Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Opt-In for url-encoded slashes in URL paths #1071

Merged
merged 14 commits into from
Nov 29, 2023
Merged

feat: Opt-In for url-encoded slashes in URL paths #1071

merged 14 commits into from
Nov 29, 2023

Conversation

dadrus
Copy link
Owner

@dadrus dadrus commented Nov 28, 2023
edited
Loading

Related issue(s)

closes #1070

Checklist

  • I agree to follow this project's Code of Conduct.
  • I have read, and I am following this repository's Contributing Guidelines.
  • I have read the Security Policy.
  • I have referenced an issue describing the bug/feature request.
  • I have added tests that prove the correctness of my implementation.
  • I have updated the documentation.

Description

This PR implements an explicit opt-in for url-encoded slashes in URL paths, used while matching a request in all operation modes, as well as when forwarding the request to the upstream service in proxy mode.

The new rule-level configuration property is named allow_encoded_slashes and can be set to the following values:

  • off - Reject requests containing encoded slashes. Means, if the request URL contains an url-encoded slash (%2F), the rule will not match it. This is also the default setting, if the property is not configured explicitly.
  • on - Accept requests using encoded slashes, decoding them and making it transparent for the rules and the upstream url. That is, the %2F becomes a / and will be treated as such in all places.
  • no_decode - Accept requests using encoded slashes, but not touching them and showing them to the rules and the upstream. That is, the %2F just remains as is.

@codecov Codecov
Copy link

codecov bot commented Nov 28, 2023
edited
Loading

Codecov Report

Attention: 1 lines in your changes are missing coverage. Please review.

Comparison is base (69dd7d2) 89.16% compared to head (7cd6a7b) 89.19%.

Files Patch % Lines
internal/rules/rule_impl.go 95.83% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1071      +/-   ##
==========================================
+ Coverage   89.16%   89.19%   +0.03%     
==========================================
  Files         246      246              
  Lines       10305    10347      +42     
==========================================
+ Hits         9188     9229      +41     
- Misses        879      880       +1     
  Partials      238      238

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@dadrus dadrus merged commit 96bb188 into main Nov 29, 2023
@dadrus dadrus deleted the feat/encoded_slashes_in_path branch November 29, 2023 00:13
@github-actions github-actions bot mentioned this pull request Nov 29, 2023
Merged
@dadrus dadrus mentioned this pull request Apr 17, 2024
Merged
6 tasks
@github-actions github-actions bot mentioned this pull request May 12, 2024
Merged
@github-actions github-actions bot mentioned this pull request Dec 15, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Handling of encoded slashes in paths
1 participant
@dadrus