search

Azure / azure-rest-api-specs

The source for REST API specifications for Microsoft Azure.
MIT License
2.69k stars 5.12k forks source link

[BUG] [SecurityInsight@2022-10-01-preview] [ThreatIntelligence] the `nextLink` url is not encoded properly #31000

Open ziyeqf opened 1 month ago

ziyeqf commented 1 month ago

API Spec link

https://github.com/Azure/azure-rest-api-specs/blob/9ce76c4f113368361dac4de5d0a71eb058602756/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-10-01-preview/ThreatIntelligence.json#L531

API Spec version

2022-10-01-preview

Describe the bug

The nextLink property may contains #, not encoded. As the log in this issue(https://github.com/hashicorp/terraform-provider-azurerm/issues/27086) shows 

"nextLink": "https://management.azure.com/subscriptions/3f2e4d32-8e8d-46d6-82bc-5bb8d962328b/resourceGroups/alexott-fe-rg/providers/Microsoft.OperationalInsights/workspaces/sentinel-poc/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators?api-version=2022-10-01-preview\u0026$skipToken=[{\"compositeToken\":{\"token\":\"+RID:~wkAwAN9yJkCAgB8AAAAAAA==#RT:1#TRC:100#RTD:eXTCpa71Yy1sqZIRoXXABTMxMzUuMTkuMjhVMTo7NDM7MTgvMzc5OTU4M1sA#ISV:2#IEO:65567#QCF:8#FPC:AgF6fnoGAIEE/v9we3sCAABAfAIAAEB9AgAAQH4IAGFA/v4xQP8B\",\"range\":{\"min\":\"\",\"max\":\"FF\"}},\"resumeValues\":[\"2024-08-17T09:32:07.2688472Z\"],\"rid\":\"wkAwAN9yJkCAgB8AAAAAAA==\",\"skipCount\":0}]"

Per the RFC3986, # is a Reserved Characters, it should be percent-encoded.

the character # in the url leads to parsing failure, and causes bug on client side. Please encode it properly.

Expected behavior

The URl should be encoded properly like

https://management.azure.com/subscriptions/3f2e4d32-8e8d-46d6-82bc-5bb8d962328b/resourceGroups/alexott-fe-rg/providers/Microsoft.OperationalInsights/workspaces/sentinel-poc/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators?api-version=2022-10-01-preview\u0026$skipToken=%5B%7B%5C%22compositeToken%5C%22%3A%7B%5C%22token%5C%22%3A%5C%22%2BRID%3A~wkAwAN9yJkCAgB8AAAAAAA%3D%3D%23RT%3A1%23TRC%3A100%23RTD%3AeXTCpa71Yy1sqZIRoXXABTMxMzUuMTkuMjhVMTo7NDM7MTgvMzc5OTU4M1sA%23ISV%3A2%23IEO%3A65567%23QCF%3A8%23FPC%3AAgF6fnoGAIEE%2Fv9we3sCAABAfAIAAEB9AgAAQH4IAGFA%2Fv4xQP8B%5C%22%2C%5C%22range%5C%22%3A%7B%5C%22min%5C%22%3A%5C%22%5C%22%2C%5C%22max%5C%22%3A%5C%22FF%5C%22%7D%7D%2C%5C%22resumeValues%5C%22%3A%5B%5C%222024-08-17T09%3A32%3A07.2688472Z%5C%22%5D%2C%5C%22rid%5C%22%3A%5C%22wkAwAN9yJkCAgB8AAAAAAA%3D%3D%5C%22%2C%5C%22skipCount%5C%22%3A0%7D%5D

Actual behavior

the url is not encoded

Reproduction Steps

N/A

Environment

Azure Public

v-jiaodi commented 1 month ago

@anat-gilenson Please help take a look, thanks.