Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Don't leak sensitive information when logging cookies.

Change-Id: Id3a171f588fb545e14188e69e7bf6f2d4ef25b5c
http://b/3095990
  • Loading branch information...
commit 9f7b511f4ac753992e9b726c41f7aec71092c15c 1 parent 8232105
Jesse Wilson authored
Showing with 21 additions and 3 deletions.
  1. +21 −3 src/org/apache/http/client/protocol/ResponseProcessCookies.java
View
24 src/org/apache/http/client/protocol/ResponseProcessCookies.java
@@ -124,13 +124,17 @@ private void processCookies(
cookieStore.addCookie(cookie);
if (this.log.isDebugEnabled()) {
+ // BEGIN android-changed
this.log.debug("Cookie accepted: \""
- + cookie + "\". ");
+ + cookieToString(cookie) + "\". ");
+ // END android-changed
}
} catch (MalformedCookieException ex) {
if (this.log.isWarnEnabled()) {
+ // BEGIN android-changed
this.log.warn("Cookie rejected: \""
- + cookie + "\". " + ex.getMessage());
+ + cookieToString(cookie) + "\". " + ex.getMessage());
+ // END android-changed
}
}
}
@@ -142,5 +146,19 @@ private void processCookies(
}
}
}
-
+
+ // BEGIN android-added
+ /**
+ * Don't log the cookie's value; that's potentially sensitive information.
+ */
+ private String cookieToString(Cookie cookie) {
+ return cookie.getClass().getSimpleName()
+ + "[version=" + cookie.getVersion()
+ + ",name=" + cookie.getName()
+ + ",domain=" + cookie.getDomain()
+ + ",path=" + cookie.getPath()
+ + ",expiry=" + cookie.getExpiryDate()
+ + "]";
+ }
+ // END android-added
}
Please sign in to comment.
Something went wrong with that request. Please try again.