fix(core): prefix path must be normalized

fix FT-3359

kong/db/schema/typedefs.lua

@@ -8,6 +8,7 @@ local socket_url = require "socket.url"
 local constants = require "kong.constants"
 
 
+local normalize = require("kong.tools.uri").normalize
 local pairs = pairs
 local match = string.match
 local gsub = string.gsub
@@ -448,6 +449,12 @@ local function validate_path_with_regexes(path)
   end
 
   if path:sub(1, 1) ~= "~" then
+    -- prefix matching. let's check if it's normalized form
+    local normalized = normalize(path, true)
+    if path ~= normalized then
+      return nil, "not normalized path. Suggest: '" .. normalized .. "'"
+    end
+
     return true
   end
 

spec/01-unit/01-db/01-schema/06-routes_spec.lua

@@ -339,7 +339,7 @@ describe("routes schema (flavor = traditional/traditional_compatible)", function
     end)
 
     it("accepts properly percent-encoded values", function()
-      local valid_paths = { "/abcd%aa%10%ff%AA%FF" }
+      local valid_paths = { "/abcd\xaa\x10\xff\xAA\xFF" }
 
       for i = 1, #valid_paths do
         local route = Routes:process_auto_fields({
@@ -1223,6 +1223,30 @@ describe("routes schema (flavor = traditional/traditional_compatible)", function
       ["@entity"] =  { "must set snis when 'protocols' is 'tls_passthrough'" },
     }, errs)
   end)
+
+  it("errors for not-normalized prefix path", function ()
+    local test_paths = {
+      ["/%c3%A4"] = "/ä",
+      ["/%20"] = "/ ",
+      ["/%25"] = false,
+    }
+    for path, result in ipairs(test_paths) do
+      local route = {
+        paths = { path },
+        protocols = { "http" },
+      }
+
+      local ok, err = Routes:validate(route)
+      if not result then
+        assert(ok)
+
+      else
+        assert.falsy(ok == result)
+        assert.equal([[schema violation (paths.1: not normalized path. Suggest: ']] .. result .. [[')]], err.paths[1])
+      end
+    end
+
+  end)
 end)