From f47cee82485f889a604e8dcdbe12f311f9e1c680 Mon Sep 17 00:00:00 2001 From: Heron Navarro Date: Fri, 1 Mar 2024 11:42:12 -0800 Subject: [PATCH 1/3] test: failing test for a sanitized canonical header --- .../http-json-body-parser/__tests__/index.js | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/packages/http-json-body-parser/__tests__/index.js b/packages/http-json-body-parser/__tests__/index.js index 5cf825a93..28258063e 100644 --- a/packages/http-json-body-parser/__tests__/index.js +++ b/packages/http-json-body-parser/__tests__/index.js @@ -228,3 +228,26 @@ test('It should handle invalid base64 JSON as an UnprocessableEntity', async (t) t.regex(e.cause.data.message, /^Unexpected token/) } }) + +test('It should not fail given a corrupted header key', async (t) => { + const handler = middy((event, context) => event) + + handler.use(httpHeaderNormalizer({ canonical: true })) + + const event = { + headers: { + 'X----': 'foo' + } + } + + const expectedHeaders = { + 'X----': 'foo' + } + + const originalHeaders = { ...event.headers } + + const resultingEvent = await handler(event, context) + + t.deepEqual(resultingEvent.headers, expectedHeaders) + t.deepEqual(resultingEvent.rawHeaders, originalHeaders) +}) From d54a1065dd282a5e0baf01640d772f6a0459c9a7 Mon Sep 17 00:00:00 2001 From: Heron Navarro Date: Fri, 1 Mar 2024 11:45:23 -0800 Subject: [PATCH 2/3] fix: default substr to empty string to handle sanitized canonical header --- packages/http-header-normalizer/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/http-header-normalizer/index.js b/packages/http-header-normalizer/index.js index a01ded82b..37e171c5f 100644 --- a/packages/http-header-normalizer/index.js +++ b/packages/http-header-normalizer/index.js @@ -46,7 +46,7 @@ const normalizeHeaderKey = (key, canonical) => { return lowerCaseKey .split('-') - .map((text) => text[0].toUpperCase() + text.substr(1)) + .map((text) => (text[0] || '').toUpperCase() + text.substr(1)) .join('-') } From f5451a68afac1c058fc3b01cf6c1c78ccf9bd044 Mon Sep 17 00:00:00 2001 From: Heron Navarro Date: Fri, 1 Mar 2024 18:01:02 -0800 Subject: [PATCH 3/3] refactor: move test to correct pkg --- .../http-header-normalizer/__tests__/index.js | 23 +++++++++++++++++++ .../http-json-body-parser/__tests__/index.js | 23 ------------------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/packages/http-header-normalizer/__tests__/index.js b/packages/http-header-normalizer/__tests__/index.js index c60f40c74..2d0387453 100644 --- a/packages/http-header-normalizer/__tests__/index.js +++ b/packages/http-header-normalizer/__tests__/index.js @@ -285,3 +285,26 @@ test('It should not fail if the event does not contain headers', async (t) => { t.deepEqual(resultingEvent, expectedEvent) t.deepEqual(resultingEvent.rawHeaders, undefined) }) + +test('It should not fail given a corrupted header key', async (t) => { + const handler = middy((event, context) => event) + + handler.use(httpHeaderNormalizer({ canonical: true })) + + const event = { + headers: { + 'X----': 'foo' + } + } + + const expectedHeaders = { + 'X----': 'foo' + } + + const originalHeaders = { ...event.headers } + + const resultingEvent = await handler(event, context) + + t.deepEqual(resultingEvent.headers, expectedHeaders) + t.deepEqual(resultingEvent.rawHeaders, originalHeaders) +}) diff --git a/packages/http-json-body-parser/__tests__/index.js b/packages/http-json-body-parser/__tests__/index.js index 28258063e..5cf825a93 100644 --- a/packages/http-json-body-parser/__tests__/index.js +++ b/packages/http-json-body-parser/__tests__/index.js @@ -228,26 +228,3 @@ test('It should handle invalid base64 JSON as an UnprocessableEntity', async (t) t.regex(e.cause.data.message, /^Unexpected token/) } }) - -test('It should not fail given a corrupted header key', async (t) => { - const handler = middy((event, context) => event) - - handler.use(httpHeaderNormalizer({ canonical: true })) - - const event = { - headers: { - 'X----': 'foo' - } - } - - const expectedHeaders = { - 'X----': 'foo' - } - - const originalHeaders = { ...event.headers } - - const resultingEvent = await handler(event, context) - - t.deepEqual(resultingEvent.headers, expectedHeaders) - t.deepEqual(resultingEvent.rawHeaders, originalHeaders) -})