You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on May 21, 2025. It is now read-only.
Scenario:
Using github.com/awslabs/aws-lambda-go-api-proxy within github.com/aws/aws-lambda-go/lambda behind an multi_value_headers-enabled ALB
Issue:
URL-Query Parameters can be double-url encoded.
For example a /?from=2022-09-20T04:11:02 would be url-encoded by the browser to /?from=2022-09-20T04%3A11%3A02 (as %3A is the url-encoding of :).
Because of https://github.com/awslabs/aws-lambda-go-api-proxy/blob/master/core/request.go#L164 this value is encoded again before it reaches the handler. Instead of from=2022-09-20T04%3A11%3A02 a double-url encoded value is passed to the handler: from=2022-09-20T04%3A11%253A02 (as %25 is the url-encoding of %).
Suggested solution:
Using url.QueryUnescape before encoding, to see whether the query parameter is already encoded (this would result in err != nil).
Scenario:
Using
github.com/awslabs/aws-lambda-go-api-proxywithingithub.com/aws/aws-lambda-go/lambdabehind anmulti_value_headers-enabled ALBIssue:
URL-Query Parameters can be double-url encoded.
For example a
/?from=2022-09-20T04:11:02would be url-encoded by the browser to/?from=2022-09-20T04%3A11%3A02(as%3Ais the url-encoding of:).Because of https://github.com/awslabs/aws-lambda-go-api-proxy/blob/master/core/request.go#L164 this value is encoded again before it reaches the handler. Instead of
from=2022-09-20T04%3A11%3A02a double-url encoded value is passed to the handler:from=2022-09-20T04%3A11%253A02(as%25is the url-encoding of%).Suggested solution:
Using
url.QueryUnescapebefore encoding, to see whether the query parameter is already encoded (this would result in err != nil).