File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -48,7 +48,7 @@ class TraceException : public std::exception {
4848 return m_context;
4949 }
5050
51- unsigned long getErrorCode () { return m_error_code; }
51+ unsigned long getErrorCode () const { return m_error_code; }
5252
5353 const char *what () const throw() { return m_context.c_str (); }
5454
Original file line number Diff line number Diff line change 11#include " SchemaAPIClient.hpp"
22#include " common/TraceException.hpp"
33#include " common/envelope.pb.h"
4+ #include " common/enums/error_code.pb.h"
45
56#include < sstream>
67
@@ -55,6 +56,19 @@ SchemaAPIClient::~SchemaAPIClient() {
5556
5657void SchemaAPIClient::setCustomHeaders (
5758 const std::map<std::string, std::string> &a_headers) {
59+
60+ LogContext log_context;
61+ for (const auto &[name, value] : a_headers) {
62+ // Guard against header injection via CR/LF in header names or values.
63+ if (name.find_first_of (" \r\n " ) != std::string::npos ||
64+ value.find_first_of (" \r\n " ) != std::string::npos) {
65+ throw std::invalid_argument (
66+ " Custom header name/value must not contain CR or LF characters" );
67+
68+ DL_ERROR (log_context, " Custom header name/value must not contain CR or LF characters. " << name << " " << value);
69+ EXCEPT_PARAM (SERVICE_ERROR , " Custom header name/value must not contain CR or LF characters." );
70+ }
71+ }
5872 m_custom_headers = a_headers;
5973}
6074
Original file line number Diff line number Diff line change 88
99// DataFed Common includes
1010#include " common/TraceException.hpp"
11+ #include " common/enums/error_code.pb.h"
1112
1213#include < nlohmann/json.hpp>
1314
@@ -759,7 +760,7 @@ BOOST_AUTO_TEST_CASE(custom_headers_replaced_not_accumulated) {
759760 TraceException,
760761 [](const TraceException &ex) {
761762 // 500 path in httpGet should map to SERVICE_ERROR
762- return ex.getErrorCode () == TraceErrorCode ::SERVICE_ERROR ;
763+ return ex.getErrorCode () == SDMS ::SERVICE_ERROR ;
763764 });
764765
765766 // Replace with 404 — should NOT still have 500
@@ -769,7 +770,7 @@ BOOST_AUTO_TEST_CASE(custom_headers_replaced_not_accumulated) {
769770 TraceException,
770771 [](const TraceException &ex) {
771772 // 404 path in httpGet should map to BAD_REQUEST
772- return ex.getErrorCode () == TraceErrorCode ::BAD_REQUEST ;
773+ return ex.getErrorCode () == SDMS ::BAD_REQUEST ;
773774 });
774775
775776 // The 404 path in httpGet throws BAD_REQUEST, while 500 throws
You can’t perform that action at this time.
0 commit comments