.class public final Lio/sentry/util/HttpUtils; .super Ljava/lang/Object; .source "HttpUtils.java" # static fields .field public static final COOKIE_HEADER_NAME:Ljava/lang/String; = "Cookie" .field private static final SECURITY_COOKIES:Ljava/util/List; .annotation system Ldalvik/annotation/Signature; value = { "Ljava/util/List<", "Ljava/lang/String;", ">;" } .end annotation .end field .field private static final SENSITIVE_HEADERS:Ljava/util/List; .annotation system Ldalvik/annotation/Signature; value = { "Ljava/util/List<", "Ljava/lang/String;", ">;" } .end annotation .end field # direct methods .method static constructor ()V .locals 12 const-string v0, "X-FORWARDED-FOR" const-string v1, "AUTHORIZATION" const-string v2, "COOKIE" const-string v3, "SET-COOKIE" const-string v4, "X-API-KEY" const-string v5, "X-REAL-IP" const-string v6, "REMOTE-ADDR" const-string v7, "FORWARDED" const-string v8, "PROXY-AUTHORIZATION" const-string v9, "X-CSRF-TOKEN" const-string v10, "X-CSRFTOKEN" const-string v11, "X-XSRF-TOKEN" .line 20 filled-new-array/range {v0 .. v11}, [Ljava/lang/String; move-result-object v0 .line 21 invoke-static {v0}, Ljava/util/Arrays;->asList([Ljava/lang/Object;)Ljava/util/List; move-result-object v0 sput-object v0, Lio/sentry/util/HttpUtils;->SENSITIVE_HEADERS:Ljava/util/List; const-string v1, "JSESSIONID" const-string v2, "JSESSIONIDSSO" const-string v3, "JSSOSESSIONID" const-string v4, "SESSIONID" const-string v5, "SID" const-string v6, "CSRFTOKEN" const-string v7, "XSRF-TOKEN" .line 35 filled-new-array/range {v1 .. v7}, [Ljava/lang/String; move-result-object v0 .line 36 invoke-static {v0}, Ljava/util/Arrays;->asList([Ljava/lang/Object;)Ljava/util/List; move-result-object v0 sput-object v0, Lio/sentry/util/HttpUtils;->SECURITY_COOKIES:Ljava/util/List; return-void .end method .method public constructor ()V .locals 0 .line 16 invoke-direct {p0}, Ljava/lang/Object;->()V return-void .end method .method public static containsSensitiveHeader(Ljava/lang/String;)Z .locals 2 sget-object v0, Lio/sentry/util/HttpUtils;->SENSITIVE_HEADERS:Ljava/util/List; .line 46 sget-object v1, Ljava/util/Locale;->ROOT:Ljava/util/Locale; invoke-virtual {p0, v1}, Ljava/lang/String;->toUpperCase(Ljava/util/Locale;)Ljava/lang/String; move-result-object p0 invoke-interface {v0, p0}, Ljava/util/List;->contains(Ljava/lang/Object;)Z move-result p0 return p0 .end method .method public static filterOutSecurityCookies(Ljava/lang/String;Ljava/util/List;)Ljava/lang/String; .locals 11 .annotation system Ldalvik/annotation/Signature; value = { "(", "Ljava/lang/String;", "Ljava/util/List<", "Ljava/lang/String;", ">;)", "Ljava/lang/String;" } .end annotation const-string v0, "=" const-string v1, ";" const/4 v2, 0x0 if-nez p0, :cond_0 return-object v2 :cond_0 const/4 v3, -0x1 .line 90 :try_start_0 invoke-virtual {p0, v1, v3}, Ljava/lang/String;->split(Ljava/lang/String;I)[Ljava/lang/String; move-result-object p0 .line 91 new-instance v4, Ljava/lang/StringBuilder; invoke-direct {v4}, Ljava/lang/StringBuilder;->()V .line 94 array-length v5, p0 const/4 v6, 0x1 const/4 v7, 0x0 move v8, v7 :goto_0 if-ge v8, v5, :cond_3 aget-object v9, p0, v8 if-nez v6, :cond_1 .line 96 invoke-virtual {v4, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; .line 99 :cond_1 invoke-virtual {v9, v0, v3}, Ljava/lang/String;->split(Ljava/lang/String;I)[Ljava/lang/String; move-result-object v6 .line 100 aget-object v6, v6, v7 .line 101 invoke-virtual {v6}, Ljava/lang/String;->trim()Ljava/lang/String; move-result-object v10 invoke-static {v10, p1}, Lio/sentry/util/HttpUtils;->isSecurityCookie(Ljava/lang/String;Ljava/util/List;)Z move-result v10 if-eqz v10, :cond_2 .line 102 new-instance v9, Ljava/lang/StringBuilder; invoke-direct {v9}, Ljava/lang/StringBuilder;->()V invoke-virtual {v9, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v6 invoke-virtual {v6, v0}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v6 const-string v9, "[Filtered]" invoke-virtual {v6, v9}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; move-result-object v6 invoke-virtual {v6}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String; move-result-object v6 invoke-virtual {v4, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; goto :goto_1 .line 104 :cond_2 invoke-virtual {v4, v9}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; :goto_1 add-int/lit8 v8, v8, 0x1 move v6, v7 goto :goto_0 .line 109 :cond_3 invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String; move-result-object p0 :try_end_0 .catchall {:try_start_0 .. :try_end_0} :catchall_0 return-object p0 :catchall_0 return-object v2 .end method .method public static filterOutSecurityCookiesFromHeader(Ljava/util/Enumeration;Ljava/lang/String;Ljava/util/List;)Ljava/util/List; .locals 0 .annotation system Ldalvik/annotation/Signature; value = { "(", "Ljava/util/Enumeration<", "Ljava/lang/String;", ">;", "Ljava/lang/String;", "Ljava/util/List<", "Ljava/lang/String;", ">;)", "Ljava/util/List<", "Ljava/lang/String;", ">;" } .end annotation if-nez p0, :cond_0 const/4 p0, 0x0 return-object p0 .line 58 :cond_0 invoke-static {p0}, Ljava/util/Collections;->list(Ljava/util/Enumeration;)Ljava/util/ArrayList; move-result-object p0 .line 57 invoke-static {p0, p1, p2}, Lio/sentry/util/HttpUtils;->filterOutSecurityCookiesFromHeader(Ljava/util/List;Ljava/lang/String;Ljava/util/List;)Ljava/util/List; move-result-object p0 return-object p0 .end method .method public static filterOutSecurityCookiesFromHeader(Ljava/util/List;Ljava/lang/String;Ljava/util/List;)Ljava/util/List; .locals 1 .annotation system Ldalvik/annotation/Signature; value = { "(", "Ljava/util/List<", "Ljava/lang/String;", ">;", "Ljava/lang/String;", "Ljava/util/List<", "Ljava/lang/String;", ">;)", "Ljava/util/List<", "Ljava/lang/String;", ">;" } .end annotation if-nez p0, :cond_0 const/4 p0, 0x0 return-object p0 :cond_0 if-eqz p1, :cond_1 const-string v0, "Cookie" .line 69 invoke-virtual {v0, p1}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z move-result p1 if-nez p1, :cond_1 return-object p0 .line 73 :cond_1 new-instance p1, Ljava/util/ArrayList; invoke-direct {p1}, Ljava/util/ArrayList;->()V .line 75 invoke-interface {p0}, Ljava/util/List;->iterator()Ljava/util/Iterator; move-result-object p0 :goto_0 invoke-interface {p0}, Ljava/util/Iterator;->hasNext()Z move-result v0 if-eqz v0, :cond_2 invoke-interface {p0}, Ljava/util/Iterator;->next()Ljava/lang/Object; move-result-object v0 check-cast v0, Ljava/lang/String; .line 77 invoke-static {v0, p2}, Lio/sentry/util/HttpUtils;->filterOutSecurityCookies(Ljava/lang/String;Ljava/util/List;)Ljava/lang/String; move-result-object v0 .line 76 invoke-virtual {p1, v0}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z goto :goto_0 :cond_2 return-object p1 .end method .method public static isSecurityCookie(Ljava/lang/String;Ljava/util/List;)Z .locals 3 .annotation system Ldalvik/annotation/Signature; value = { "(", "Ljava/lang/String;", "Ljava/util/List<", "Ljava/lang/String;", ">;)Z" } .end annotation .line 118 sget-object v0, Ljava/util/Locale;->ROOT:Ljava/util/Locale; invoke-virtual {p0, v0}, Ljava/lang/String;->toUpperCase(Ljava/util/Locale;)Ljava/lang/String; move-result-object p0 sget-object v0, Lio/sentry/util/HttpUtils;->SECURITY_COOKIES:Ljava/util/List; .line 119 invoke-interface {v0, p0}, Ljava/util/List;->contains(Ljava/lang/Object;)Z move-result v0 const/4 v1, 0x1 if-eqz v0, :cond_0 return v1 :cond_0 if-eqz p1, :cond_2 .line 124 invoke-interface {p1}, Ljava/util/List;->iterator()Ljava/util/Iterator; move-result-object p1 :cond_1 invoke-interface {p1}, Ljava/util/Iterator;->hasNext()Z move-result v0 if-eqz v0, :cond_2 invoke-interface {p1}, Ljava/util/Iterator;->next()Ljava/lang/Object; move-result-object v0 check-cast v0, Ljava/lang/String; .line 125 sget-object v2, Ljava/util/Locale;->ROOT:Ljava/util/Locale; invoke-virtual {v0, v2}, Ljava/lang/String;->toUpperCase(Ljava/util/Locale;)Ljava/lang/String; move-result-object v0 invoke-virtual {v0, p0}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z move-result v0 if-eqz v0, :cond_1 return v1 :cond_2 const/4 p0, 0x0 return p0 .end method