rest-assured
rest-assured copied to clipboard
rest-assured
PathParams encoding in 5.3.2
Hello, after upgrading from 5.3.1 to 5.3.2 (via spring-boot-dependencies 3.1.3 -> 3.1.4) in our Spring Boot 3 application, we encounter a test failure in a test using RestAssuredMockMvc where a path param (added with get(String path, Object... pathParams)) including spaces is encoded two times, resulting in the string %2520 in the request URI. This, in turn, will then be decoded to %20 resulting in the test to fail.
I did some investigating and I think this problem was introduced with the solution of https://github.com/rest-assured/rest-assured/issues/1720. Here in the diff (modules/spring-mock-mvc/src/main/java/io/restassured/module/mockmvc/internal/MockMvcRequestSenderImpl.java:336) you can see that this call to uriComponentsBuilder.build().toUriString() is now done after any path params are added to the URI, leading to them being encoded an additional time. Later in our setup, they will be encoded a second time by MockHttpServletRequestBuilder (from spring-test 6.0.12) which is unchanged behaviour regarding this upgrade as far as I understand it.
I'm not exactly sure if this is a bug, but at least the behaviour of RestAssured seems to have changed insofar as the request URI now includes encoded path params, whereas with version 5.3.1 it did not.
Can you give us some insights?
Hi, we alo see issue with double-encoding of the path parameters. This is especially visible with Spring Security as generated requests are rejected by StrictHttpFirewall with message:
Rejecting request due to: The request was rejected because the URL contained a potentially malicious String "%25"
