Skip to content

fix(proxy): preserve existing query params when replaying requests#681

Open
abhijeet117 wants to merge 1 commit into
usestrix:mainfrom
abhijeet117:fix/proxy-preserve-query-params
Open

fix(proxy): preserve existing query params when replaying requests#681
abhijeet117 wants to merge 1 commit into
usestrix:mainfrom
abhijeet117:fix/proxy-preserve-query-params

Conversation

@abhijeet117

Copy link
Copy Markdown

repeat_request rebuilt the URL query with parse_qs, which drops blank-valued params such as state= and keeps only the first value of a repeated key. Applying a params override then silently changed parts of the request the caller never touched, breaking faithful replay for parameter tampering and injection tests.

The fix uses parse_qsl(keep_blank_values=True) and rebuilds the query from ordered pairs, so unspecified params (empty and repeated ones included) pass through unchanged while requested params are still added or updated. Adds tests for blank, repeated, and updated params.

apply_modifications rebuilt the request URL with parse_qs, which drops
blank-valued query params such as "state=" and collapses repeated keys
to only their first value. When repeat_request applied a params override,
it silently changed parts of the request the caller never asked to touch,
which breaks faithful replay for parameter tampering and injection tests.

Rebuild the query with parse_qsl and keep_blank_values=True so every
existing param, including empty and repeated ones, is carried through
unchanged while the requested params are added or updated.
@greptile-apps

greptile-apps Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR updates proxy request replay to keep more of the original query string intact. The main changes are:

  • Query params are rebuilt from ordered query pairs.
  • Blank-valued existing params are preserved.
  • Repeated non-overridden params are preserved.
  • Tests cover blank, repeated, added, and updated params.

Confidence Score: 5/5

This looks safe to merge after a small query-override cleanup.

  • The main replay-fidelity fix is consistent with the changed tests.
  • Existing blank and repeated params are preserved on the changed path.
  • List-valued overrides can still be encoded as a Python string instead of repeated query pairs.

strix/tools/proxy/caido_api.py

Important Files Changed

Filename Overview
strix/tools/proxy/caido_api.py Updates query-param replay logic to preserve blank and repeated existing params while replacing overridden keys.
tests/test_proxy_modifications.py Adds focused coverage for blank params, repeated params, updates, and additions.
Prompt To Fix All With AI
Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
strix/tools/proxy/caido_api.py:264
**Repeated Overrides Become Strings**

When a caller passes a repeated-value override such as `{"tag": ["a", "b"]}`, `urlencode(pairs)` encodes the Python list representation as one value instead of `tag=a&tag=b`. This makes the replayed request carry a different query value from the caller's requested parameter update.

```suggestion
        final_url = urlunparse(parsed._replace(query=urlencode(pairs, doseq=True)))
```

Reviews (1): Last reviewed commit: "fix(proxy): preserve existing query para..." | Re-trigger Greptile

if key not in overrides
]
pairs.extend(overrides.items())
final_url = urlunparse(parsed._replace(query=urlencode(pairs)))

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Repeated Overrides Become Strings

When a caller passes a repeated-value override such as {"tag": ["a", "b"]}, urlencode(pairs) encodes the Python list representation as one value instead of tag=a&tag=b. This makes the replayed request carry a different query value from the caller's requested parameter update.

Suggested change
final_url = urlunparse(parsed._replace(query=urlencode(pairs)))
final_url = urlunparse(parsed._replace(query=urlencode(pairs, doseq=True)))
Prompt To Fix With AI
This is a comment left during a code review.
Path: strix/tools/proxy/caido_api.py
Line: 264

Comment:
**Repeated Overrides Become Strings**

When a caller passes a repeated-value override such as `{"tag": ["a", "b"]}`, `urlencode(pairs)` encodes the Python list representation as one value instead of `tag=a&tag=b`. This makes the replayed request carry a different query value from the caller's requested parameter update.

```suggestion
        final_url = urlunparse(parsed._replace(query=urlencode(pairs, doseq=True)))
```

How can I resolve this? If you propose a fix, please make it concise.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant