Follow up #2150: Special chars in values of query strings

[raman-m]

Follow up #2150

• #2116 Escaping unsafe pattern values of Regex constructor ​​derived from URL query parameter values containing special Regex chars #2150

Special chars in values of query strings

A 3rd additional test case:

-    [InlineData("api/debug()")] // no query
-    [InlineData("api/debug%28%29")] // encoded debug()
+    [InlineData("api/debug()?special=(\\,*,+,?,|,{,},[,],(,),^,$,.,#, ,)&2=(2)&3=[3]&4={4}")] // with query

The third test has revealed issues within the middleware logic, indicating that this test case is likely to fail. The MergeQueryStringsWithoutDuplicateValues method struggles to handle URLs containing query strings with special characters, such as Regex patterns and reserved URL specification characters. This issue became apparent in release 20.0.0 during the refactoring of the MergeQueryStringsWithoutDuplicateValues method, which aimed to integrate existing and new logic (for example OData filters in query parameters, with bug fixes, with new feature for query string placeholders). Regrettably, the method fails to process special characters in parameter values.

Originally posted by @raman-m in #2150 (comment)

Subject

• Unit tests
  

  Ocelot/test/Ocelot.UnitTests/DownstreamUrlCreator/DownstreamUrlCreatorMiddlewareTests.cs

  Lines 614 to 618 in d310508

  	[Theory]
  	[Trait("Bug", "2116")]
  	[InlineData("api/debug()")] // no query
  	[InlineData("api/debug%28%29")] // debug()
  	public async Task ShouldNotFailToHandleUrlWithSpecialRegexChars(string urlPath)

• Acceptance tests
  

  Ocelot/test/Ocelot.AcceptanceTests/Routing/RoutingTests.cs

  Lines 1171 to 1175 in d310508

  	[Theory]
  	[Trait("Bug", "2116")]
  	[InlineData("debug()")] // no query
  	[InlineData("debug%28%29")] // debug()
  	public void Should_change_downstream_path_by_upstream_path_when_path_contains_malicious_characters(string path)

[raman-m]

Possible duplicate of #2143

• Routing not working with special character in UpstreamPathTemplate #2143

[raman-m]

@int0x81, welcome to your assignment!

[raman-m]

@int0x81 Finn, where are you? Are you available?

[int0x81]

@int0x81 Finn, where are you? Are you available?

Hello Raman. I started working on an issue #2132 this week. Unfurtunatly I am sick right now and will continue to work on it next Monday. Do you think its a good idea to prior #2150 ?

[raman-m]

@int0x81

I started working on an issue #2132 this week.

If you have started the issue, please inform me and Guillaume with a message in the #2132 thread.
Additionally, if you have begun any task from the board, kindly move a ticket to the 'In Progress' state.

Unfurtunatly I am sick right now and will continue to work on it next Monday.

🆗 Wishing you a speedy and an easy recovery!

Do you think its a good idea to prior #2150 ?

I haven't assigned priority labels to the tickets on your mentoring board, so you're free to tackle them in any order. Please consider this follow-up task after you've completed #2132.

[int0x81]

@raman-m I tried to move items on the projects board last week, but it seems I do not have permission.

[raman-m]

@int0x81 OK I've moved the ticket. Guillaume (@ggnaegi) should have this permission, because he is the member of the team.
The process is the following:

1. Required. Write a message to issue thread. After that you will be assigned.
2. Desired. Ask Guillaume (or me) to manage your ticket which you're working on.