFirst) { filteredCookieString.append(";"); } final String[] cookieParts = cookie.split("=", -1); final String cookieName = cookieParts[0]; if (isSecurityCookie(cookieName.trim(), additionalCookieNamesToFilter)) { filteredCookieString.append(cookieName + "=" + "[Filtered]"); } else { filteredCookieString.append(cookie); } isFirst = false; } return filteredCookieString.toString(); } catch (final Throwable t) { return null; } } public static boolean isSecurityCookie(@NotNull final String cookieName, @Nullable final List additionalCookieNamesToFilter) { final String cookieNameToSearchFor = cookieName.toUpperCase(Locale.ROOT); if (HttpUtils.SECURITY_COOKIES.contains(cookieNameToSearchFor)) { return true; } if (additionalCookieNamesToFilter != null) { for (final String additionalCookieName : additionalCookieNamesToFilter) { if (additionalCookieName.toUpperCase(Locale.ROOT).equals(cookieNameToSearchFor)) { return true; } } } return false; } public static boolean isHttpClientError(final int statusCode) { return HttpUtils.CLIENT_ERROR_STATUS_CODES.isInRange(statusCode); } public static boolean isHttpServerError(final int statusCode) { return HttpUtils.SEVER_ERROR_STATUS_CODES.isInRange(statusCode); } static { SENSITIVE_HEADERS = Arrays.asList("X-FORWARDED-FOR", "AUTHORIZATION", "COOKIE", "SET-COOKIE", "X-API-KEY", "X-REAL-IP", "REMOTE-ADDR", "FORWARDED", "PROXY-AUTHORIZATION", "X-CSRF-TOKEN", "X-CSRFTOKEN", "X-XSRF-TOKEN"); SECURITY_COOKIES = Arrays.asList("JSESSIONID", "JSESSIONIDSSO", "JSSOSESSIONID", "SESSIONID", "SID", "CSRFTOKEN", "XSRF-TOKEN"); CLIENT_ERROR_STATUS_CODES = new HttpStatusCodeRange(400, 499); SEVER_ERROR_STATUS_CODES = new HttpStatusCodeRange(500, 599); } }