fix: allow more characters in url (#3414)

* fix: remove linebreak character at end of url paths in safari * fix: allow usage of # and @ in request path * test: fix flakiness v1 * fix: adjusted request filter and fix more test flakiness * fix: revert previous test improvements * test: updated valid character filter tests & clusterrolebinding test * move changes to different PR
kyma-project · Oct 22, 2024 · c7863ca · c7863ca
1 parent 435946a
commit c7863ca
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 17 deletions.
diff --git a/backend/request-filters.js b/backend/request-filters.js
@@ -50,15 +50,9 @@ export const pathInvalidCharacterFilter = req => {
   // Check if the decoded path contains any non-printable or control characters
   // eslint-disable-next-line no-control-regex
   const controlCharRegex = /[\x00-\x1F\x7F]/;
-  if (controlCharRegex.test(decodedPath)) {
+  if (controlCharRegex.test(decodedPath) || decodedPath.includes('..')) {
     throw Error('Path contains invalid characters.');
   }
-
-  // Allow alphanumeric, dashes, underscores, dots, slashes, colons, tildes, question marks, equals, and ampersands
-  const validPathRegex = /^[a-zA-Z0-9/_\-.:~?&=]+$/;
-  if (decodedPath.includes('..') || !validPathRegex.test(decodedPath)) {
-    throw Error(`Path contains invalid characters.`);
-  }
 };
 
 export const invalidHeaderFilter = req => {

diff --git a/backend/request-filters.test.js b/backend/request-filters.test.js
@@ -109,9 +109,9 @@ describe('invalidHeaderFilter tests', () => {
 describe('pathInvalidCharacterFilter tests', () => {
   const successTestCases = [
     {
-      description: 'should not throw an error for a valid path',
+      description: 'should not throw an error for a valid characters',
       req: {
-        originalUrl: '/valid/path-123',
+        originalUrl: '/valid/path-#&?-123',
       },
     },
     {
@@ -123,13 +123,6 @@ describe('pathInvalidCharacterFilter tests', () => {
   ];
 
   const errorTestCases = [
-    {
-      description: 'should throw an error for a path with invalid characters',
-      req: {
-        originalUrl: '/invalid/path<with>brackets',
-      },
-      expectedError: 'Path contains invalid characters.',
-    },
     {
       description: 'should throw an error for a path containing ..',
       req: {

diff --git a/tests/integration/tests/cluster/test-cluster-role-bindings.spec.js b/tests/integration/tests/cluster/test-cluster-role-bindings.spec.js
@@ -3,7 +3,7 @@
 // Also column layout test
 
 const random = Math.floor(Math.random() * 9999) + 1000;
-const CRB_NAME = `test-cypress-crb-${random}`;
+const CRB_NAME = `test-###-crb-${random}`;
 const USER_NAME = '[email protected]';
 
 context('Test Cluster Role Bindings', () => {