Merge changes from topic 'cors'

* changes:
  Support faster cross-domain XHR calls
  Allow CORS to use modifying REST API

gerrit-pgm/BUILD

@@ -156,6 +156,7 @@ junit_tests(
     name = "pgm_tests",
     srcs = glob(["src/test/java/**/*.java"]),
     deps = [
+        ":http-jetty",
         ":init",
         ":init-api",
         ":pgm",
@@ -163,6 +164,7 @@ junit_tests(
         "//gerrit-server:server",
         "//lib:guava",
         "//lib:junit",
+        "//lib:truth",
         "//lib/easymock",
         "//lib/guice",
         "//lib/jgit/org.eclipse.jgit:jgit",

gerrit-pgm/src/main/java/com/google/gerrit/pgm/http/jetty/HttpLog.java

@@ -14,10 +14,18 @@
 
 package com.google.gerrit.pgm.http.jetty;
 
+import static com.google.gerrit.httpd.restapi.RestApiServlet.XD_AUTHORIZATION;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Splitter;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableSet;
 import com.google.gerrit.common.TimeUtil;
+import com.google.gerrit.extensions.restapi.Url;
 import com.google.gerrit.httpd.GetUserFilter;
 import com.google.gerrit.server.util.SystemLog;
 import com.google.inject.Inject;
+import java.util.Iterator;
 import org.apache.log4j.AsyncAppender;
 import org.apache.log4j.Level;
 import org.apache.log4j.Logger;
@@ -31,6 +39,7 @@ import org.eclipse.jetty.util.component.AbstractLifeCycle;
 class HttpLog extends AbstractLifeCycle implements RequestLog {
   private static final Logger log = Logger.getLogger(HttpLog.class);
   private static final String LOG_NAME = "httpd_log";
+  private static final ImmutableSet<String> REDACT_PARAM = ImmutableSet.of(XD_AUTHORIZATION);
 
   interface HttpLogFactory {
     HttpLog get();
@@ -78,10 +87,7 @@ class HttpLog extends AbstractLifeCycle implements RequestLog {
             );
 
     String uri = req.getRequestURI();
-    String qs = req.getQueryString();
-    if (qs != null) {
-      uri = uri + "?" + qs;
-    }
+    uri = redactQueryString(uri, req.getQueryString());
 
     String user = (String) req.getAttribute(GetUserFilter.REQ_ATTR_KEY);
     if (user != null) {
@@ -100,6 +106,31 @@ class HttpLog extends AbstractLifeCycle implements RequestLog {
     async.append(event);
   }
 
+  @VisibleForTesting
+  static String redactQueryString(String uri, String qs) {
+    if (Strings.isNullOrEmpty(qs)) {
+      return uri;
+    }
+
+    StringBuilder b = new StringBuilder(uri);
+    boolean first = true;
+    for (String kvPair : Splitter.on('&').split(qs)) {
+      Iterator<String> i = Splitter.on('=').limit(2).split(kvPair).iterator();
+      String key = i.next();
+      b.append(first ? '?' : '&').append(key);
+      first = false;
+      if (i.hasNext()) {
+        b.append('=');
+        if (REDACT_PARAM.contains(Url.decode(key))) {
+          b.append('*');
+        } else {
+          b.append(i.next());
+        }
+      }
+    }
+    return b.toString();
+  }
+
   private static void set(LoggingEvent event, String key, String val) {
     if (val != null && !val.isEmpty()) {
       event.setProperty(key, val);

gerrit-pgm/src/test/java/com/google/gerrit/pgm/http/jetty/HttpLogRedactTest.java

@@ -0,0 +1,46 @@
+// Copyright (C) 2017 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.pgm.http.jetty;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import org.junit.Test;
+
+public class HttpLogRedactTest {
+  @Test
+  public void includeQueryString() {
+    assertThat(HttpLog.redactQueryString("/changes/", null)).isEqualTo("/changes/");
+    assertThat(HttpLog.redactQueryString("/changes/", "")).isEqualTo("/changes/");
+    assertThat(HttpLog.redactQueryString("/changes/", "x")).isEqualTo("/changes/?x");
+    assertThat(HttpLog.redactQueryString("/changes/", "x=y")).isEqualTo("/changes/?x=y");
+  }
+
+  @Test
+  public void redactAuth() {
+    assertThat(HttpLog.redactQueryString("/changes/", "query=status:open"))
+        .isEqualTo("/changes/?query=status:open");
+
+    assertThat(HttpLog.redactQueryString("/changes/", "query=status:open&access_token=foo"))
+        .isEqualTo("/changes/?query=status:open&access_token=*");
+
+    assertThat(HttpLog.redactQueryString("/changes/", "access_token=foo"))
+        .isEqualTo("/changes/?access_token=*");
+
+    assertThat(
+            HttpLog.redactQueryString(
+                "/changes/", "query=status:open&access_token=foo&access_token=bar"))
+        .isEqualTo("/changes/?query=status:open&access_token=*&access_token=*");
+  }
+}