search

square / retrofit

A type-safe HTTP client for Android and the JVM
https://square.github.io/retrofit/
Apache License 2.0
43.03k stars 7.3k forks source link

Invalid Malformed URL #3080

Open nathancassano opened 5 years ago

nathancassano commented 5 years ago

The path of a URL contains a colon symbol which is causing the call to fail.

Using version com.squareup.retrofit2:retrofit:2.5.0

Code:

public interface ClientApi {
    @PUT("user:email={email}/login")
    Call<ResponseBody> login(@Path("email") String email, @Body String pass);

    @PUT("./user:email={email}/login")
    Call<ResponseBody> loginRelative(@Path("email") String email, @Body String pass);
...

Regular path Stack trace:

Caused by: java.lang.IllegalArgumentException: Malformed URL. Base: https://test.com/restapi/, Relative: user:email=me@test.com/login
        at retrofit2.RequestBuilder.get(RequestBuilder.java:221)
        at retrofit2.RequestFactory.create(RequestFactory.java:111)
        at retrofit2.OkHttpCall.createRawCall(OkHttpCall.java:190)
        at retrofit2.OkHttpCall.execute(OkHttpCall.java:173)
        at Service.login(Service.java:38)

Think the code needs to treat the relative portion of the URL like an absolute URL when parsing.

Relative path Using a retaliative path annotation ./ does not solve this issue. Stack trace:

Caused by: java.lang.IllegalArgumentException: @Path parameters shouldn't perform path traversal ('.' or '..'):
        at retrofit2.RequestBuilder.addPathParam(RequestBuilder.java:113)
        at retrofit2.ParameterHandler$Path.apply(ParameterHandler.java:99)
        at retrofit2.RequestFactory.create(RequestFactory.java:108)
        at retrofit2.OkHttpCall.createRawCall(OkHttpCall.java:190)
        at retrofit2.OkHttpCall.execute(OkHttpCall.java:173)

Bug report unit test https://gist.github.com/nathancassano/f675e2fd1c64d4b6002afea37bf5fee4

JakeWharton commented 5 years ago

Yeah this should be allowed.

cc @swankjesse

sangeetha5491 commented 5 years ago

can I work on this issue?

swankjesse commented 5 years ago

No, we need to study to learn what the correct behavior is.

ghost commented 4 years ago

Is there any news about this issue? This problem causes a version lock to 2.4.0.

bio007 commented 3 years ago

Hi, any update on this?

roshanrajaratnam commented 3 years ago

Hi any update on this? colon in a path variable seem to be encoded as %253A instead of just %3A.

yagyank commented 2 years ago

Hey can I pick this issue?

guyferguson commented 2 years ago

Still an isue....

sagar392 commented 1 year ago

The following interface doesn't even exists in the repository

guyferguson commented 1 year ago

I am using the latest retrofit version and this issue persists. Can you specify the specific Interface you say does not exist, or would it be better for me to find teh line in retrofit that generates the error msg?

richardbn commented 10 months ago

Still an isue....

DawnNguyenAhiho commented 1 week ago

Hi, any update here. The URL with only the :stuff can be workaround with ./ but if url has Path like {foo}:bar will completely broken

roshanrajaratnam commented 1 week ago

literally 5 years later and people are facing the same issue...