Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

A double slash (%252F) instead slash (%2F) if the URL request parameter encoded

See original GitHub issue

version 9.3.1 Client Request

@RequestLine("GET /projects/{projectId}")
Project getProject(@Param(value = "projectId", expander = URLEncoded.class) String projectId);

URLEncoded

public class URLEncoded implements Param.Expander {

    @Override
    public String expand(Object value) {
        System.out.println( " >>> Value: " + value);
        try {
            String encoded = URLEncoder.encode(String.valueOf(value), StandardCharsets.UTF_8.name());
            System.out.println(" >>> Encoded value:  " + encoded);
            return encoded;
        } catch (UnsupportedEncodingException ignore) {
            return String.valueOf(value);
        }
    }
}

Log

>>> Value: automation/tests
>>> Encoded value:  automation%2Ftests
---> GET http://localhost:10080/api/v4/projects/automation%252Ftests HTTP/1.1
Content-Type: application/x-www-form-urlencoded
---> END HTTP (0-byte body)
<--- HTTP/1.1 404 Not Found (65ms)
cache-control: no-cache
connection: keep-alive
content-length: 35
content-type: application/json
date: Sun, 24 Jun 2018 02:37:22 GMT
okhttp-received-millis: 1529807842448
okhttp-sent-millis: 1529807842429
server: nginx
vary: Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: d3e4fccf-a1b7-4118-8125-6388339ca326
x-runtime: 0.012393
{"message":"404 Project Not Found"}
<--- END HTTP (35-byte body)

Expected - %2F /api/v4/projects/automation%2Ftests

Actual - %252F /api/v4/projects/automation%252Ftests

Issue Analytics

State:
Created 5 years ago
Comments:6 (2 by maintainers)

Top GitHub Comments

1reaction

kdavisk6commented, Jul 4, 2018

From looking over the code, there is a property on the @RequestLine called decodeSlash which defaults to true. This will enforce that the slashes are not encoded when a variable exists on the RequestLine template. Have you tried setting that to false?

@RequestLine(value = "GET /api/stuff/{variable with path that should be encoded}", decodeSlash=false)

0reactions

shaburovcommented, Aug 26, 2018

RTFM My mistake. Has closed.

Top Results From Across the Web

URL slash '/' get double encoded. Changed to %252F instead ...

I think you can fix it by first decoding the original response and then sending it as a query param to next ...

Double Encoding | OWASP Foundation

This attack technique consists of encoding user request parameters twice ... (dot-dot-slash) characters represent %2E%2E%2F in hexadecimal representation.

Change double encoding of slash (+back) in param of request ...

How to change double encoding (to single) of slash and backSlash in parameter of request in Tomcat 8? While URL rewriting Tomcat makes...

Passing a parameter with slashes to the REST call

I need to pass a parameter string that contains slashes to a REST call. I tried URL encoding, or making URL map to...

Stopping .Net from Escaping the ALready URIencoded Query ...

I have tried double encoding but that converts the %2f to %252f. And when the call is made the %252f is not converted...