improve reduct

Author: sfc-gh-okalaci

pg_lake_iceberg/src/http/http_client.c

@@ -71,7 +71,7 @@ static void CurlCleanup(CURL * curl, struct curl_slist *headerList);
 static HttpResult CurlReturnError(CURL * curl, struct curl_slist *headerList,
 								  CURLcode curlCode, const char *errorMsg);
 static const char *HttpRequestMethodToString(HttpMethod method);
-static char *RedactSensitiveStrings(char *s);
+static char *RedactSensitiveJson(char *s);
 
 #define CURL_SETOPT(curl, opt, value) do { \
 	curlCode = curl_easy_setopt((curl), (opt), (value)); \
@@ -464,7 +464,7 @@ HttpCommonNoThrows(HttpMethod method, const char *url, const char *postData, con
 
 		ereport(INFO, (errmsg("making %s request to URL %s%s",
 							  HttpRequestMethodToString(method), url,
-							  postDataInfo ? RedactSensitiveStrings(postDataInfo->data) : "")));
+							  postDataInfo ? RedactSensitiveJson(postDataInfo->data) : "")));
 	}
 
 	if (!CheckMinCurlVersion(curl_version_info(CURLVERSION_NOW)))
@@ -531,7 +531,7 @@ HttpCommonNoThrows(HttpMethod method, const char *url, const char *postData, con
 	if (HttpClientTraceTraffic && message_level_is_interesting(INFO))
 	{
 		ereport(INFO, (errmsg("received response with status code %ld, body: %s",
-							  res.status, res.body ? RedactSensitiveStrings(res.body) : "<empty>")));
+							  res.status, res.body ? RedactSensitiveJson(res.body) : "<empty>")));
 	}
 
 	return res;
@@ -558,37 +558,90 @@ HttpRequestMethodToString(HttpMethod method)
 	}
 }
 
+#include <string.h>
+#include <ctype.h>
 
+/*
+ * RedactSensitiveJson
+ *   In-place redaction of token-looking values in JSON-ish text.
+ */
 static char *
-RedactSensitiveStrings(char *s)
+RedactSensitiveJson(char *input)
 {
-	const char *patterns[] = {
-		"\"token\":", "\"access-token\":", "\"session-token\":",
-		"\"authorization\":", "\"Authorization\":", "Bearer "
+	char	   *copyOfinput = pstrdup(input);
+
+	const char *keys[] = {
+		"\"access_token\"",
+		"\"refresh_token\"",
+		"\"id_token\"",
+		"\"session_token\"",
+		"\"token\"",
+		"\"access-token\"",
+		"\"authorization\"",
+		"\"Authorization\""
 	};
+	const int	keyCount = sizeof(keys) / sizeof(keys[0]);
 
-	const int	patternCount = sizeof(patterns) / sizeof(patterns[0]);
-
-	for (int i = 0; i < patternCount; i++)
+	for (int i = 0; i < keyCount; i++)
 	{
-		char	   *p = s;
+		const char *key = keys[i];
+		char	   *p = copyOfinput;
 
-		while ((p = strstr(p, patterns[i])) != NULL)
+		while ((p = strstr(p, key)) != NULL)
 		{
-			p += strlen(patterns[i]);
+			/* Move to the colon after the key */
+			char	   *colon = strchr(p + strlen(key), ':');
+
+			if (colon == NULL)
+			{
+				/* No colon? then this isn't a key-value pair, skip */
+				p += strlen(key);
+				continue;
+			}
+
+			char	   *v = colon + 1;	/* start of value (maybe spaces /
+										 * quote) */
+
+			/* Skip whitespace */
+			while (*v && isspace((unsigned char) *v))
+				v++;
 
-			/* Skip whitespace and possible quotes */
-			while (*p == ' ' || *p == '\"')
-				p++;
+			int			quoted = 0;
 
-			/* Now redact until whitespace, quote or comma */
-			while (*p && *p != '\"' && *p != ',' && *p != '\n' && *p != ' ')
+			if (*v == '"')
 			{
-				*p = '*';
-				p++;
+				quoted = 1;
+				v++;			/* move to first character of value */
 			}
+
+			char	   *q = v;
+
+			if (quoted)
+			{
+				/* Redact until the closing quote */
+				while (*q && *q != '"')
+				{
+					*q = '*';
+					q++;
+				}
+			}
+			else
+			{
+				/* Redact until comma, closing brace, or whitespace */
+				while (*q &&
+					   *q != ',' &&
+					   *q != '}' &&
+					   !isspace((unsigned char) *q))
+				{
+					*q = '*';
+					q++;
+				}
+			}
+
+			/* Continue search after the value we just redacted */
+			p = q;
 		}
 	}
 
-	return s;
+	return copyOfinput;
 }