Deduplicate slashes for sigv4 signature

Signed-off-by: Ujjwal Goyal <importujjwal@gmail.com>
prometheus · Mar 29, 2022 · ffd0efb · ffd0efb
1 parent 902cb39
commit ffd0efb
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/sigv4/sigv4.go b/sigv4/sigv4.go
@@ -115,6 +115,10 @@ func (rt *sigV4RoundTripper) RoundTrip(req *http.Request) (*http.Response, error
 	}()
 	req.Body = ioutil.NopCloser(seeker)
 
+	// Escape URL like documented in AWS documentation.
+	// https://docs.aws.amazon.com/sdk-for-go/api/aws/signer/v4/#pkg-overview
+	req.URL.Path = req.URL.EscapedPath()
+
 	// Clone the request and trim out headers that we don't want to sign.
 	signReq := req.Clone(req.Context())
 	for _, header := range sigv4HeaderDenylist {

diff --git a/sigv4/sigv4_test.go b/sigv4/sigv4_test.go
@@ -89,4 +89,14 @@ func TestSigV4RoundTripper(t *testing.T) {
 
 		require.Equal(t, origReq.Header.Get("Authorization"), gotReq.Header.Get("Authorization"))
 	})
+
+	t.Run("Escape URL", func(t *testing.T) {
+		req, err := http.NewRequest(http.MethodPost, "google.com/test//test", strings.NewReader("Hello, world!"))
+		require.NoError(t, err)
+		require.Equal(t, "google.com/test//test", req.URL.Path)
+
+		// Escape URL and check
+		req.URL.Path = req.URL.EscapedPath()
+		require.Equal(t, "google.com/test/test", req.URL.Path)
+	})
 }