When processing request query parameters to be logged, the HERP filter attempts to URL decode the key and value(s) of each parameter. This is done so that human-readable characters are logged rather than hex-encoded characters. However, it appears that query parameters are decoded by the servlet container prior to when the HERP filter can process them. As a result, the HERP filter tries to decode query parameters for a second time, which causes an issue if the % character was originally encoded. That is, if the HERP filter tries to decode a query parameter that has already been decoded and contains the % character after decoding, it will throw an exception.
If the servlet container is decoding the query parameters, does the HERP filter need to?
We need to verify that the container is decoding the query parameters and then remove the decoding logic in the HERP.
- HERP is able to log encoded values in the query parameters.