I just got an alert from Sentry from my app running in production that seems to result from a malicous request.
I’ve managed to recreate the error in my local env:
(Plug.Router.MalformedURIError) malformed URI "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh"
(elixir 1.12.1) lib/uri.ex:419: URI.decode/1
(elixir 1.12.1) lib/enum.ex:1553: Enum."-map/2-lists^map/1-0-"/2
(elixir 1.12.1) lib/enum.ex:1553: Enum."-map/2-lists^map/1-0-"/2
(plug 1.12.1) lib/plug/router/utils.ex:18: Plug.Router.Utils.decode_path_info!/1
(matchhaus 0.0.1) lib/plug/router.ex:268: MyApp.Cors.match/2
...continues
As can be seen, the URL path in the request is /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh
This looks like someone trying to perform remote code execution against my server. Although it looks like it failed, it seems strange that it caused a crash.
Is there a way to properly handle this and probably return a 404 or something more appropriate?