search

Azure / azure-functions-durable-extension

Durable Task Framework extension for Azure Functions
MIT License
716 stars 271 forks source link

IDurableOrchestrationClient.CreateCheckStatusResponse returns bad URI when instanceId contains a space #2590

Open nando-zalez opened 1 year ago

nando-zalez commented 1 year ago

Description

InstanceId (contains a space between two underscore characters) = “ModelV22023-09-11 _OFFICIAL_2023-09-12-14-51-25.384”

IDurableOrchestrationClient.CreateCheckStatusResponse(req, instanceId) returns a json with statusQueryUri == “https://[redacted].azurewebsites.net/runtime/webhooks/durabletask/instances/ModelV2_2023-09-11_+_OFFICIAL_2023-09-12-14-51-25.384?taskHub=CMASModelSimulatorTest&connection=Storage&code=[redacted]”

Expected behavior

StatusQueryUri can be used to fetch the status.

Actual behavior

StatusQueryUri is invalid, http call returns 404. If I replace the "+" with a space in Postman, it works.

Relevant source code snippets

        await orchestrationClient.StartNewAsync(nameof(Orchestrator.RunOrchestrator), instanceId, orchestratorInput);
        return orchestrationClient.CreateCheckStatusResponse(req, instanceId); // return to http caller

Known workarounds

Avoid space in instancedId

App Details

Screenshots

If applicable, add screenshots to help explain your problem.

If deployed to Azure

We have access to a lot of telemetry that can help with investigations. Please provide as much of the following information as you can to help us investigate!

If you don't want to share your Function App or storage account name GitHub, please at least share the orchestration instance ID. Otherwise it's extremely difficult to look up information.

cgillum commented 1 year ago

Hi @nando-zalez. This issue triggered an alert because secrets were detected in your post. Next time please remember to remove any API keys when pasting URLs into GitHub issues. I already removed it from your original post, but I strongly recommend you rotate it since it may be possible for others to find ways to exploit it (even though you redacted the host name from the URL).

cgillum commented 1 year ago

Looks like there is a URL encoding issue that we need to consider when generating these links. As a workaround, I recommend folks not include spaces in orchestration instance IDs.