http2: add support for sensitive headers

Add support for “sensitive”/“never-indexed” HTTP2 headers.

Fixes: https://github.com/nodejs/node/issues/34091

PR-URL: https://github.com/nodejs/node/pull/34145
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Denys Otrishko <shishugi@gmail.com>

4 files changed, 23 insertions, 9 deletions

diff --git a/src/node_http2.cc b/src/node_http2.cc
index 4ac84d275d..9c077bea1e 100644
--- a/src/node_http2.cc
+++ b/src/node_http2.cc
@@ -1215,22 +1215,29 @@ void Http2Session::HandleHeadersFrame(const nghttp2_frame* frame) {
   // this way for performance reasons (it's faster to generate and pass an
   // array than it is to generate and pass the object).
 
-  std::vector<Local<Value>> headers_v(stream->headers_count() * 2);
+  MaybeStackBuffer<Local<Value>, 64> headers_v(stream->headers_count() * 2);
+  MaybeStackBuffer<Local<Value>, 32> sensitive_v(stream->headers_count());
+  size_t sensitive_count = 0;
+
   stream->TransferHeaders([&](const Http2Header& header, size_t i) {
     headers_v[i * 2] = header.GetName(this).ToLocalChecked();
     headers_v[i * 2 + 1] = header.GetValue(this).ToLocalChecked();
+    if (header.flags() & NGHTTP2_NV_FLAG_NO_INDEX)
+      sensitive_v[sensitive_count++] = headers_v[i * 2];
   });
   CHECK_EQ(stream->headers_count(), 0);
 
   DecrementCurrentSessionMemory(stream->current_headers_length_);
   stream->current_headers_length_ = 0;
 
-  Local<Value> args[5] = {
-      stream->object(),
-      Integer::New(isolate, id),
-      Integer::New(isolate, stream->headers_category()),
-      Integer::New(isolate, frame->hd.flags),
-      Array::New(isolate, headers_v.data(), headers_v.size())};
+  Local<Value> args[] = {
+    stream->object(),
+    Integer::New(isolate, id),
+    Integer::New(isolate, stream->headers_category()),
+    Integer::New(isolate, frame->hd.flags),
+    Array::New(isolate, headers_v.out(), headers_v.length()),
+    Array::New(isolate, sensitive_v.out(), sensitive_count),
+  };
   MakeCallback(env()->http2session_on_headers_function(),
                arraysize(args), args);
 }
diff --git a/src/node_http2.h b/src/node_http2.h
index 9e8521942e..9c7ffce2c4 100644
--- a/src/node_http2.h
+++ b/src/node_http2.h
@@ -116,7 +116,6 @@ using Nghttp2SessionCallbacksPointer =
 
 struct Http2HeadersTraits {
   typedef nghttp2_nv nv_t;
-  static const uint8_t kNoneFlag = NGHTTP2_NV_FLAG_NONE;
 };
 
 struct Http2RcBufferPointerTraits {
diff --git a/src/node_http_common-inl.h b/src/node_http_common-inl.h
index 7cd4bdec99..6ddc99e7d4 100644
--- a/src/node_http_common-inl.h
+++ b/src/node_http_common-inl.h
@@ -55,13 +55,14 @@ NgHeaders<T>::NgHeaders(Environment* env, v8::Local<v8::Array> headers) {
       return;
     }
 
-    nva[n].flags = T::kNoneFlag;
     nva[n].name = reinterpret_cast<uint8_t*>(p);
     nva[n].namelen = strlen(p);
     p += nva[n].namelen + 1;
     nva[n].value = reinterpret_cast<uint8_t*>(p);
     nva[n].valuelen = strlen(p);
     p += nva[n].valuelen + 1;
+    nva[n].flags = *p;
+    p++;
   }
 }
 
@@ -189,6 +190,11 @@ size_t NgHeader<T>::length() const {
   return name_.len() + value_.len();
 }
 
+template <typename T>
+uint8_t NgHeader<T>::flags() const {
+  return flags_;
+}
+
 }  // namespace node
 
 #endif  // SRC_NODE_HTTP_COMMON_INL_H_
diff --git a/src/node_http_common.h b/src/node_http_common.h
index c7e4d34af2..8017c0d7aa 100644
--- a/src/node_http_common.h
+++ b/src/node_http_common.h
@@ -460,6 +460,7 @@ struct NgHeaderBase : public MemoryRetainer {
   virtual std::string name() const = 0;
   virtual std::string value() const = 0;
   virtual size_t length() const = 0;
+  virtual uint8_t flags() const = 0;
   virtual std::string ToString() const;
 };
 
@@ -505,6 +506,7 @@ class NgHeader final : public NgHeaderBase<typename T::allocator_t> {
   inline std::string name() const override;
   inline std::string value() const override;
   inline size_t length() const override;
+  inline uint8_t flags() const override;
 
   void MemoryInfo(MemoryTracker* tracker) const override;