From 0cd05d737729b4cfab1d5e22077b3b9ad4ed5e30 Mon Sep 17 00:00:00 2001 From: Marcos Casagrande Date: Mon, 10 Oct 2022 18:06:50 +0200 Subject: [PATCH] fix(ext/fetch): fix illegal header regex (#16236) This PR fixes invalid header parsing which is flaky because `g` flag is being used in the regex, which keeps track of `lastIndex` ```javascript try { new Headers([["x", "\u0000x"]]); // error } catch(e) {} new Headers([["x", "\u0000x"]]); // no error ``` This issue affects `Response` & `Request` constructors as well --- cli/tests/unit/headers_test.ts | 15 ++++++++++++++- ext/fetch/20_headers.js | 2 +- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/cli/tests/unit/headers_test.ts b/cli/tests/unit/headers_test.ts index 9db8a48620..fa711bb9b1 100644 --- a/cli/tests/unit/headers_test.ts +++ b/cli/tests/unit/headers_test.ts @@ -1,5 +1,5 @@ // Copyright 2018-2022 the Deno authors. All rights reserved. MIT license. -import { assert, assertEquals } from "./test_util.ts"; +import { assert, assertEquals, assertThrows } from "./test_util.ts"; const { inspectArgs, // @ts-expect-error TypeScript (as of 3.7) does not support indexing namespaces by symbol @@ -386,3 +386,16 @@ Deno.test(function customInspectReturnsCorrectHeadersFormat() { `Headers { "content-length": "1337", "content-type": "application/json" }`, ); }); + +Deno.test(function invalidHeadersFlaky() { + assertThrows( + () => new Headers([["x", "\u0000x"]]), + TypeError, + "Header value is not valid.", + ); + assertThrows( + () => new Headers([["x", "\u0000x"]]), + TypeError, + "Header value is not valid.", + ); +}); diff --git a/ext/fetch/20_headers.js b/ext/fetch/20_headers.js index 5243c5029d..ae32aec11e 100644 --- a/ext/fetch/20_headers.js +++ b/ext/fetch/20_headers.js @@ -88,7 +88,7 @@ // Regex matching illegal chars in a header value // deno-lint-ignore no-control-regex - const ILLEGAL_VALUE_CHARS = /[\x00\x0A\x0D]/g; + const ILLEGAL_VALUE_CHARS = /[\x00\x0A\x0D]/; /** * https://fetch.spec.whatwg.org/#concept-headers-append