Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: handle invalid chars in host header #3923

Merged
merged 5 commits into from
Mar 20, 2024
Merged

fix: handle invalid chars in host header #3923

merged 5 commits into from
Mar 20, 2024

Conversation

david-luna
Copy link
Member

@david-luna david-luna commented Mar 19, 2024
edited
Loading

Host header may contain invalid characters making the agent throw an exception and stoping the app. Agent should not throw and let the app deal with the wrong requerst.

Closes: #3874

Checklist

  • Implement code
  • Add tests
  • Update TypeScript typings
  • Update documentation
  • Add CHANGELOG.asciidoc entry
  • Commit message follows commit guidelines

trentm
trentm reviewed Mar 19, 2024
View reviewed changes
CHANGELOG.asciidoc Outdated
@@ -46,6 +46,8 @@ See the <<upgrade-to-v4>> guide.
[float]
===== Bug fixes

* Fix path resolution for requests that contain invalid characters in its
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be added to a new ==== Unreleased section. See template for the new section at the top of the CHANGELOG file.

test/instrumentation/express-utils.test.js Outdated
const req = createRequest(
'https://test.com/foo/bar?query=value#hash',
// eslint-disable-next-line prettier/prettier, no-useless-escape
'invalid\host\name',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does that actually throw in the try/catch?

> new URL('http://invalid\\host\\name')
URL {
  href: 'http://invalid/host/name',
  origin: 'http://invalid',
  protocol: 'http:',
  username: '',
  password: '',
  host: 'invalid',
  hostname: 'invalid',
  port: '',
  pathname: '/host/name',
  search: '',
  searchParams: URLSearchParams {},
  hash: ''
}
> new URL('http://invalid\host\name')
URL {
  href: 'http://invalidhostame/',
  origin: 'http://invalidhostame',
  protocol: 'http:',
  username: '',
  password: '',
  host: 'invalidhostame',
  hostname: 'invalidhostame',
  port: '',
  pathname: '/',
  search: '',
  searchParams: URLSearchParams {},
  hash: ''
}

This works, er fails :)

> new URL('http://bad[hostname')
Uncaught TypeError [ERR_INVALID_URL]: Invalid URL
    at __node_internal_captureLargerStackTrace (node:internal/errors:496:5)
    at new NodeError (node:internal/errors:405:5)
    at new URL (node:internal/url:637:13) {
  input: 'http://bad[hostname',
  code: 'ERR_INVALID_URL'
}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does that actually throw in the try/catch?

I think the URL contained the char [ when I tried in the REPL. My bad

@david-luna david-luna merged commit 0ff46e4 into main Mar 20, 2024
18 checks passed
@david-luna david-luna deleted the dluna/3874-fix-invalid-url-express-utils branch March 20, 2024 06:27
@trentm trentm mentioned this pull request Apr 11, 2024
Merged
PeterEinberger pushed a commit to fpm-git/apm-agent-nodejs that referenced this pull request Aug 20, 2024
@david-luna @PeterEinberger
fix: handle invalid chars in host header (elastic#3923)
76f606a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trentm trentm trentm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unhandled ERR_INVALID_URL causing node.js service to exit
2 participants
@david-luna @trentm