Skip to content

Commit

Permalink
chore: validate header and method
Browse files Browse the repository at this point in the history
  • Loading branch information
Lightning00Blade committed May 27, 2024
1 parent 8398ae4 commit fcdba51
Show file tree
Hide file tree
Showing 4 changed files with 46 additions and 146 deletions.
48 changes: 46 additions & 2 deletions src/bidiMapper/modules/network/NetworkProcessor.ts
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,14 @@ export class NetworkProcessor {
NetworkProcessor.parseUrlString(params.url);
}

if (params.headers) {
NetworkProcessor.validateHeaders(params.headers);
}

if (params.method !== undefined) {
NetworkProcessor.validateMethod(params.method);
}

const request = this.#getBlockedRequestOrFail(networkId, [
Network.InterceptPhase.BeforeRequestSent,
]);
Expand All @@ -103,7 +111,7 @@ export class NetworkProcessor {
});
} catch (error) {
// https://source.chromium.org/chromium/chromium/src/+/main:content/browser/devtools/protocol/fetch_handler.cc;l=169
if (error instanceof Error && error.message.includes('Invalid header')) {
if ((error as any)?.message.includes('Invalid header')) {
throw new InvalidArgumentException('Tried setting invalid header');
}
throw error;
Expand Down Expand Up @@ -308,11 +316,47 @@ export class NetworkProcessor {
return request;
}

/**
* Validate https://fetch.spec.whatwg.org/#header-value
*/
static validateHeaders(headers: Network.Header[]) {
for (const header of headers) {
let headerValue: string;
if (header.value.type === 'string') {
headerValue = header.value.value;
} else {
headerValue = atob(header.value.value);
}

if (
headerValue !== headerValue.trim() ||
headerValue.includes('\n') ||
headerValue.includes('\0')
) {
throw new InvalidArgumentException(
`Header value '${headerValue}' is not acceptable value`
);
}
}
}

/**
* Validate https://httpwg.org/specs/rfc9110.html#method.overview
* CDP accepts custom Methods but they fail in the fetch script
*/
static validateMethod(method: string) {
if (!/^(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE)$/.test(method)) {
throw new InvalidArgumentException(
`Method '${method}' is not acceptable value`
);
}
}

/**
* Attempts to parse the given url.
* Throws an InvalidArgumentException if the url is invalid.
*/
static parseUrlString(url: string): URL {
static parseUrlString(url: string) {
try {
return new URL(url);
} catch (error) {
Expand Down

This file was deleted.

This file was deleted.

This file was deleted.

0 comments on commit fcdba51

Please sign in to comment.