fix(gmail): strip CR/LF from header values before MIME assembly#5395
Conversation
Adds sanitizeHeaderValue and applies it to to/cc/bcc/subject/ inReplyTo/references and the attachment filename in buildSimpleEmailMessage and buildMimeMessage before they're placed into MIME header lines.
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
PR SummaryMedium Risk Overview Adds Tests cover the helper, injection-style cases on every affected field, and regressions for normal ASCII, Unicode, and multi-recipient values. Reviewed by Cursor Bugbot for commit b138317. Configure here. |
Greptile SummaryThis PR hardens the Gmail MIME assembly utilities against header-injection attacks by introducing a
Confidence Score: 5/5The change is safe to merge — it applies a focused, low-risk sanitization step to user-supplied MIME header values in two utility functions, with no side effects on the rest of the codebase. All user-controlled fields that land in MIME header lines are now passed through sanitizeHeaderValue before interpolation. The helper itself is a single-line regex replace with no error paths. Test coverage is comprehensive and directly verifies the injection scenarios. No files require special attention — both changed files are small, focused, and well-tested. Important Files Changed
Reviews (4): Last reviewed commit: "fix(gmail): sanitize attachment mimeType..." | Re-trigger Greptile |
|
@cursor review |
attachment.mimeType was written verbatim into the Content-Type header, unlike the other header fields this PR sanitizes. Route it through the same sanitizeHeaderValue helper for consistency.
8d94ec7 to
b138317
Compare
|
@greptile review |
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 8d94ec7. Configure here.
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit b138317. Configure here.
|
@greptile review |
Summary
buildSimpleEmailMessageandbuildMimeMessagenow sanitizeto,cc,bcc,subject,inReplyTo,references, and the attachmentfilenamebefore placing them into MIME header linessanitizeHeaderValuehelper (alongsideencodeRfc2047/escapeHtml) that collapses embedded CR/LF to a single spaceType of Change
Testing
bunx vitest run apps/sim/tools/gmail/utils.test.ts— 28 passedbunx tsc --noEmitclean on touched filebunx biome checkcleanbun run check:api-validationpassedChecklist