fix: sort query parameter keys after encoding (smithy-lang#1404)

r-izumida · web-flow · commit 806cc7f59c5a · 2024-09-20T15:56:42.000-04:00
diff --git a/.changeset/ninety-hairs-obey.md b/.changeset/ninety-hairs-obey.md
@@ -0,0 +1,5 @@
+---
+"@smithy/signature-v4": patch
+---
+
+fix: sort query parameter keys after encoding
diff --git a/packages/signature-v4/src/getCanonicalQuery.spec.ts b/packages/signature-v4/src/getCanonicalQuery.spec.ts
@@ -37,6 +37,17 @@ describe("getCanonicalQuery", () => {
     ).toBe("baz=quux&fizz=buzz&foo=bar");
   });
 
+  it("should sort query keys alphabetically after URI-encode", () => {
+    expect(
+      getCanonicalQuery(
+        new HttpRequest({
+          ...httpRequestOptions,
+          query: { A: "65", "[": "91", a: "97", "{": "123" },
+        })
+      )
+    ).toBe("%5B=91&%7B=123&A=65&a=97");
+  });
+
   it("should URI-encode keys and values", () => {
     expect(
       getCanonicalQuery(
diff --git a/packages/signature-v4/src/getCanonicalQuery.ts b/packages/signature-v4/src/getCanonicalQuery.ts
@@ -9,28 +9,27 @@ import { SIGNATURE_HEADER } from "./constants";
 export const getCanonicalQuery = ({ query = {} }: HttpRequest): string => {
   const keys: Array<string> = [];
   const serialized: Record<string, string> = {};
-  for (const key of Object.keys(query).sort()) {
+  for (const key of Object.keys(query)) {
     if (key.toLowerCase() === SIGNATURE_HEADER) {
       continue;
     }
 
-    keys.push(key);
+    const encodedKey = escapeUri(key);
+    keys.push(encodedKey);
     const value = query[key];
     if (typeof value === "string") {
-      serialized[key] = `${escapeUri(key)}=${escapeUri(value)}`;
+      serialized[encodedKey] = `${encodedKey}=${escapeUri(value)}`;
     } else if (Array.isArray(value)) {
-      serialized[key] = value
+      serialized[encodedKey] = value
         .slice(0)
-        .reduce(
-          (encoded: Array<string>, value: string) => encoded.concat([`${escapeUri(key)}=${escapeUri(value)}`]),
-          []
-        )
+        .reduce((encoded: Array<string>, value: string) => encoded.concat([`${encodedKey}=${escapeUri(value)}`]), [])
         .sort()
         .join("&");
     }
   }
 
   return keys
+    .sort()
     .map((key) => serialized[key])
     .filter((serialized) => serialized) // omit any falsy values
     .join("&");

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@smithy/signature-v4": patch
 +---
++
 +fix: sort query parameter keys after encoding