From e568ddf99687f635abe931c1eff2b8b37be3bc54 Mon Sep 17 00:00:00 2001
From: Rich Trott <rtrott@gmail.com>
Date: Wed, 30 Dec 2020 14:46:08 -0800
Subject: fix(op_crates/fetch): correct regexp for fetch header (#8927)

Fix bug in regular expression and make the regular expression more
strict.

In a string passed to new RegExp(), '[\t\s]' is identical to '[ts]' and
not `/[\t\s]/`. For that, the backslash needs to be escaped in the
string. Futhermore, `\t` is the tab character and is included in the
special regexp value `\s` so is unnecessary.

That would reduce the RegExp to new RegExp(`^${value}\\s*;?`) but
there's no point in matching 0 or more space characters followed by 0 or
one semi-colons as that will match no matter what follows `value`.

To make it more strict, require one of space, semicolon, or
end-of-string after value.
---
 cli/tests/unit/fetch_test.ts | 19 +++++++++++++++++++
 op_crates/fetch/26_fetch.js  |  2 +-
 test_util/src/lib.rs         | 21 +++++++++++++++++++++
 3 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/cli/tests/unit/fetch_test.ts b/cli/tests/unit/fetch_test.ts
index 86df4a1a9..0fbf01e6b 100644
--- a/cli/tests/unit/fetch_test.ts
+++ b/cli/tests/unit/fetch_test.ts
@@ -249,6 +249,25 @@ unitTest(
   },
 );
 
+unitTest(
+  { perms: { net: true } },
+  async function fetchMultipartFormBadContentType(): Promise<void> {
+    const response = await fetch(
+      "http://localhost:4545/multipart_form_bad_content_type",
+    );
+    assert(response.body !== null);
+
+    await assertThrowsAsync(
+      async (): Promise<void> => {
+        await response.formData();
+      },
+      TypeError,
+      "Invalid form data",
+    );
+    await response.body.cancel();
+  },
+);
+
 unitTest(
   { perms: { net: true } },
   async function fetchURLEncodedFormDataSuccess(): Promise<void> {
diff --git a/op_crates/fetch/26_fetch.js b/op_crates/fetch/26_fetch.js
index 0835e12a1..379c88e2f 100644
--- a/op_crates/fetch/26_fetch.js
+++ b/op_crates/fetch/26_fetch.js
@@ -138,7 +138,7 @@
   }
 
   function hasHeaderValueOf(s, value) {
-    return new RegExp(`^${value}[\t\s]*;?`).test(s);
+    return new RegExp(`^${value}(?:[\\s;]|$)`).test(s);
   }
 
   function getHeaderValueParams(value) {
diff --git a/test_util/src/lib.rs b/test_util/src/lib.rs
index dbb184fed..03b830783 100644
--- a/test_util/src/lib.rs
+++ b/test_util/src/lib.rs
@@ -391,6 +391,27 @@ async fn main_server(req: Request<Body>) -> hyper::Result<Response<Body>> {
       );
       Ok(res)
     }
+    (_, "/multipart_form_bad_content_type") => {
+      let b = "Preamble\r\n\
+             --boundary\t \r\n\
+             Content-Disposition: form-data; name=\"field_1\"\r\n\
+             \r\n\
+             value_1 \r\n\
+             \r\n--boundary\r\n\
+             Content-Disposition: form-data; name=\"field_2\";\
+             filename=\"file.js\"\r\n\
+             Content-Type: text/javascript\r\n\
+             \r\n\
+             console.log(\"Hi\")\
+             \r\n--boundary--\r\n\
+             Epilogue";
+      let mut res = Response::new(Body::from(b));
+      res.headers_mut().insert(
+        "content-type",
+        HeaderValue::from_static("multipart/form-datatststs;boundary=boundary"),
+      );
+      Ok(res)
+    }
     (_, "/bad_redirect") => {
       let mut res = Response::new(Body::empty());
       *res.status_mut() = StatusCode::FOUND;
-- 
cgit v1.2.3