From 991248649b76a5a071e1360a700f3e2ecf3e1e1f Mon Sep 17 00:00:00 2001 From: practicalswift Date: Wed, 31 Oct 2018 11:42:01 +0100 Subject: [PATCH 1/2] rpc: Make HTTP RPC debug logging more informative --- src/httpserver.cpp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/httpserver.cpp b/src/httpserver.cpp index 60e7b917d..b327af3f1 100644 --- a/src/httpserver.cpp +++ b/src/httpserver.cpp @@ -224,21 +224,25 @@ static void http_request_cb(struct evhttp_request* req, void* arg) } std::unique_ptr hreq(new HTTPRequest(req)); - LogPrint(BCLog::HTTP, "Received a %s request for %s from %s\n", - RequestMethodString(hreq->GetRequestMethod()), hreq->GetURI(), hreq->GetPeer().ToString()); - // Early address-based allow check if (!ClientAllowed(hreq->GetPeer())) { + LogPrint(BCLog::HTTP, "HTTP request from %s rejected: Client network is not allowed RPC access\n", + hreq->GetPeer().ToString()); hreq->WriteReply(HTTP_FORBIDDEN); return; } // Early reject unknown HTTP methods if (hreq->GetRequestMethod() == HTTPRequest::UNKNOWN) { + LogPrint(BCLog::HTTP, "HTTP request from %s rejected: Unknown HTTP request method\n", + hreq->GetPeer().ToString()); hreq->WriteReply(HTTP_BADMETHOD); return; } + LogPrint(BCLog::HTTP, "Received a %s request for %s from %s\n", + RequestMethodString(hreq->GetRequestMethod()), SanitizeString(hreq->GetURI()).substr(0, 100), hreq->GetPeer().ToString()); + // Find registered handler for prefix std::string strURI = hreq->GetURI(); std::string path; From ab8c6f24d28ea1d1e6258cf316b4b97a0baf2377 Mon Sep 17 00:00:00 2001 From: practicalswift Date: Thu, 1 Nov 2018 17:03:32 +0100 Subject: [PATCH 2/2] Add SAFE_CHARS[SAFE_CHARS_URI]: Chars allowed in URIs (RFC 3986) --- src/httpserver.cpp | 2 +- src/util/strencodings.cpp | 1 + src/util/strencodings.h | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/httpserver.cpp b/src/httpserver.cpp index b327af3f1..91ebc4680 100644 --- a/src/httpserver.cpp +++ b/src/httpserver.cpp @@ -241,7 +241,7 @@ static void http_request_cb(struct evhttp_request* req, void* arg) } LogPrint(BCLog::HTTP, "Received a %s request for %s from %s\n", - RequestMethodString(hreq->GetRequestMethod()), SanitizeString(hreq->GetURI()).substr(0, 100), hreq->GetPeer().ToString()); + RequestMethodString(hreq->GetRequestMethod()), SanitizeString(hreq->GetURI(), SAFE_CHARS_URI).substr(0, 100), hreq->GetPeer().ToString()); // Find registered handler for prefix std::string strURI = hreq->GetURI(); diff --git a/src/util/strencodings.cpp b/src/util/strencodings.cpp index 5b8520030..2a2df4333 100644 --- a/src/util/strencodings.cpp +++ b/src/util/strencodings.cpp @@ -20,6 +20,7 @@ static const std::string SAFE_CHARS[] = CHARS_ALPHA_NUM + " .,;-_/:?@()", // SAFE_CHARS_DEFAULT CHARS_ALPHA_NUM + " .,;-_?@", // SAFE_CHARS_UA_COMMENT CHARS_ALPHA_NUM + ".-_", // SAFE_CHARS_FILENAME + CHARS_ALPHA_NUM + "!*'();:@&=+$,/?#[]-_.~%", // SAFE_CHARS_URI }; std::string SanitizeString(const std::string& str, int rule) diff --git a/src/util/strencodings.h b/src/util/strencodings.h index 132071c61..87ccf40a1 100644 --- a/src/util/strencodings.h +++ b/src/util/strencodings.h @@ -25,6 +25,7 @@ enum SafeChars SAFE_CHARS_DEFAULT, //!< The full set of allowed chars SAFE_CHARS_UA_COMMENT, //!< BIP-0014 subset SAFE_CHARS_FILENAME, //!< Chars allowed in filenames + SAFE_CHARS_URI, //!< Chars allowed in URIs (RFC 3986) }; /**