Skip to content

Commit

Permalink
fix: Fix json escaping in header values (#4031)
Browse files Browse the repository at this point in the history
  • Loading branch information
adamspofford-dfinity authored Dec 9, 2024
1 parent 75c56d3 commit eb478df
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 7 deletions.
22 changes: 22 additions & 0 deletions e2e/tests-dfx/assetscanister.bash
Original file line number Diff line number Diff line change
Expand Up @@ -1897,6 +1897,28 @@ WARN: {
assert_match '/somedir/upload-me.txt 1/1 \(8 bytes\) sha [0-9a-z]* \(with cache and 1 header\)'
}

@test "asset configuration via .ic-assets.json5 - respects weird characters" {
install_asset assetscanister
touch src/e2e_project_frontend/assets/thing.txt
cat <<'EOF' >src/e2e_project_frontend/assets/.ic-assets.json5
[
{
"match": "thing.txt",
"headers": {
"X-Dummy-Header": "\"\'@%({[~$?\\"
}
}
]
EOF
dfx_start
assert_command dfx deploy
ID=$(dfx canister id e2e_project_frontend)
PORT=$(get_webserver_port)
assert_command curl --head "http://localhost:$PORT/thing.txt?canisterId=$ID"
# shellcheck disable=SC1003
assert_contains 'x-dummy-header: "'"'"'@%({[~$?\'
}

@test "uses selected canister wasm" {
dfx_start
use_asset_wasm 0.12.1
Expand Down
31 changes: 24 additions & 7 deletions src/canisters/frontend/ic-asset/src/asset/config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -337,7 +337,7 @@ mod rule_utils {
use crate::error::LoadRuleError;
use globset::{Glob, GlobMatcher};
use itertools::Itertools;
use serde::{Deserialize, Serializer};
use serde::{de::Error as _, Deserialize, Serializer};
use serde_json::Value;
use std::collections::BTreeMap;
use std::fmt;
Expand Down Expand Up @@ -387,12 +387,29 @@ mod rule_utils {
where
D: serde::Deserializer<'de>,
{
match serde_json::value::Value::deserialize(deserializer)? {
Value::Object(v) => Ok(Maybe::Value(
v.into_iter()
.map(|(k, v)| (k, v.to_string().trim_matches('"').to_string()))
.collect::<BTreeMap<String, String>>(),
)),
match Value::deserialize(deserializer)? {
Value::Object(v) => {
Ok(Maybe::Value(
v.into_iter()
.map(|(k, v)| {
Ok((
k,
match v {
Value::Bool(b) => b.to_string(),
Value::Number(n) => n.to_string(),
Value::String(s) => s, // v.to_string() would json-escape this
Value::Null => String::new(),
v => {
return Err(D::Error::custom(format!(
"headers must be strings, numbers, or bools (was {v:?})"
)))
}
},
))
})
.collect::<Result<BTreeMap<String, String>, D::Error>>()?,
))
}
Value::Null => Ok(Maybe::Null),
_ => Err(serde::de::Error::custom(
"wrong data format for field `headers` (only map or null are allowed)",
Expand Down

0 comments on commit eb478df

Please sign in to comment.