Skip to content

Commit

Permalink
bugfix: fix multipart panic + support for filename + content-type (#5702
Browse files Browse the repository at this point in the history
)

* bugfix: fix multipart files panic + support for filename + content-type propagation

* misc changes
  • Loading branch information
Ice3man543 authored Oct 10, 2024
1 parent 690089e commit 8268098
Showing 1 changed file with 43 additions and 1 deletion.
44 changes: 43 additions & 1 deletion pkg/fuzz/dataformat/multipart.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,19 @@ import (
"io"
"mime"
"mime/multipart"
"net/textproto"

mapsutil "github.com/projectdiscovery/utils/maps"
)

type MultiPartForm struct {
boundary string
boundary string
filesMetadata map[string]FileMetadata
}

type FileMetadata struct {
ContentType string
Filename string
}

var (
Expand Down Expand Up @@ -41,11 +48,40 @@ func (m *MultiPartForm) Encode(data KV) (string, error) {
data.Iterate(func(key string, value any) bool {
var fw io.Writer
var err error

if filesArray, ok := value.([]interface{}); ok {
fileMetadata, ok := m.filesMetadata[key]
if !ok {
Itererr = fmt.Errorf("file metadata not found for key %s", key)
return false
}

for _, file := range filesArray {
h := make(textproto.MIMEHeader)
h.Set("Content-Disposition",
fmt.Sprintf(`form-data; name=%q; filename=%q`,
key, fileMetadata.Filename))
h.Set("Content-Type", fileMetadata.ContentType)

if fw, err = w.CreatePart(h); err != nil {
Itererr = err
return false
}

if _, err = fw.Write([]byte(file.(string))); err != nil {
Itererr = err
return false
}
}
return true
}

// Add field
if fw, err = w.CreateFormField(key); err != nil {
Itererr = err
return false
}

if _, err = fw.Write([]byte(value.(string))); err != nil {
Itererr = err
return false
Expand Down Expand Up @@ -98,6 +134,7 @@ func (m *MultiPartForm) Decode(data string) (KV, error) {
result.Set(key, values[0])
}
}
m.filesMetadata = make(map[string]FileMetadata)
for key, files := range form.File {
fileContents := []interface{}{}
for _, fileHeader := range files {
Expand All @@ -112,6 +149,11 @@ func (m *MultiPartForm) Decode(data string) (KV, error) {
return KV{}, err
}
fileContents = append(fileContents, buffer.String())

m.filesMetadata[key] = FileMetadata{
ContentType: fileHeader.Header.Get("Content-Type"),
Filename: fileHeader.Filename,
}
}
result.Set(key, fileContents)
}
Expand Down

0 comments on commit 8268098

Please sign in to comment.