Merge pull request #13694 from Budibase/fix/invalid-content-dispositions

Handle invalid content-dispositions, still allow REST download
This commit is contained in:
Michael Drury 2024-05-15 15:13:18 +01:00 committed by GitHub
commit fe6af1bf8b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 237 additions and 510 deletions

View File

@ -17,8 +17,10 @@ module FetchMock {
raw: () => { raw: () => {
return { "content-type": ["application/json"] } return { "content-type": ["application/json"] }
}, },
get: () => { get: (name: string) => {
return ["application/json"] if (name.toLowerCase() === "content-type") {
return ["application/json"]
}
}, },
}, },
json: async () => { json: async () => {

View File

@ -16,6 +16,7 @@ import get from "lodash/get"
import * as https from "https" import * as https from "https"
import qs from "querystring" import qs from "querystring"
import fetch from "node-fetch" import fetch from "node-fetch"
import type { Response } from "node-fetch"
import { formatBytes } from "../utilities" import { formatBytes } from "../utilities"
import { performance } from "perf_hooks" import { performance } from "perf_hooks"
import FormData from "form-data" import FormData from "form-data"
@ -25,6 +26,7 @@ import { handleFileResponse, handleXml } from "./utils"
import { parse } from "content-disposition" import { parse } from "content-disposition"
import path from "path" import path from "path"
import { Builder as XmlBuilder } from "xml2js" import { Builder as XmlBuilder } from "xml2js"
import { getAttachmentHeaders } from "./utils/restUtils"
enum BodyType { enum BodyType {
NONE = "none", NONE = "none",
@ -130,14 +132,15 @@ class RestIntegration implements IntegrationBase {
this.config = config this.config = config
} }
async parseResponse(response: any, pagination: PaginationConfig | null) { async parseResponse(response: Response, pagination: PaginationConfig | null) {
let data: any[] | string | undefined, let data: any[] | string | undefined,
raw: string | undefined, raw: string | undefined,
headers: Record<string, string> = {}, headers: Record<string, string[] | string> = {},
filename: string | undefined filename: string | undefined
const contentType = response.headers.get("content-type") || "" const { contentType, contentDisposition } = getAttachmentHeaders(
const contentDisposition = response.headers.get("content-disposition") || "" response.headers
)
if ( if (
contentDisposition.includes("filename") || contentDisposition.includes("filename") ||
contentDisposition.includes("attachment") || contentDisposition.includes("attachment") ||
@ -172,7 +175,7 @@ class RestIntegration implements IntegrationBase {
throw `Failed to parse response body: ${err}` throw `Failed to parse response body: ${err}`
} }
let contentLength: string = response.headers.get("content-length") let contentLength = response.headers.get("content-length")
if (!contentLength && raw) { if (!contentLength && raw) {
contentLength = Buffer.byteLength(raw, "utf8").toString() contentLength = Buffer.byteLength(raw, "utf8").toString()
} }

View File

@ -4,7 +4,11 @@ jest.mock("node-fetch", () => {
raw: () => { raw: () => {
return { "content-type": ["application/json"] } return { "content-type": ["application/json"] }
}, },
get: () => ["application/json"], get: (name: string) => {
if (name.toLowerCase() === "content-type") {
return ["application/json"]
}
},
}, },
json: jest.fn(() => ({ json: jest.fn(() => ({
my_next_cursor: 123, my_next_cursor: 123,
@ -211,7 +215,16 @@ describe("REST Integration", () => {
json: json ? async () => json : undefined, json: json ? async () => json : undefined,
text: text ? async () => text : undefined, text: text ? async () => text : undefined,
headers: { headers: {
get: (key: any) => (key === "content-length" ? 100 : header), get: (key: string) => {
switch (key.toLowerCase()) {
case "content-length":
return 100
case "content-type":
return header
default:
return ""
}
},
raw: () => ({ "content-type": header }), raw: () => ({ "content-type": header }),
}, },
} }

View File

@ -0,0 +1,38 @@
import { getAttachmentHeaders } from "../utils/restUtils"
import type { Headers } from "node-fetch"
function headers(dispositionValue: string) {
return {
get: (name: string) => {
if (name.toLowerCase() === "content-disposition") {
return dispositionValue
} else {
return "application/pdf"
}
},
set: () => {},
} as unknown as Headers
}
describe("getAttachmentHeaders", () => {
it("should be able to correctly handle a broken content-disposition", () => {
const { contentDisposition } = getAttachmentHeaders(
headers(`filename="report.pdf"`)
)
expect(contentDisposition).toBe(`attachment; filename="report.pdf"`)
})
it("should be able to correctly with a filename that could cause problems", () => {
const { contentDisposition } = getAttachmentHeaders(
headers(`filename="report;.pdf"`)
)
expect(contentDisposition).toBe(`attachment; filename="report;.pdf"`)
})
it("should not touch a valid content-disposition", () => {
const { contentDisposition } = getAttachmentHeaders(
headers(`inline; filename="report.pdf"`)
)
expect(contentDisposition).toBe(`inline; filename="report.pdf"`)
})
})

View File

@ -0,0 +1,28 @@
import type { Headers } from "node-fetch"
export function getAttachmentHeaders(headers: Headers) {
const contentType = headers.get("content-type") || ""
let contentDisposition = headers.get("content-disposition") || ""
// the API does not follow the requirements of https://www.ietf.org/rfc/rfc2183.txt
// all content-disposition headers should be format disposition-type; parameters
// but some APIs do not provide a type, causing the parse below to fail - add one to fix this
if (contentDisposition) {
const quotesRegex = /"(?:[^"\\]|\\.)*"|;/g
let match: RegExpMatchArray | null = null,
found = false
while ((match = quotesRegex.exec(contentDisposition)) !== null) {
if (match[0] === ";") {
found = true
}
}
if (!found) {
return {
contentDisposition: `attachment; ${contentDisposition}`,
contentType,
}
}
}
return { contentDisposition, contentType }
}

645
yarn.lock

File diff suppressed because it is too large Load Diff