mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-14 18:42:33 +03:00
Code Activity

fix(node): enforce maxContentLength for data: URLs (#7011)

Browse Source 
* fix(node): enforce maxContentLength for data: URLs (pre-decode size check)- CVE-2025-58754

* feat(utils): add estimateDataURLDecodedBytes helper and fix duplicate condition in base64 padding check

* feat: add estimateDataURLDecodedBytes helper with tests
This commit is contained in:
Ameer Assadi
2025-09-10 16:08:43 +03:00
committed by GitHub
parent 28e5e3016d
commit 945435fc51
4 changed files with 123 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test/unit/helpers/estimateDataURLDecodedBytes.spec.js
+30
View File
@@ -0,0 +1,30 @@
import assert from 'assert';
import estimateDataURLDecodedBytes from '../../../lib/helpers/estimateDataURLDecodedBytes.js';
describe('estimateDataURLDecodedBytes', () => {
it('should return 0 for non-data URLs', () => {
assert.strictEqual(estimateDataURLDecodedBytes('http://example.com'), 0);
});
it('should calculate length for simple non-base64 data URL', () => {
const url = 'data:,Hello';
assert.strictEqual(estimateDataURLDecodedBytes(url), Buffer.byteLength('Hello', 'utf8'));
});
it('should calculate decoded length for base64 data URL', () => {
const str = 'Hello';
const b64 = Buffer.from(str, 'utf8').toString('base64');
const url = `data:text/plain;base64,${b64}`;
assert.strictEqual(estimateDataURLDecodedBytes(url), str.length);
});
it('should handle base64 with = padding', () => {
const url = 'data:text/plain;base64,TQ=='; // "M"
assert.strictEqual(estimateDataURLDecodedBytes(url), 1);
});
it('should handle base64 with %3D padding', () => {
const url = 'data:text/plain;base64,TQ%3D%3D'; // "M"
assert.strictEqual(estimateDataURLDecodedBytes(url), 1);
});
});