http: Add ability to merge slashes

[euroelessar]

Description: Add an optional ability to merge slashes in the request's path
Risk Level: LOW (opt-in)
Testing: unit tests
Docs Changes: inline protobuf documentation
Release Notes: updated
Fixes #7611

[zuercher]

/retest

[repokitteh-read-only]

🔨 rebuilding ci/circleci: asan (failed build)

🐱

Caused by: a #7621 (comment) was created by @zuercher.

see: more, trace.

[zuercher]

/assign @jmarantz could you have a look?

[repokitteh-read-only]

🙀 Error while processing event:

evaluation error
error: function _rk_error error: path contains forbidden characters

🐱

Caused by: a #7621 (comment) was created by @zuercher.

see: more, trace.

[venilnoronha]

Thanks for working on this.

[venilnoronha]

Why's the path validity checked on the original value i.e. prior to merging slashes? I'd add a comment explaining that.

[jmarantz]

why bother to merge slashes if is_valid_path is false?

[euroelessar]

@venilnoronha Please have another look, and let me know if there is any outstanding feedback.

[venilnoronha]

LGTM. Thanks!

[euroelessar]

Can this change be merged, please?

[mattklein123]

@euroelessar a maintainer has to review it. Hopefully @jmarantz can take a look soon.

[jmarantz]

why bother to merge slashes if is_valid_path is false?

[jmarantz]

I don't think we use this style of commenting that a method is static in Envoy.

[jmarantz]

capture start-index here to avoid re-searching the same text.

Better yet, use more absl strings magic, to simplify the code

absl::string_view::size_type query_start = orignal_path.find('?');
absl::string_view query;
if (query_start != absl::string_view::npos) {
  query = original_path.substr(query_start);
  original_path = original_path.substr(0, query_start);
}
if (original_path.find("//") != absl::string_view::npos) {
  path_header.value(absl::StrCat(absl::StrReplace(original_path, {{"//", "/"}}), query));
}

WDYT? I'm not 100% sure about all the corner cases like an input of "///" or "////" and what they should do.

[euroelessar]

Unfortunately absl::StrReplace-based approach does not handle triple (or more) slashes, but I've simplified the rest of the code based on your recommendation.

[jmarantz]

include some triple and quadruple slashes in your test suite.

[jmarantz]

WDYT of turning the body of the loop into a lambda or test-helper method std::string normalizePath(absl::string_view path) and then writing:

  EXPECT_EQ("/a/b/c", normalizePath("//a/b/c"));

what you have is idiomatic for golang but most C++ tests I see look more like my suggestion. I'm OK with what you have; just an idea.

[jmarantz]

include a test method that also ensures that no slash-merging takes place when the option is off.

[euroelessar]

It's covered by ConnectionManagerUtilityTest::MergeSlashesDefaultOff test

[jmarantz]

I see, ok, that makes sense. I think handling of 3 or more slashes should be covered here, though, as this is the functional unit-test.

[euroelessar]

Test for handling of 3 or more slashes was already added in the latest revision

[jmarantz]

Thanks for doing this, and thanks @venilnoronha for the first review. Just a few nits/cleanups and we should be good to go.

[jmarantz]

s/size_t/absl::string_view::size_type

[jmarantz]

Handling the npos case for query_start does not appear to be a documented use of substr etc.

[euroelessar]

Point 24.4.2. of C++17 standard specifies that std::base_string_view::substr lets rlen be the smaller of n and size() - pos, which covers npos.
absl::string_view is API-compatible with std::string_view so I assume it inherits the spec behavior even if it's not called out in the documentation explicitly.

[jmarantz]

use explicit types in this context as type is not obvious from context unless you know string_view well.

https://google.github.io/styleguide/cppguide.html#auto

[jmarantz]

I'd still prefer using the absl functions for this to avoid having to look carefully at string-hacking code for common patterns. But absl::Substitute is actually preferred for strings known at compile-time. Just call it in a loop till there are no more occurrences of "//" (change the 'if (path.find" to a while-loop, reversing the polarity of the condition.

[jmarantz]

I thought about this further as my 'while' suggestion would be n^2 on a string with 100 consecutive slashes.

Let's do the initial scan for "//" via if, but then we can just use split/join to remove duplicate slashes. WDYT?

return absl::StrCat(absl::StrJoin(absl::StrSplit(original_path, "/"), absl::SkipEmpty), "/"), query);

[euroelessar]

In this case we would also need to either special-case / prefix or assume that all paths are always absolute.

[jmarantz]

Yeah also trailing slash, so cases to handle are:

/a//b
/a//b/
a//b
a//b/

It's still probably simpler than the character-at-a-time scan but maybe there's a better absl util to use?

[jmarantz]

probably good to add those cases anyway to the test-suite regardless of the algo we use

[euroelessar]

updated, as well as added extra tests

[jmarantz]

return std::string(path_header.value().getStringView());

[jmarantz]

I see, ok, that makes sense. I think handling of 3 or more slashes should be covered here, though, as this is the functional unit-test.

[jmarantz]

can you point to the HTTP spec indicating that multiple slashes should be merged? I suspect such a spec for canonicalized URL paths exists -- same place where it discusses handling of "..".

This should referenced in the comments or maybe even in this doc.

[euroelessar]

HTTP spec does not specify that slashes should be merged, moreover it explicitly states that behavior around slashes is resource-specific (and this is one of the reasons to make it optional, and not enable by default).
However it's useful in real world applications to provide a safe-guard against user errors, when we know for sure that the intended behavior is similar to filesystem one.

[jmarantz]

Indeed it doesn't. It does discuss treatment of ".." which Envoy does, but this is AFAICT not a specified behavior. https://tools.ietf.org/html/rfc3986#section-6

WDYT of making this a filter rather than putting it in the core, since it's really an optional extension? I think it's possible for a filter to adjust the path. I don't feel too strongly either way, but with @mattklein123 we've been talking about building a bare-bones Envoy with only the core functionality and if this were a filter in test/extensions/filters/http/... it would be easier to compile it out. Not that it's that expensive, but it might make sense to keep the core in-spec and as small as possible.

[euroelessar]

I don't have a strong preference here and can follow a maintainers' decision.
One thing to consider is that until #6602 is resolved invalidating routing decision is somehow expensive. (and we have to redo routing on a path change)

[mattklein123]

IMO it's fine to have this type of thing be built in as an option. @alyssawilk @PiotrSikora any objection?

[alyssawilk]

My only concern is the slippery slope of too many knobs.
I'm going to claim this passes the two company test, as we elide at least initial multiple slashes ourselves and my guess is we can get away with eliding all but we should either make sure things pass the multi-user test or consider making them pluggable.

[jmarantz]

basically lgtm modulo the question about whether this should be a filter or core functionality, which I think can be part of the @envoyproxy/senior-maintainers review.

Thanks for all the updates :)

[jmarantz]

it's probably worth noting here that this canonicalization is not mentioned in any HTTP spec, but is offered as an opt-in convenience to upstreams.

[mattklein123]

LGTM on the general approach with 1 comment. Please also merge master to pick up the new CI config. Thank you!

/wait

[mattklein123]

This can be a simple bool type as it defaults to false.

[mattklein123]

IMO it's fine to have this type of thing be built in as an option. @alyssawilk @PiotrSikora any objection?

[mattklein123]

Thanks this LGTM but will wait until Monday when @alyssawilk is back in the office to see if she or @PiotrSikora have any comments. Nice work!

[PiotrSikora]

LGTM, thanks!

[alyssawilk]

Looks great! A few extra thoughts from my pass

[alyssawilk]

I'm a bit twitchy about full qualified URLs here. Granted, Envoy currently handles fully qualified urls in the H1 codec by splitting them up, so if the incoming request is GET http://foo.com//bar we'll have :authority foo.com and :path /bar so this is fine today (we won't end up with http:/foo.com/bar).

It might be worth an assert that the path is relative, just in case someone does some lua or use defined headers trying to take advantage of Path == url in firstline and having their absolute URL messed up.

[alyssawilk]

My only concern is the slippery slope of too many knobs.
I'm going to claim this passes the two company test, as we elide at least initial multiple slashes ourselves and my guess is we can get away with eliding all but we should either make sure things pass the multi-user test or consider making them pluggable.

[alyssawilk]

I assume this is O(n) if we get something whacky like a path which is 16k worth of / yeah?

[euroelessar]

I don't see anything explicit in the absl documentation, but it's O(n) based on the code.

[repokitteh-read-only]

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to api/.

🐱

Caused by: #7621 was synchronize by euroelessar.

see: more, trace.

[mattklein123]

Thanks!

[mattklein123]

/azp run envoy-macos

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).