From b6c67cf6057f85bb5afb42820820a173c84d5f93 Mon Sep 17 00:00:00 2001 From: Lance Ball Date: Fri, 3 Jul 2020 10:05:40 -0400 Subject: [PATCH 1/2] fix: ensure that the HTTP receiver sanitizes headers in accept() Even though the underlying structured and binary receivers already sanitize the headers, this needs to be done at the receiver.accept() level since the headers are inspected there to determine what mode the event is being sent as. Signed-off-by: Lance Ball --- src/transport/receiver.ts | 13 +++++++------ test/http_receiver_test.ts | 29 +++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 6 deletions(-) diff --git a/src/transport/receiver.ts b/src/transport/receiver.ts index 15c18677..b8ed8c42 100644 --- a/src/transport/receiver.ts +++ b/src/transport/receiver.ts @@ -1,4 +1,4 @@ -import { Headers } from "./http/headers"; +import { Headers, sanitize } from "./http/headers"; import { CloudEvent, Version, ValidationError } from ".."; import { BinaryHTTPReceiver as BinaryReceiver } from "./http/binary_receiver"; import { StructuredHTTPReceiver as StructuredReceiver } from "./http/structured_receiver"; @@ -60,16 +60,17 @@ export class Receiver { * @return {CloudEvent} A new {CloudEvent} instance */ accept(headers: Headers, body: string | Record | CloudEventV1 | CloudEventV03): CloudEvent { - const mode: Mode = getMode(headers); - const version = getVersion(mode, headers, body); + const cleanHeaders: Headers = sanitize(headers); + const mode: Mode = getMode(cleanHeaders); + const version = getVersion(mode, cleanHeaders, body); switch (version) { case Version.V1: - return this.receivers.v1[mode].parse(body, headers); + return this.receivers.v1[mode].parse(body, cleanHeaders); case Version.V03: - return this.receivers.v03[mode].parse(body, headers); + return this.receivers.v03[mode].parse(body, cleanHeaders); default: console.error(`Unknown spec version ${version}. Default to ${Version.V1}`); - return this.receivers.v1[mode].parse(body, headers); + return this.receivers.v1[mode].parse(body, cleanHeaders); } } } diff --git a/test/http_receiver_test.ts b/test/http_receiver_test.ts index 1c21c39e..b21a0492 100644 --- a/test/http_receiver_test.ts +++ b/test/http_receiver_test.ts @@ -52,6 +52,35 @@ describe("HTTP Transport Binding Receiver for CloudEvents", () => { expect(typeof event.data).to.equal("object"); expect((event.data as Record).lunch).to.equal("sushi"); }); + + it("Recognizes headers in title case for binary events", () => { + const binaryHeaders = { + "Content-Type": "application/json; charset=utf-8", + "ce-specversion": specversion, + "ce-id": id, + "ce-type": type, + "ce-source": source, + }; + + const event: CloudEvent = receiver.accept(binaryHeaders, data); + expect(event.validate()).to.be.true; + expect((event.data as Record).lunch).to.equal("sushi"); + }); + + it("Recognizes headers in title case for structured events", () => { + const structuredHeaders = { "Content-Type": "application/cloudevents+json" }; + const payload = { + id, + type, + source, + data, + specversion, + }; + + const event: CloudEvent = receiver.accept(structuredHeaders, payload); + expect(event.validate()).to.be.true; + expect((event.data as Record).lunch).to.equal("sushi"); + }); }); describe("V1", () => { From 3d16138e6d564b73c87c67caa2c87c54ec49d9f3 Mon Sep 17 00:00:00 2001 From: Lance Ball Date: Fri, 3 Jul 2020 11:01:44 -0400 Subject: [PATCH 2/2] fixup: pass original unsanitized headers to underlying parsers Signed-off-by: Lance Ball --- src/transport/receiver.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/transport/receiver.ts b/src/transport/receiver.ts index b8ed8c42..48fcd1df 100644 --- a/src/transport/receiver.ts +++ b/src/transport/receiver.ts @@ -65,12 +65,12 @@ export class Receiver { const version = getVersion(mode, cleanHeaders, body); switch (version) { case Version.V1: - return this.receivers.v1[mode].parse(body, cleanHeaders); + return this.receivers.v1[mode].parse(body, headers); case Version.V03: - return this.receivers.v03[mode].parse(body, cleanHeaders); + return this.receivers.v03[mode].parse(body, headers); default: console.error(`Unknown spec version ${version}. Default to ${Version.V1}`); - return this.receivers.v1[mode].parse(body, cleanHeaders); + return this.receivers.v1[mode].parse(body, headers); } } }