From 5b75b8efbb3c1dfe4e68898ea2d6a0b40c508590 Mon Sep 17 00:00:00 2001
From: Alex Anderson <191496+alxndrsn@users.noreply.github.com>
Date: Sun, 10 Nov 2024 15:08:09 +0300
Subject: [PATCH] http/endpoint: handle URL-decode errors (#1276)

Previously, non-url-decodable paths would return 500.
---
 lib/http/endpoint.js           |  6 ++++++
 test/integration/other/http.js | 13 +++++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 test/integration/other/http.js

diff --git a/lib/http/endpoint.js b/lib/http/endpoint.js
index 30128b296..07b4a3919 100644
--- a/lib/http/endpoint.js
+++ b/lib/http/endpoint.js
@@ -223,6 +223,12 @@ const defaultResultWriter = (result, request, response, next) => {
 // error thrown upstream that is of our own internal format, this handler does
 // the necessary work to translate that error into an HTTP error and send it out.
 const defaultErrorWriter = (error, request, response) => {
+  if (error instanceof URIError && error.statusCode === 400 && error.status === 400) {
+    // Although there's no way to check definitively, this looks like an
+    // internal error from express caused by decodeURIComponent failing.
+    return defaultErrorWriter(Problem.user.notFound(), request, response);
+  }
+
   if (error?.isProblem === true) {
     // we already have a publicly-consumable error object.
     response.status(error.httpCode).type('application/json').send({
diff --git a/test/integration/other/http.js b/test/integration/other/http.js
new file mode 100644
index 000000000..4843e0e18
--- /dev/null
+++ b/test/integration/other/http.js
@@ -0,0 +1,13 @@
+const { testService } = require('../setup');
+
+describe('http', () => {
+  it('should return 404 for path URL decode errors', testService(async (service) => {
+    const { body } = await service.get('/v1/%')
+      .expect(404);
+
+    body.should.deepEqual({
+      code: 404.1,
+      message: 'Could not find the resource you were looking for.',
+    });
+  }));
+});