kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: escape $ in curl request bodies and headers (#6245)

Browse Source 
This address a bug where a `$` character in a request body or header
would not be properly escaped in a string in the generated curl command.

Fixes #5390
This commit is contained in:
Alec Theriault
2020-08-03 12:07:06 -04:00
committed by GitHub
parent 28b3b4c4b6
commit 225a915cf8
2 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/core/curlify.js
View File

@@ -26,7 +26,7 @@ export default function curl( request ){
for( let p of request.get("headers").entries() ){
let [ h,v ] = p
curlified.push( "-H " )
curlified.push( `"${h}: ${v}"` )
curlified.push( `"${h}: ${v.replace("$", "\\$")}"` )
isMultipartFormDataRequest = isMultipartFormDataRequest || /^content-type$/i.test(h) && /^multipart\/form-data$/i.test(v)
}
}
@@ -44,7 +44,7 @@ export default function curl( request ){
}
} else {
curlified.push( "-d" )
curlified.push( JSON.stringify( request.get("body") ).replace(/\\n/g, "") )
curlified.push( JSON.stringify( request.get("body") ).replace(/\\n/g, "").replace("$", "\\$") )
}
} else if(!request.get("body") && request.get("method") === "POST") {
curlified.push( "-d" )

13
test/mocha/core/curlify.js
View File

@@ -319,4 +319,17 @@ describe("curlify", function () {
expect(curlified).toEqual("curl -X POST \"http://example.com\" -H \"x-custom-name: multipart/form-data\" -d {\"id\":\"123\",\"file\":{\"name\":\"file.txt\",\"type\":\"text/plain\"}}")
})
})
it("should escape dollar signs in headers and request body", function () {
let req = {
url: "http://example.com",
method: "POST",
headers: { "X-DOLLAR": "token/123$" },
body: "CREATE ($props)"
}
let curlified = curl(Im.fromJS(req))
expect(curlified).toEqual("curl -X POST \"http://example.com\" -H \"X-DOLLAR: token/123\\$\" -d \"CREATE (\\$props)\"")
})
})