Merge pull request #217 from AikidoSec/normalize-route-pattern-ending-slash

teta2k · web-flow · commit ff8e462f2b59 · 2026-01-23T16:55:31.000+01:00
Normalize route pattern ending slash
diff --git a/Aikido.Zen.Core/Helpers/RouteHelper.cs b/Aikido.Zen.Core/Helpers/RouteHelper.cs
@@ -107,6 +107,22 @@ public static class RouteHelper
             "/.well-known/wot",
         };
 
+        /// <summary>
+        /// Normalizes a route pattern string by ensuring it starts with a slash but doesn't end with one.
+        /// This is because ASP.NET will trim the ending slash in routes to find the original endpoint.
+        /// </summary>
+        /// <param name="routePattern">The route pattern string to normalize.</param>
+        /// <returns>A normalized route pattern string.</returns>
+        public static string NormalizeRoutePattern(string routePattern)
+        {
+            if (string.IsNullOrEmpty(routePattern))
+            {
+                return "/";
+            }
+
+            return "/" + routePattern.TrimStart('/').TrimEnd('/');
+        }
+
         /// <summary>
         /// Matches a route pattern against an actual URL path
         /// </summary>
diff --git a/Aikido.Zen.DotNetCore/Middleware/ContextMiddleware.cs b/Aikido.Zen.DotNetCore/Middleware/ContextMiddleware.cs
@@ -245,20 +245,12 @@ private static string GetClientIp(HttpContext httpContext)
         /// <returns>A parameterized route string, always starting with a leading slash</returns>
         internal string GetParametrizedRoute(HttpContext context)
         {
-            var routePattern = context.Request.Path.Value;
-
-            if (string.IsNullOrEmpty(routePattern))
-            {
-                return "/";
-            }
-
-            // Ensure the request path starts with a slash for consistency
-            routePattern = "/" + routePattern.TrimStart('/');
+            var routePattern = RouteHelper.NormalizeRoutePattern(context.Request.Path.Value);
 
             // Check for an exact match endpoint
             var frameworkRoutes = _endpoints
                 .OfType<RouteEndpoint>()
-                .Select(e => GetRoutePattern(e))
+                .Select(e => RouteHelper.NormalizeRoutePattern(e?.RoutePattern.RawText))
                 .ToList();
 
             var exactEndpoint = frameworkRoutes.FirstOrDefault(rp => rp == routePattern);
@@ -302,21 +294,5 @@ internal string GetParametrizedRoute(HttpContext context)
                 return routePattern;
             }
         }
-
-        /// <summary>
-        /// Normalizes an endpoint route pattern string by ensuring it starts with a leading slash.
-        /// Returns "/" if the endpoint or its pattern is null/empty.
-        /// </summary>
-        /// <param name="endpoint">The RouteEndpoint to normalize.</param>
-        /// <returns>A normalized route pattern string starting with "/".</returns>
-        private static string GetRoutePattern(RouteEndpoint endpoint)
-        {
-            var pattern = endpoint?.RoutePattern.RawText;
-            if (string.IsNullOrEmpty(pattern))
-            {
-                return "/";
-            }
-            return "/" + pattern.TrimStart('/');
-        }
     }
 }
diff --git a/Aikido.Zen.DotNetFramework/HttpModules/ContextModule.cs b/Aikido.Zen.DotNetFramework/HttpModules/ContextModule.cs
@@ -227,18 +227,11 @@ private static IDictionary<string, string> FlattenHeaders(System.Collections.Spe
         /// <returns>A parameterized route string with a leading slash</returns>
         internal string GetParametrizedRoute(HttpContext context)
         {
-            var routePattern = context.Request.Path;
-            if (string.IsNullOrEmpty(routePattern))
-            {
-                return "/";
-            }
-
-            // Ensure the request path starts with a slash for consistency
-            routePattern = "/" + routePattern.TrimStart('/');
+            var routePattern = RouteHelper.NormalizeRoutePattern(context.Request.Path);
 
             // Check for an exact match endpoint
             var frameworkRoutes = RouteTable.Routes.Cast<RouteBase>()
-                .Select(route => GetRoutePattern(route))
+                .Select(route => RouteHelper.NormalizeRoutePattern((route as System.Web.Routing.Route)?.Url))
                 .ToList();
 
             var exactEndpoint = frameworkRoutes.FirstOrDefault(rp => rp == routePattern);
@@ -280,16 +273,5 @@ internal string GetParametrizedRoute(HttpContext context)
 
             return routePattern;
         }
-
-        private string GetRoutePattern(RouteBase route)
-        {
-            string routePattern = null;
-            if (route is System.Web.Routing.Route)
-            {
-                routePattern = (route as System.Web.Routing.Route).Url;
-            }
-            // ensure the leading slash from the route pattern, to ensure we don't distinguish for example between api/users and /api/users
-            return "/" + routePattern?.TrimStart('/');
-        }
     }
 }
