Add handling decoding of parameters for ALB requests and decode paramter names in HTTP API requests

Author: jpfennelly

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpApiV2ProxyHttpServletRequest.java

@@ -483,10 +483,10 @@ private MultiValuedTreeMap<String, String> parseRawQueryString(String qs) {
 
                 String[] kv = value.split(QUERY_STRING_KEY_VALUE_SEPARATOR);
                 String key = URLDecoder.decode(kv[0], LambdaContainerHandler.getContainerConfig().getUriEncoding());
-                String val = kv.length == 2 ? kv[1] : "";
+                String val = kv.length == 2 ? AwsHttpServletRequest.decodeValueIfEncoded(kv[1]) : "";
                 qsMap.add(key, val);
             } catch (UnsupportedEncodingException e) {
-                log.error("Unsupported encoding in query string key: " + SecurityUtils.crlf(value), e);
+                log.error("Unsupported encoding in query string key-value pair: " + SecurityUtils.crlf(value), e);
             }
         }
         return qsMap;

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsProxyHttpServletRequest.java

@@ -325,8 +325,17 @@ public String getContentType() {
 
     @Override
     public String getParameter(String s) {
+
+    	// decode key if ALB
+    	if (request.getRequestSource() == RequestSource.ALB) {
+    		s = decodeValueIfEncoded(s);
+    	}
+
        String queryStringParameter = getFirstQueryParamValue(request.getMultiValueQueryStringParameters(), s, config.isQueryStringCaseSensitive());
         if (queryStringParameter != null) {
+        	if (request.getRequestSource() == RequestSource.ALB) {
+        		queryStringParameter = decodeValueIfEncoded(queryStringParameter);
+        	}
             return queryStringParameter;
         }
 
@@ -345,15 +354,35 @@ public Enumeration<String> getParameterNames() {
         if (request.getMultiValueQueryStringParameters() == null) {
             return Collections.enumeration(formParameterNames);
         }
-        return Collections.enumeration(Stream.concat(formParameterNames.stream(),
-                request.getMultiValueQueryStringParameters().keySet().stream()).collect(Collectors.toSet()));
+
+        Set<String> paramNames = request.getMultiValueQueryStringParameters().keySet();
+        if (request.getRequestSource() == RequestSource.ALB) {
+        	paramNames = paramNames.stream().map(AwsProxyHttpServletRequest::decodeValueIfEncoded).collect(Collectors.toSet());
+        }
+		
+        return Collections.enumeration(
+				Stream.concat(formParameterNames.stream(), paramNames.stream())
+				.collect(Collectors.toSet()));
     }
 
 
     @Override
     @SuppressFBWarnings("PZLA_PREFER_ZERO_LENGTH_ARRAYS") // suppressing this as according to the specs we should be returning null here if we can't find params
     public String[] getParameterValues(String s) {
+    	
+    	// decode key if ALB
+    	if (request.getRequestSource() == RequestSource.ALB) {
+    		s = decodeValueIfEncoded(s);
+    	}
+    	
+    	// TODO lots of back and forth arrays and lists here, sort it out!
         List<String> values = new ArrayList<>(Arrays.asList(getQueryParamValues(request.getMultiValueQueryStringParameters(), s, config.isQueryStringCaseSensitive())));
+        // List<String> values = getQueryParamValuesAsList(request.getMultiValueQueryStringParameters(), s, config.isQueryStringCaseSensitive());
+        
+        // decode values if ALB
+        if (request.getRequestSource() == RequestSource.ALB) {
+        	values = values.stream().map(AwsHttpServletRequest::decodeValueIfEncoded).collect(Collectors.toList());
+        }
 
         values.addAll(Arrays.asList(getFormBodyParameterCaseInsensitive(s)));
 
@@ -367,7 +396,7 @@ public String[] getParameterValues(String s) {
 
     @Override
     public Map<String, String[]> getParameterMap() {
-        return generateParameterMap(request.getMultiValueQueryStringParameters(), config);
+        return generateParameterMap(request.getMultiValueQueryStringParameters(), config, request.getRequestSource() == RequestSource.ALB);
     }
 
 

aws-serverless-java-container-core/src/test/java/com/amazonaws/serverless/proxy/internal/servlet/AwsProxyHttpServletRequestTest.java

@@ -33,8 +33,8 @@ public class AwsProxyHttpServletRequestTest {
     private static final String FORM_PARAM_NAME = "name";
     private static final String FORM_PARAM_NAME_VALUE = "Stef";
     private static final String FORM_PARAM_TEST = "test_cookie_param";
-    private static final String QUERY_STRING_NAME_VALUE = "Bob";
-    private static final String QUERY_STRING_NAME = "name";
+    private static final String QUERY_STRING_NAME_VALUE = "Bob B!";
+    private static final String QUERY_STRING_NAME = "name$";
     private static final String REQUEST_SCHEME_HTTP = "http";
     private static final String USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36";
     private static final String REFERER = "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent/Firefox";