diff options
| author | hcpp <[email protected]> | 2023-11-08 22:36:26 +0300 |
|---|---|---|
| committer | hcpp <[email protected]> | 2023-11-08 22:59:37 +0300 |
| commit | 202a1ac82d1e5912c218f715e2b51eedca69d71b (patch) | |
| tree | 820c756d93da98ab7b9645687587f102507ac275 /library/cpp/string_utils/secret_string/secret_string.h | |
| parent | 56be5c51d62e26ec258cc3171e3417ab1516a178 (diff) | |
Revert "metrics have been added"
This reverts commit 16e792be75335b09a4f9f254e3972030af83b1ad, reversing
changes made to 3790f3d771d1a65ed6c0d05f3e0d79ff13308142.
Diffstat (limited to 'library/cpp/string_utils/secret_string/secret_string.h')
| -rw-r--r-- | library/cpp/string_utils/secret_string/secret_string.h | 74 |
1 files changed, 0 insertions, 74 deletions
diff --git a/library/cpp/string_utils/secret_string/secret_string.h b/library/cpp/string_utils/secret_string/secret_string.h deleted file mode 100644 index fdb9f6a85ce..00000000000 --- a/library/cpp/string_utils/secret_string/secret_string.h +++ /dev/null @@ -1,74 +0,0 @@ -#pragma once - -#include <library/cpp/string_utils/ztstrbuf/ztstrbuf.h> - -#include <util/generic/string.h> - -namespace NSecretString { - /** - * TSecretString allowes to store some long lived secrets in "secure" storage in memory. - * Common usage: - * 1) read secret value from disk/env/etc - * 2) put it into TSecretString - * 3) destory secret copy from 1) - * - * Useful scenerios for TSecretString: - * - in memory only tasks: using key to create crypto signature; - * - rare network cases: db password on connection or OAuth token in background tasks. - * These cases disclosure the secret - * because of sending it over network with some I/O frameworks. - * Usually such frameworks copy input params to provide network protocol: gRPC, for example. - * - * Supported features: - * 1. Exclude secret from core dump. - * madvise(MADV_DONTDUMP) in ctor excludes full memory page from core dump. - * madvise(MADV_DODUMP) in dtor reverts previous action. - * 2. Zero memory before free. - * - * Code dump looks like this: -(gdb) print s -$1 = (const TSecretString &) @0x7fff23c4c560: { - Value_ = {<TStringBase<TBasicString<char, std::__y1::char_traits<char> >, char, std::__y1::char_traits<char> >> = { - static npos = <optimized out>}, Data_ = 0x107c001d8 <error: Cannot access memory at address 0x107c001d8>}} - */ - - class TSecretString { - public: - TSecretString() = default; - TSecretString(TStringBuf value); - ~TSecretString(); - - TSecretString(const TSecretString& o) - : TSecretString(o.Value()) - { - } - - TSecretString(TSecretString&& o) - : TSecretString(o.Value()) - { - o.Clear(); - } - - TSecretString& operator=(const TSecretString& o); - TSecretString& operator=(TSecretString&& o); - - TSecretString& operator=(const TStringBuf o); - - operator TZtStringBuf() const { - return Value(); - } - - // Provides zero terminated string - TZtStringBuf Value() const { - return TZtStringBuf(Value_); - } - - private: - // TStringBuf breaks Copy-On-Write to provide correct copy-ctor and copy-assignment - void Init(TStringBuf value); - void Clear(); - - private: - TString Value_; - }; -} |