Skip to content

Invalid Malformed URL #3080

Open
Open
@nathancassano

Description

@nathancassano

The path of a URL contains a colon symbol which is causing the call to fail.

Using version com.squareup.retrofit2:retrofit:2.5.0

Code:

public interface ClientApi {
    @PUT("user:email={email}/login")
    Call<ResponseBody> login(@Path("email") String email, @Body String pass);

    @PUT("./user:email={email}/login")
    Call<ResponseBody> loginRelative(@Path("email") String email, @Body String pass);
...

Regular path
Stack trace:

Caused by: java.lang.IllegalArgumentException: Malformed URL. Base: https://test.com/restapi/, Relative: user:email=me@test.com/login
        at retrofit2.RequestBuilder.get(RequestBuilder.java:221)
        at retrofit2.RequestFactory.create(RequestFactory.java:111)
        at retrofit2.OkHttpCall.createRawCall(OkHttpCall.java:190)
        at retrofit2.OkHttpCall.execute(OkHttpCall.java:173)
        at Service.login(Service.java:38)

Think the code needs to treat the relative portion of the URL like an absolute URL when parsing.

Relative path
Using a retaliative path annotation ./ does not solve this issue.
Stack trace:

Caused by: java.lang.IllegalArgumentException: @Path parameters shouldn't perform path traversal ('.' or '..'):
        at retrofit2.RequestBuilder.addPathParam(RequestBuilder.java:113)
        at retrofit2.ParameterHandler$Path.apply(ParameterHandler.java:99)
        at retrofit2.RequestFactory.create(RequestFactory.java:108)
        at retrofit2.OkHttpCall.createRawCall(OkHttpCall.java:190)
        at retrofit2.OkHttpCall.execute(OkHttpCall.java:173)

Bug report unit test
https://gist.github.com/nathancassano/f675e2fd1c64d4b6002afea37bf5fee4

Activity

JakeWharton

JakeWharton commented on Apr 16, 2019

@JakeWharton
Collaborator

Yeah this should be allowed.

cc @swankjesse

added this to the 2.6 milestone on Apr 16, 2019
sangeetha5491

sangeetha5491 commented on Apr 30, 2019

@sangeetha5491

can I work on this issue?

swankjesse

swankjesse commented on Apr 30, 2019

@swankjesse
Collaborator

No, we need to study to learn what the correct behavior is.

ghost

ghost commented on Jan 7, 2020

@ghost

Is there any news about this issue? This problem causes a version lock to 2.4.0.

bio007

bio007 commented on Apr 15, 2021

@bio007

Hi, any update on this?

roshanrajaratnam

roshanrajaratnam commented on Aug 30, 2021

@roshanrajaratnam

Hi any update on this? colon in a path variable seem to be encoded as %253A instead of just %3A.

yagyank

yagyank commented on Nov 27, 2021

@yagyank

Hey can I pick this issue?

guyferguson

guyferguson commented on Sep 8, 2022

@guyferguson

Still an isue....

sagar392

sagar392 commented on May 10, 2023

@sagar392

The following interface doesn't even exists in the repository

guyferguson

guyferguson commented on May 10, 2023

@guyferguson

I am using the latest retrofit version and this issue persists. Can you specify the specific Interface you say does not exist, or would it be better for me to find teh line in retrofit that generates the error msg?

richardbn

richardbn commented on Dec 7, 2023

@richardbn

Still an isue....

DawnNguyenAhiho

DawnNguyenAhiho commented on Oct 9, 2024

@DawnNguyenAhiho

Hi, any update here. The URL with only the :stuff can be workaround with ./ but if url has Path like {foo}:bar will completely broken

roshanrajaratnam

roshanrajaratnam commented on Oct 9, 2024

@roshanrajaratnam

literally 5 years later and people are facing the same issue...

tompson

tompson commented on Mar 25, 2025

@tompson

still a Problem in 2025 and preventing projects from upgrading to versions after 2.4.0

roshanrajaratnam

roshanrajaratnam commented on Mar 25, 2025

@roshanrajaratnam

@JakeWharton @swankjesse any updates on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @JakeWharton@tompson@swankjesse@bio007@guyferguson

        Issue actions

          Invalid Malformed URL · Issue #3080 · square/retrofit