Skip to content

Colon in URL causes the Lambda function error #1998

New issue
New issue
Open
Open
Colon in URL causes the Lambda function error#1998
Labels
bug
@bakurin

Description

@bakurin
bakurin
opened on Sep 11, 2025

Description:

The Lambda function ends up with an error, which results in a 502 Bad Gateway API Gateway response if the URL contains a colon followed by a digit.

The colon in a URL is not a common occurrence, but it is still a valid case.

Bref internally uses the nyholm/psr7 package to parse the URL when the PSR request is initialized from the Lambda event. nyholm/psr7 tries to parse the value with parse_url function and throws an exception when the function returns false.

According to the documentation, the function may not give correct results for relative or invalid URLs, which seems to be the case:

This function may not give correct results for relative or invalid URLs, and the results may not even match common behavior of HTTP clients. If URLs from untrusted input need to be parsed, extra validation is required, e.g. by using filter_var() with the FILTER_VALIDATE_URL filter.

How to reproduce:

PHP version 8.4
Bred version 2.3.30
Layer PHP FPM (not FPM-dev)

> curl -i -XPOST https://<api-id>.execute-api.<region>.amazonaws.com/something/bla:1
HTTP/2 502
{
    "message": "Internal server error"
}

Lambda function logs:

{
  "errorType": "InvalidArgumentException",
  "errorMessage": "Unable to parse URI: \"\/something\/bla:1\"",
  "stack": [
    "#0 \/var\/task\/vendor\/nyholm\/psr7\/src\/ServerRequest.php(52): Nyholm\\Psr7\\Uri->__construct('\/something\/bla:...')",
    "#1 \/var\/task\/vendor\/bref\/bref\/src\/Event\/Http\/Psr7Bridge.php(64): Nyholm\\Psr7\\ServerRequest->__construct('POST', '\/something\/bla:...', Array, Object(Nyholm\\Psr7\\Stream), '1.1', Array)",
    "#2 \/var\/task\/vendor\/bref\/bref\/src\/Event\/Http\/Psr15Handler.php(21): Bref\\Event\\Http\\Psr7Bridge::convertRequest(Object(Bref\\Event\\Http\\HttpRequestEvent), Object(Bref\\Context\\Context))",
    "#3 \/var\/task\/vendor\/bref\/bref\/src\/Event\/Http\/HttpHandler.php(25): Bref\\Event\\Http\\Psr15Handler->handleRequest(Object(Bref\\Event\\Http\\HttpRequestEvent), Object(Bref\\Context\\Context))",
    "#4 \/var\/task\/vendor\/bref\/bref\/src\/Runtime\/Invoker.php(24): Bref\\Event\\Http\\HttpHandler->handle(Array, Object(Bref\\Context\\Context))",
    "#5 \/var\/task\/vendor\/bref\/bref\/src\/Runtime\/LambdaRuntime.php(96): Bref\\Runtime\\Invoker->invoke(Object(Bref\\Event\\Http\\Psr15Handler), Array, Object(Bref\\Context\\Context))",
    "#6 \/var\/task\/vendor\/bref\/bref\/src\/FunctionRuntime\/Main.php(45): Bref\\Runtime\\LambdaRuntime->processNextEvent(Object(Bref\\SymfonyBridge\\Http\\KernelAdapter))",
    "#7 \/opt\/bref\/bootstrap.php(27): Bref\\FunctionRuntime\\Main::run()",
    "#8 {main}"
  ]
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions