When I have :/ it fails to make the mapping

[ggeorgiev]

When I have a string variable in the url that contains :/ (escaped as %3A%2F) the mapping fails with error Not Found

[tmc]

@ggeorgiev hi there, thanks for your issue report -- could you please put this sort of failing scenario into a test case?

[ggeorgiev]

@tmc Hi, I will try to find some time to do so. Considering that I am not familiar with the code base and the usual bootstrap overhead it might take some time. Meanwhile, someone that is working on the project probably will have success to reproduce the issue considering that there is nothing tricky for the scenario to expose it and it is 100% reproducible.

[ggeorgiev]

I did not find where to add such test, but this code seem suspicious because it seems to analyses system characters over already decoded version of the path.

 func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	path := r.URL.Path
	if !strings.HasPrefix(path, "/") {
		OtherErrorHandler(w, r, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
		return
	}

	components := strings.Split(path[1:], "/")
	l := len(components)
	var verb string
	if idx := strings.LastIndex(components[l-1], ":"); idx == 0 {
		OtherErrorHandler(w, r, http.StatusText(http.StatusNotFound), http.StatusNotFound)
		return
	} else if idx > 0 {
		c := components[l-1]
		components[l-1], verb = c[:idx], c[idx+1:]
	}

[ggeorgiev]

This is a comment in the URL package:
// Note that the Path field is stored in decoded form: /%47%6f%2f becomes /Go/.
// A consequence is that it is impossible to tell which slashes in the Path were
// slashes in the raw URL and which were %2f. This distinction is rarely important,
// but when it is, code must not use Path directly.

I replaced in the quoted before code path := r.URL.Path with path := r.URL.RawPath and the not found problem got solved. Of course, the components, need to get decoded after the split in order this to works as before.

[ggeorgiev]

The problem actually is way more serious from what I noticed initially. Essentially any value in the path that includes '/' will completely mess up the components.

[ggeorgiev]

ping - is someone looking at this? Seems like a serious issue.

[tmc]

@ggeorgiev you can simply capture those parameters in either get params or in the body for now. If you can submit a failing test case it will lower the barrier to fixing this.

[jessesuen]

We were also hit by this issue. I submitted PR #660 which allows encoded slashes as part of a path.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[kindermoumoute]

This bug still happens with grpc-gateway v1.14.4

[johanbrandhorst]

Hi, thanks for the bump. I'll repopen. Would you be interested in submitting a fix?

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.