Skip to content

fix(builtins): sanitize curl multipart field names to prevent header injection #1053

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
chaliy merged 3 commits into from
Apr 4, 2026
+115 −3
Merged

fix(builtins): sanitize curl multipart field names to prevent header injection #1053

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0fdd9fe
fix(builtins): sanitize curl multipart field names to prevent header …
chaliy Apr 3, 2026
c08af67
Merge branch 'main' into fix/issue-985-curl-multipart-injection
chaliy Apr 4, 2026
16e839f
Merge branch 'main' into fix/issue-985-curl-multipart-injection
chaliy Apr 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
118 changes: 115 additions & 3 deletions crates/bashkit/src/builtins/curl.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
//! - URLs must match the configured allowlist
//! - Response size is limited (default: 10MB) to prevent memory exhaustion
//! - Timeouts prevent hanging on unresponsive servers
//! - Multipart field names/filenames are sanitized to prevent header injection (issue #985)
//! - Redirects are not followed automatically (to prevent allowlist bypass)
//! - Compression decompression is size-limited to prevent zip bombs

Expand Down Expand Up @@ -205,6 +206,17 @@
}
};

// Validate multipart field names early to reject injection attempts
// even when network is not configured (defense in depth).
for field in &form_fields {
if let Some(eq_pos) = field.find('=') {
let name = &field[..eq_pos];
if let Err(e) = sanitize_multipart_name(name, "field name") {
return Ok(ExecResult::err(e, 2));
}
}
}

// Check if network is configured
#[cfg(feature = "http_client")]
{
Expand Down Expand Up @@ -268,6 +280,18 @@
}
}

/// Sanitize a multipart field name or filename to prevent header injection.
/// Rejects CR/LF characters (which could inject headers) and escapes double quotes.
fn sanitize_multipart_name(value: &str, label: &str) -> std::result::Result<String, String> {
if value.contains('\r') || value.contains('\n') {
return Err(format!(
"curl: multipart {} contains illegal newline characters\n",
label
));
}
Ok(value.replace('"', "\\\""))
}

/// Execute the actual curl request when http_client feature is enabled.
#[cfg(feature = "http_client")]
#[allow(clippy::too_many_arguments)]
Expand Down Expand Up @@ -364,6 +388,13 @@
if let Some(eq_pos) = field.find('=') {
let name = &field[..eq_pos];
let value = &field[eq_pos + 1..];

// Sanitize field name to prevent header injection
let safe_name = match sanitize_multipart_name(name, "field name") {
Ok(n) => n,
Err(e) => return Ok(ExecResult::err(e, 2)),
};

body.extend_from_slice(format!("--{}\r\n", boundary).as_bytes());
if let Some(file_path) = value.strip_prefix('@') {
// File upload: key=@filepath[;type=mime]
Expand All @@ -383,10 +414,17 @@
.file_name()
.map(|n| n.to_string_lossy().to_string())
.unwrap_or_else(|| "file".to_string());

// Sanitize filename to prevent header injection
let safe_filename = match sanitize_multipart_name(&filename, "filename") {
Ok(n) => n,
Err(e) => return Ok(ExecResult::err(e, 2)),
};

body.extend_from_slice(
format!(
"Content-Disposition: form-data; name=\"{}\"; filename=\"{}\"\r\n",
name, filename
safe_name, safe_filename
)
.as_bytes(),
);
Expand All @@ -395,8 +433,11 @@
} else {
// Text field: key=value
body.extend_from_slice(
format!("Content-Disposition: form-data; name=\"{}\"\r\n\r\n", name)
.as_bytes(),
format!(
"Content-Disposition: form-data; name=\"{}\"\r\n\r\n",
safe_name
)
.as_bytes(),
);
body.extend_from_slice(value.as_bytes());
}
Expand Down Expand Up @@ -649,7 +690,7 @@
}

/// Check if two URLs have the same origin (scheme + host + port).
fn same_origin(a: &str, b: &str) -> bool {

Check warning on line 693 in crates/bashkit/src/builtins/curl.rs

View workflow job for this annotation

GitHub Actions / deno 2.x 

function `same_origin` is never used

Check warning on line 693 in crates/bashkit/src/builtins/curl.rs

View workflow job for this annotation

GitHub Actions / deno canary 

function `same_origin` is never used
let (Ok(a_url), Ok(b_url)) = (url::Url::parse(a), url::Url::parse(b)) else {
return false;
};
Expand All @@ -659,7 +700,7 @@
}

/// Sensitive headers that must not be forwarded cross-origin on redirect.
const SENSITIVE_HEADERS: &[&str] = &["authorization", "cookie", "proxy-authorization"];

Check warning on line 703 in crates/bashkit/src/builtins/curl.rs

View workflow job for this annotation

GitHub Actions / deno 2.x 

constant `SENSITIVE_HEADERS` is never used

Check warning on line 703 in crates/bashkit/src/builtins/curl.rs

View workflow job for this annotation

GitHub Actions / deno canary 

constant `SENSITIVE_HEADERS` is never used

/// Format the -w/--write-out output.
#[cfg(feature = "http_client")]
Expand Down Expand Up @@ -1358,5 +1399,76 @@
assert_eq!(filtered.len(), 1);
assert_eq!(filtered[0].0, "Content-Type");
}

#[test]
fn test_sanitize_multipart_name_normal() {
let result = sanitize_multipart_name("field1", "field name").unwrap();
assert_eq!(result, "field1");
}

#[test]
fn test_sanitize_multipart_name_escapes_quotes() {
let result = sanitize_multipart_name("fie\"ld", "field name").unwrap();
assert_eq!(result, "fie\\\"ld");
}

#[test]
fn test_sanitize_multipart_name_rejects_cr() {
let result = sanitize_multipart_name("field\r\nInjected: header", "field name");
assert!(result.is_err());
assert!(result.unwrap_err().contains("illegal newline"));
}

#[test]
fn test_sanitize_multipart_name_rejects_lf() {
let result = sanitize_multipart_name("field\nInjected: header", "field name");
assert!(result.is_err());
assert!(result.unwrap_err().contains("illegal newline"));
}

#[test]
fn test_sanitize_multipart_name_rejects_bare_cr() {
let result = sanitize_multipart_name("field\rname", "filename");
assert!(result.is_err());
}

#[tokio::test]
async fn test_curl_multipart_field_name_with_quotes() {
// Field name with quotes should be escaped, not cause injection
let result = run_curl_with_stdin_and_fs(
&["-F", "fie\"ld=value", "https://example.com"],
None,
&[],
)
.await;
// Should reach network error (field name accepted after escaping)
assert!(result.stderr.contains("network access not configured"));
}

#[tokio::test]
async fn test_curl_multipart_field_name_with_newline_rejected() {
// Field name with newline must be rejected
let result = run_curl_with_stdin_and_fs(
&["-F", "field\r\nInjected: evil=value", "https://example.com"],
None,
&[],
)
.await;
assert_ne!(result.exit_code, 0);
assert!(result.stderr.contains("illegal newline"));
}

#[tokio::test]
async fn test_curl_multipart_normal_field_works() {
// Normal field names should work fine
let result = run_curl_with_stdin_and_fs(
&["-F", "username=alice", "https://example.com"],
None,
&[],
)
.await;
// Should reach network error (multipart built successfully)
assert!(result.stderr.contains("network access not configured"));
}
}
}
Loading