Handle path parsing for opaque URIs (#2067)

AlexanderEllis · web-flow · commit 1c1d666acfe3 · 2026-02-05T12:00:47.000-05:00
When we're working with an opaque URI that the netty code can't parse a path from, we can end up with a null path, causing a NPE as we try to parse it. This adds a quick check — if we don't have a path, just return the URI. This matches the existing behavior — scope out the `parseUriFromNetty_unknown` test: ``` @test void parseUriFromNetty_unknown() { EmbeddedChannel channel = new EmbeddedChannel(new ClientRequestReceiver(null)); channel.attr(SourceAddressChannelHandler.ATTR_SERVER_LOCAL_PORT).set(1234); HttpRequestMessageImpl result; { channel.writeInbound( new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.POST, "asdf", Unpooled.buffer())); result = channel.readInbound(); result.disposeBufferedBody(); } assertThat(result.getPath()).isEqualTo("asdf"); channel.close(); } ``` We can match this behavior with our null check defense.
diff --git a/zuul-core/src/main/java/com/netflix/zuul/netty/server/ClientRequestReceiver.java b/zuul-core/src/main/java/com/netflix/zuul/netty/server/ClientRequestReceiver.java
@@ -420,7 +420,11 @@ private String parsePath(String uri) {
         try {
             URI uriObject = new URI(uri);
             uriObject = uriObject.normalize();
-            path =  uriObject.getRawPath();
+            path = uriObject.getRawPath();
+            if (path == null) {
+                // If we have an opaque URI, match existing behavior of using the URI as the path.
+                return uri;
+            }
             while (path.startsWith("/..")) {
                 path = path.substring(3);
             }
diff --git a/zuul-core/src/test/java/com/netflix/zuul/netty/server/ClientRequestReceiverTest.java b/zuul-core/src/test/java/com/netflix/zuul/netty/server/ClientRequestReceiverTest.java
@@ -536,6 +536,22 @@ void pathTraversal_withQueryString() {
         channel.close();
     }
 
+    @Test
+    void pathTraversal_withOpaqueURI() {
+        EmbeddedChannel channel = new EmbeddedChannel(new ClientRequestReceiver(null));
+        channel.attr(SourceAddressChannelHandler.ATTR_SERVER_LOCAL_PORT).set(1234);
+        HttpRequestMessageImpl result;
+        {
+            channel.writeInbound(new DefaultFullHttpRequest(
+                    HttpVersion.HTTP_1_1, HttpMethod.GET, "foo.netflix.net:443", Unpooled.buffer()));
+            result = channel.readInbound();
+            result.disposeBufferedBody();
+        }
+
+        assertThat(result.getPath()).isEqualTo("foo.netflix.net:443");
+        channel.close();
+    }
+
     @Test
     void pathNormalization_emptyPath() {
         EmbeddedChannel channel = new EmbeddedChannel(new ClientRequestReceiver(null));
