add support for sanitizing multipart-file uploads

s-mang · s-mang · commit 664449af5ebe · 2022-12-05T17:02:47.000-07:00
diff --git a/doc/body.go b/doc/body.go
@@ -1,6 +1,7 @@
 package doc
 
 import (
+	"regexp"
 	"strings"
 	"text/template"
 )
@@ -13,8 +14,16 @@ var (
 `
 )
 
+var multipartBoundaryREStr = "^([-]+[a-zA-Z0-9]+)\nContent-Disposition.*"
+var multipartFileREStr = "(Content-Disposition: .*filename=.*\n?(?:Content-Type: .*))\n\n"
+
+var multipartBoundaryRE, multipartFileRE *regexp.Regexp
+
 func init() {
 	bodyTmpl = template.Must(template.New("body").Parse(bodyFmt))
+
+	multipartBoundaryRE = regexp.MustCompile(multipartBoundaryREStr)
+	multipartFileRE = regexp.MustCompile(multipartFileREStr)
 }
 
 type Body struct {
@@ -41,6 +50,9 @@ func (b *Body) FormattedStr() string {
 	if strings.HasPrefix(b.ContentType, "application/json") {
 		return b.FormattedJSON()
 	}
+	if strings.HasPrefix(b.ContentType, "multipart/form-data") {
+		return b.SanitizedMultipartForm()
+	}
 	return string(b.Content)
 }
 
@@ -52,3 +64,23 @@ func (b *Body) FormattedJSON() string {
 
 	return fbody
 }
+
+func (b *Body) SanitizedMultipartForm() string {
+	bodyStr := string(b.Content)
+	matches := multipartBoundaryRE.FindStringSubmatch(bodyStr)
+	if len(matches) < 2 {
+		// Fail, just return full body
+		return string(b.Content)
+	}
+	boundary := matches[1]
+	parts := strings.Split(bodyStr, boundary+"\n")
+
+	for i, p := range parts {
+		fileMatches := multipartFileRE.FindStringSubmatch(p)
+		if len(fileMatches) > 0 {
+			parts[i] = fileMatches[0] + "<FILE DATA>\n\n"
+		}
+	}
+
+	return strings.Join(parts, boundary+"\n") + boundary + "--"
+}
