system-proxy: Secure system credentials Currently System-proxy sends the policy set credentials with every connect request to a remote proxy. Since less secure authentication schemes send the credentials in clear to the proxy, an attacker can easily obtain the policy set credentials. To protect against a downgrade attack, this CL restricts the auth schemes for which the policy set credentials can be applied. BUG=chromium:1132247 TEST=HttpServerProxyConnectJobTest.PolicyAuth* Change-Id: I17e2d3e38b1560f0fadf347657bd3f4b6e1bae09 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2483831 Tested-by: Andreea-Elena Costinas <acostinas@google.com> Commit-Queue: Andreea-Elena Costinas <acostinas@google.com> Reviewed-by: Pavol Marko <pmarko@chromium.org>

commit: cc4d54ed02fc90b64c8567f4abb7ca5ce9fc35ee [log] [tgz]
author: Andreea Costinas <acostinas@google.com> Mon Oct 19 15:46:25 2020 +0200
committer: Commit Bot <commit-bot@chromium.org> Wed Nov 04 11:45:05 2020 +0000
tree: 9003b4c8e3956bd7673c43a3bc440f441bdea4b2
parent: ed9ddfcd376a8c134215d8ba689f66c469f3d7eb [diff] [blame]
diff --git a/system-proxy/http_util.cc b/system-proxy/http_util.cc
index af923a5..780c3fd 100644
--- a/system-proxy/http_util.cc
+++ b/system-proxy/http_util.cc

@@ -7,9 +7,12 @@
 #include <array>
 #include <string_view>
 
+#include <curl/curl.h>
+
 #include <base/strings/stringprintf.h>
 #include <base/strings/string_split.h>
 #include <base/strings/string_tokenizer.h>
+#include <base/strings/string_util.h>
 
 namespace {
 // The elements in this array are used to identify the end of a HTTP header
@@ -108,5 +111,4 @@
 
   return scheme_realm_pairs;
 }
-
 }  // namespace system_proxy
commit	cc4d54ed02fc90b64c8567f4abb7ca5ce9fc35ee	[log] [tgz]
author	Andreea Costinas <acostinas@google.com>	Mon Oct 19 15:46:25 2020 +0200
committer	Commit Bot <commit-bot@chromium.org>	Wed Nov 04 11:45:05 2020 +0000
tree	9003b4c8e3956bd7673c43a3bc440f441bdea4b2
parent	ed9ddfcd376a8c134215d8ba689f66c469f3d7eb [diff] [blame]