HTTP path regex matching not working as expected for path with trailing slash #15826
Description
If you are reporting any crash or any potential security issue, do not
open an issue in this repo. Please report the issue via emailing
envoy-security@googlegroups.com where the issue will be triaged appropriately.
Title: One line description
HTTP path regex matching not working for paths with trailing slash
Description:
What issue is being seen? Describe what should be happening instead of
the bug, for example: Envoy should not crash, the expected value isn't
returned, etc.
I am trying use the regex /status/200(/.*)?$ that should behave as follows:
should match: /status/200, status/200/ (note trailing slash), /status/200/foo
should not match: /status/200foo
I see that the following route configuration in envoy is rejecting requests whose :path equals /status/200/ (includes trailing slash). Per the regex /status/200(/.*)?$, this request should be a match, but Envoy rejects it with a 404.
Route:
"routes": [
{
"match": {
"headers": [
{
"name": ":method",
"safe_regex_match": {
"google_re2": {},
"regex": ".*"
}
}
],
"safe_regex": {
"google_re2": {},
"regex": "/status/200(/.*)?$"
}
Repro steps:
Include sample requests, environment, etc. All data and inputs
required to reproduce the bug.
See above route configuration to repro.
Envoy version: envoyproxy/envoy-alpine:v1.17.1
I used Golang's regexp lib to verify the expected regex behavior: https://play.golang.org/p/GGppRHeEoW8
Note: The Envoy_collect tool
gathers a tarball with debug logs, config and the following admin
endpoints: /stats, /clusters and /server_info. Please note if there are
privacy concerns, sanitize the data prior to sharing the tarball/pasting.
Admin and Stats Output:
Include the admin output for the following endpoints: /stats,
/clusters, /routes, /server_info. For more information, refer to the
admin endpoint documentation.
I see downstream_rq_4xx in the inbound RDS configuration increment for requests with :path /status/200/.