From 0db0d257f48889ccb5e4324f33f261ed3b7844ff Mon Sep 17 00:00:00 2001 From: Ken Collins Date: Fri, 7 Jul 2023 16:07:25 -0400 Subject: [PATCH 1/2] Safely pass percent symbols in paths. --- lib/lamby/rack_http.rb | 1 + .../app/controllers/application_controller.rb | 4 ++++ test/dummy_app/app/views/application/percent.html.erb | 2 ++ test/dummy_app/config/routes.rb | 1 + test/handler_test.rb | 11 +++++++++++ 5 files changed, 19 insertions(+) create mode 100644 test/dummy_app/app/views/application/percent.html.erb diff --git a/lib/lamby/rack_http.rb b/lib/lamby/rack_http.rb index 00060b1..48417e9 100644 --- a/lib/lamby/rack_http.rb +++ b/lib/lamby/rack_http.rb @@ -78,6 +78,7 @@ def cookies def path_info stage = event.dig('requestContext', 'stage') spath = event.dig('requestContext', 'http', 'path') || event.dig('requestContext', 'path') + spath = event['rawPath'] if spath != event['rawPath'] && !payload_version_one? spath.sub /\A\/#{stage}/, '' end diff --git a/test/dummy_app/app/controllers/application_controller.rb b/test/dummy_app/app/controllers/application_controller.rb index aa6af90..8bd36a0 100644 --- a/test/dummy_app/app/controllers/application_controller.rb +++ b/test/dummy_app/app/controllers/application_controller.rb @@ -26,6 +26,10 @@ def exception raise 'hell' end + def percent + render + end + def cooks cookies['1'] = '1' cookies['2'] = '2' diff --git a/test/dummy_app/app/views/application/percent.html.erb b/test/dummy_app/app/views/application/percent.html.erb new file mode 100644 index 0000000..9ff438d --- /dev/null +++ b/test/dummy_app/app/views/application/percent.html.erb @@ -0,0 +1,2 @@ +Params: <%= params[:path] %> +Request Path: <%= request.path %> diff --git a/test/dummy_app/config/routes.rb b/test/dummy_app/config/routes.rb index e475f6c..eb9d3c1 100644 --- a/test/dummy_app/config/routes.rb +++ b/test/dummy_app/config/routes.rb @@ -4,6 +4,7 @@ post 'login', to: 'application#login' delete 'logout', to: 'application#logout' get 'exception', to: 'application#exception' + get 'percent/*path', to: 'application#percent' get 'cooks', to: 'application#cooks' get 'redirect_test', to: redirect('/') end diff --git a/test/handler_test.rb b/test/handler_test.rb index eeb0941..4f8bf30 100644 --- a/test/handler_test.rb +++ b/test/handler_test.rb @@ -86,6 +86,17 @@ class HandlerTest < LambySpec expect(result[:body]).must_match %r{We're sorry, but something went wrong.} expect(result[:body]).must_match %r{This file lives in public/500.html} end + + it 'get - percent' do + event = TestHelpers::Events::HttpV2.create( + 'rawPath' => '/production/percent/dwef782jkif%3d', + 'requestContext' => { 'http' => {'path' => '/production/percent/dwef782jkif='} } + ) + result = Lamby.handler app, event, context, rack: :http + expect(result[:statusCode]).must_equal 200 + expect(result[:body]).must_match %r{Params: dwef782jkif=} + expect(result[:body]).must_match %r{Request Path: /percent/dwef782jkif%3} + end end From b94e8a30d38424fa3656ef655a2d6ac3da593b61 Mon Sep 17 00:00:00 2001 From: Ken Collins Date: Thu, 20 Jul 2023 11:10:02 -0400 Subject: [PATCH 2/2] Prepare for v5.2.0 --- CHANGELOG.md | 6 ++++++ Gemfile.lock | 2 +- lib/lamby/version.rb | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f32b812..023ceed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ See this http://keepachangelog.com link for information on how we want this documented formatted. +## v5.2.0 + +### Fixed + +- Safely Pass Percent Symbols in Paths Fixes #170 + ## v5.1.0 ### Added diff --git a/Gemfile.lock b/Gemfile.lock index 356735a..ab1e2a5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - lamby (5.1.0) + lamby (5.2.0) lambda-console-ruby rack diff --git a/lib/lamby/version.rb b/lib/lamby/version.rb index cb38d0c..6680a26 100644 --- a/lib/lamby/version.rb +++ b/lib/lamby/version.rb @@ -1,3 +1,3 @@ module Lamby - VERSION = '5.1.0' + VERSION = '5.2.0' end