Merge branch 'main' of https://github.com/microsoft/onnxruntime-extensions into sayanshaw/decode-image-icm

Author: Sayan Shaw

operators/azure/cloud_base_kernel.cc

@@ -3,6 +3,7 @@
 
 #include "cloud_base_kernel.hpp"
 
+#include <algorithm>
 #include <sstream>
 
 #include "narrow.h"
@@ -78,6 +79,11 @@ std::string CloudBaseKernel::GetAuthToken(const ortc::Variadic& inputs) const {
   }
 
   std::string auth_token{static_cast<const char*>(inputs[0]->DataRaw())};
+
+  // Sanitize CRLF to prevent HTTP header injection (CWE-113).
+  auth_token.erase(std::remove_if(auth_token.begin(), auth_token.end(), [](char c) { return c == '\r' || c == '\n'; }),
+                   auth_token.end());
+
   return auth_token;
 }
 

operators/azure/curl_invoker.hpp

@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 #pragma once
+#include <cstring>
 #include <memory>
 
 #include "curl/curl.h"
@@ -19,7 +20,17 @@ class CurlHandler {
   ~CurlHandler() = default;
 
   void AddHeader(const char* data) {
-    headers_.reset(curl_slist_append(headers_.release(), data));
+    // Defense-in-depth: reject headers containing CRLF to prevent HTTP header injection.
+    if (std::strchr(data, '\r') || std::strchr(data, '\n')) {
+      ORTX_CXX_API_THROW("HTTP header line must not contain CR or LF characters", ORT_INVALID_ARGUMENT);
+    }
+    curl_slist* current = headers_.release();
+    curl_slist* updated = curl_slist_append(current, data);
+    if (updated == nullptr) {
+      headers_.reset(current);
+      ORTX_CXX_API_THROW("Failed to append HTTP header (out of memory)", ORT_RUNTIME_EXCEPTION);
+    }
+    headers_.reset(updated);
   }
 
   template <typename... Args>

test/static_test/test_utils.cc

@@ -1,6 +1,8 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+#include <algorithm>
+
 #include "gtest/gtest.h"
 #ifdef ENABLE_RE2_REGEX
 #include "re2/re2.h"
@@ -67,4 +69,34 @@ TEST(utils, utf8) {
     std::transform(lower.begin(), lower.end(), lower.begin(), ::tolower);
     EXPECT_EQ(lowered[i], lower);
   }
-}
+}
+
+// Regression test for CRLF injection sanitization in auth_token (CWE-113).
+// Verifies the erase-remove pattern used in CloudBaseKernel::GetAuthToken().
+TEST(utils, crlf_sanitization) {
+  auto sanitize = [](std::string token) {
+    token.erase(std::remove_if(token.begin(), token.end(), [](char c) { return c == '\r' || c == '\n'; }), token.end());
+    return token;
+  };
+
+  // Clean token passes through unchanged
+  EXPECT_EQ(sanitize("Bearer abc123"), "Bearer abc123");
+
+  // CR and LF are stripped
+  EXPECT_EQ(sanitize("fake\r\nX-Injected: pwned"), "fakeX-Injected: pwned");
+
+  // Lone CR stripped
+  EXPECT_EQ(sanitize("token\rinjected"), "tokeninjected");
+
+  // Lone LF stripped
+  EXPECT_EQ(sanitize("token\ninjected"), "tokeninjected");
+
+  // Multiple CRLF sequences stripped
+  EXPECT_EQ(sanitize("a\r\nb\r\nc"), "abc");
+
+  // Empty string is fine
+  EXPECT_EQ(sanitize(""), "");
+
+  // Token that is only CRLF
+  EXPECT_EQ(sanitize("\r\n\r\n"), "");
+}