[ruby/net-http] Decode user and password from env configured proxy
If someone sets an env variable defining a http_proxy, containing a username / password with percent-encoded characters, then the resulting base64 encoded auth header will be wrong.
For example, suppose a username is Y\X and the password is R%S] ?X. Properly URL encoded the proxy url would be:
http://Y%5CX:R%25S%5D%20%3FX@proxy.example:8000
The resulting proxy auth header should be: WVxYOlIlU10gP1g=, but the getters defined by ruby StdLib URI return a username Y%5CX and password R%25S%5D%20%3FX, resulting in WSU1Q1g6UiUyNVMlNUQlMjAlM0ZY. As a result the proxy will deny the request.
Please note that this is my first contribution to the ruby ecosystem, to standard lib especially and I am not a ruby developer.
[ruby/net-http] Decode user and password from env configured proxy
If someone sets an env variable defining a http_proxy, containing a
username / password with percent-encoded characters, then the resulting
base64 encoded auth header will be wrong.
For example, suppose a username is
Y\Xand the password isR%S] ?X.Properly URL encoded the proxy url would be:
The resulting proxy auth header should be:
WVxYOlIlU10gP1g=, but thegetters defined by ruby StdLib
URIreturn a usernameY%5CXandpassword
R%25S%5D%20%3FX, resulting inWSU1Q1g6UiUyNVMlNUQlMjAlM0ZY.As a result the proxy will deny the request.
Please note that this is my first contribution to the ruby ecosystem, to
standard lib especially and I am not a ruby developer.
References:
https://github.com/ruby/net-http/commit/e57d4f38aa