Skip to content

Commit e982cd8

Browse files
committed
fix: fix error code usage.
1 parent 08a2d76 commit e982cd8

3 files changed

Lines changed: 18 additions & 3 deletions

File tree

common/include/common/TraceException.hpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ class TraceException : public std::exception {
4848
return m_context;
4949
}
5050

51-
unsigned long getErrorCode() { return m_error_code; }
51+
unsigned long getErrorCode() const { return m_error_code; }
5252

5353
const char *what() const throw() { return m_context.c_str(); }
5454

core/server/SchemaAPIClient.cpp

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
#include "SchemaAPIClient.hpp"
22
#include "common/TraceException.hpp"
33
#include "common/envelope.pb.h"
4+
#include "common/enums/error_code.pb.h"
45

56
#include <sstream>
67

@@ -55,6 +56,19 @@ SchemaAPIClient::~SchemaAPIClient() {
5556

5657
void SchemaAPIClient::setCustomHeaders(
5758
const std::map<std::string, std::string> &a_headers) {
59+
60+
LogContext log_context;
61+
for (const auto &[name, value] : a_headers) {
62+
// Guard against header injection via CR/LF in header names or values.
63+
if (name.find_first_of("\r\n") != std::string::npos ||
64+
value.find_first_of("\r\n") != std::string::npos) {
65+
throw std::invalid_argument(
66+
"Custom header name/value must not contain CR or LF characters");
67+
68+
DL_ERROR(log_context, "Custom header name/value must not contain CR or LF characters. " << name << " " << value);
69+
EXCEPT_PARAM(SERVICE_ERROR, "Custom header name/value must not contain CR or LF characters.");
70+
}
71+
}
5872
m_custom_headers = a_headers;
5973
}
6074

core/server/tests/integration/test_SchemaAPIClient.cpp

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88

99
// DataFed Common includes
1010
#include "common/TraceException.hpp"
11+
#include "common/enums/error_code.pb.h"
1112

1213
#include <nlohmann/json.hpp>
1314

@@ -759,7 +760,7 @@ BOOST_AUTO_TEST_CASE(custom_headers_replaced_not_accumulated) {
759760
TraceException,
760761
[](const TraceException &ex) {
761762
// 500 path in httpGet should map to SERVICE_ERROR
762-
return ex.getErrorCode() == TraceErrorCode::SERVICE_ERROR;
763+
return ex.getErrorCode() == SDMS::SERVICE_ERROR;
763764
});
764765

765766
// Replace with 404 — should NOT still have 500
@@ -769,7 +770,7 @@ BOOST_AUTO_TEST_CASE(custom_headers_replaced_not_accumulated) {
769770
TraceException,
770771
[](const TraceException &ex) {
771772
// 404 path in httpGet should map to BAD_REQUEST
772-
return ex.getErrorCode() == TraceErrorCode::BAD_REQUEST;
773+
return ex.getErrorCode() == SDMS::BAD_REQUEST;
773774
});
774775

775776
// The 404 path in httpGet throws BAD_REQUEST, while 500 throws

0 commit comments

Comments
 (0)