Failing for garbage(URL encoded) value in query parameter

[mnj93]

I'm facing an issue with Request validation middleware.
I've following schema for one of my GET API endpoint

schema" : {
              "maxLength" : 10,
              "pattern" : "^[A-Z]+$",
              "type" : "string",
              "example" : "ABCDEF"
            }

This is working fine for normal scenarios when I pass something like ABCDEFS or 123 it's giving expected output with error and status code of 4xx.

If I pass value like %2f%2e%2e%c0%af%2e%2e%2f%2e%2e%c0%af%2e%2e%2f%2e%2e%c0%af%2e%2e%2f%2e%2e%c0%af%2e%2e%2f%2e%2e%c0%af%2e%2e%2f%2e%2e%c0%af%2e%2e%2fetc%2fshadow then it's failing with status code of 5xx with error invalid byte sequence in UTF-8.

This should have returned a response like other invalid values but it's returning 5xx.

[ota42y]

This parameter return 400 abc+ZZZ%2F.

And I tried parse your value by pure ruby code and get error...
What value are you sending? Probably it can not be processed by ruby ​​regular expression as it is.

require 'cgi'
CGI.unescape("%2f%2e%2e%c0%af%2e%2e%2f%2e%2e%c0%af%2e%2e%2f%2e%2e%c0%af%2e%2e%2f%2e%2e%c0%af%2e%2e%2f%2e%2e%c0%af%2e%2e%2f%2e%2e%c0%af%2e%2e%2fetc%2fshadow") =~ /abc/
=> ArgumentError (invalid byte sequence in UTF-8)