How to normalize URL in Http::HeaderMap? #6008
Assignees
Labels
enhancement
Feature requests. Not bugs or questions.
Comments
|
I think we should add this capability, and while doing so, keep in mind possible path traversal attacks. |
|
I can work on this, Could you assign this to me? Also could you clarify a little about the path traversal attacks? I'm not sure how it is related to the change here. Thanks. @mattklein123, do you have any comments for this? |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Title: How to normalize URL in Http::HeaderMap?
Description:
If a URL path includes double dots (e.g.
/data/../info/) or single dot (e.g./user/./record/), it seemsHttp::HeaderMapdoesn't normalize it by removing the dots in the path.Sometime this creates issues when a filter is trying to compare the path. For example, a filter may expect to match on path
/info/and it actually wants to match on both/data/../info/and/info/because they have the same semantics and will most likely to be interpreted to the same place in the backend.Question:
HeaderMaporHeaderUtility::matchHeaders? Or should we simply do it inside a specific filter when needed?Reference:
https://en.wikipedia.org/wiki/URL_normalization
/cc @liminw @JimmyCYJ
The text was updated successfully, but these errors were encountered: