fix(ramp): sanitize multipart field values against CRLF injection

waleedlatif1 · waleedlatif1 · commit eceb5585f958 · 2026-06-11T16:51:36.000-07:00
diff --git a/apps/sim/app/api/tools/ramp/upload-receipt/route.ts b/apps/sim/app/api/tools/ramp/upload-receipt/route.ts
@@ -31,9 +31,10 @@ function buildReceiptMultipartBody(
   const parts: Buffer[] = []
 
   for (const [name, value] of Object.entries(fields)) {
+    const safeValue = value.replace(/[\r\n]/g, '')
     parts.push(
       Buffer.from(
-        `--${boundary}\r\nContent-Disposition: form-data; name="${name}"\r\n\r\n${value}\r\n`
+        `--${boundary}\r\nContent-Disposition: form-data; name="${name}"\r\n\r\n${safeValue}\r\n`
       )
     )
   }

Original file line number	Diff line number	Diff line change
`@@ -31,9 +31,10 @@ function buildReceiptMultipartBody(`
`31`	`31`	`const parts: Buffer[] = []`
`32`	`32`
`33`	`33`	`for (const [name, value] of Object.entries(fields)) {`
	`34`	`+ const safeValue = value.replace(/[\r\n]/g, '')`
`34`	`35`	`parts.push(`
`35`	`36`	`Buffer.from(`
`36`		- `--${boundary}\r\nContent-Disposition: form-data; name="${name}"\r\n\r\n${value}\r\n`
	`37`	+ `--${boundary}\r\nContent-Disposition: form-data; name="${name}"\r\n\r\n${safeValue}\r\n`
`37`	`38`	`)`
`38`	`39`	`)`
`39`	`40`	`}`