Bug 63255

Summary: HTTP Post Request fails due to triple backslash in Body Data
Product: JMeter - Now in Github Reporter: utostan
Component: HTTPAssignee: JMeter issues mailing list <issues>
Status: NEW ---    
Severity: major CC: avam0nst3r
Priority: P2    
Version: 5.3   
Target Milestone: JMETER_5.3.0   
Hardware: PC   
OS: All   
Attachments: incorrect multiple-backslash processing in request body

Description utostan 2019-03-11 21:12:25 UTC 
While attempting to create a load test for a client, a post request to a critical endpoint failed due to JMeter converting "\\\" to "\\" in the post's body data. After the conversion, JMeter sends an invalid JSON to the server and it responds with 400 Bad Request.

The client has a really weird (bad) endpoint where it accepts json in json in json which seems to throw off JMeter parser.

Body Data in HTTP Request (POST):

{"order":"{\"id\":0,\"order_date\":\"3/8/2019\",\"order_data\":{\"items\":[{\"id\":1876318,\"quantity\":1,\"name\":\"Air Filter\",\"price\":8.54,\"retail_price\":8.54,\"msrp\":0.0,\"price_level\":{\"price_level_id\":1,\"price_level\":\"RETAIL\",\"retail_multipler\":1.00,\"description\":\"Regular retail\",\"price_type\":{\"price_type_id\":1,\"price_type\":\"Regular\",\"label\":\"\"}},\"is_hazmat\":false,\"is_accessory\":false,\"oversize_category_id\":null,\"oem_number\":\"W10311524\",\"image_url\":\"https://www.redacted.com/dbImages/i/00004039/Air-Filter-W10311524-01215703.jpg\",\"quantity_by_dc\":[{\"id\":1,\"quantity\":0},{\"id\":2,\"quantity\":0}],\"repair_time\":null,\"repair_savings\":null,\"skill_level\":1,\"labor_hours\":null,\"prodcut_categories\":[{\"id\":1,\"name\":\"Appliances\"}]}],\"email\":\"${email}\",\"billing_address\":{\"first_name\":\"${first_name}\",\"last_name\":\"${last_name}\",\"street1\":\"2600 S River Rd\",\"street2\":\"\",\"city\":\"Des Plaines\",\"state\":\"IL\",\"country\":\"US\",\"zipcode\":\"60018\",\"phone\":\"1231231234\",\"ext\":\"\",\"business_name\":\"\",\"is_business_address\":false,\"is_po_box\":false},\"shipping_address\":{\"first_name\":\"${first_name}\",\"last_name\":\"${last_name}\",\"street1\":\"2600 S River Rd\",\"street2\":\"\",\"city\":\"Des Plaines\",\"state\":\"IL\",\"country\":\"US\",\"zipcode\":\"60018\",\"phone\":\"1231231234\",\"ext\":\"\",\"business_name\":\"\",\"is_business_address\":false,\"is_po_box\":false},\"shipping_choice\":{\"shipping_option_id\":1,\"ship_to_po_box\":false,\"is_saturday_delivery\":false,\"ship_complete\":true,\"is_home_business\":false},\"total\":15.71,\"discount\":0.0,\"subtotal\":8.54,\"shipping_charge\":6.25,\"offshore_surcharge\":0.0,\"saturday_shipping_surcharge\":0.0,\"saturday_shipping_surcharge_for_ship_method\":15.00,\"oversize_surcharge\":0.0,\"weight_surcharge\":0.0,\"international_processing_fee\":0.0,\"sales_tax\":0.92,\"sales_tax_label\":\"Estimated Sales Tax\",\"purchase_order_number\":null,\"promotion_code\":\"\",\"device_data\":\"{\\\"device_session_id\\\":\\\"${sessionId}\\\",\\\"fraud_merchant_id\\\":\\\"600000\\\"}\",\"is_promo_code_valid\":false},\"sop_number\":\"\",\"security_code\":null,\"rc_order_form\":\"\",\"o_checksum\":\"${o_checksum}\",\"rc_checksum\":\"${rc_checksum}\"}","payment":{"payment_type_id":0,"credit_card":{"nonce":"${creditCardToken}","expiration_month":"03","expiration_year":2019},"paypal":null}}

Request Body in View Results Tree for the above request:

{"order":"{\"id\":0,\"order_date\":\"3/8/2019\",\"order_data\":{\"items\":[{\"id\":1876318,\"quantity\":1,\"name\":\"Air Filter\",\"price\":8.54,\"retail_price\":8.54,\"msrp\":0.0,\"price_level\":{\"price_level_id\":1,\"price_level\":\"RETAIL\",\"retail_multipler\":1.00,\"description\":\"Regular retail\",\"price_type\":{\"price_type_id\":1,\"price_type\":\"Regular\",\"label\":\"\"}},\"is_hazmat\":false,\"is_accessory\":false,\"oversize_category_id\":null,\"oem_number\":\"W10311524\",\"image_url\":\"https://www.redacted.com/dbImages/i/00004039/Air-Filter-W10311524-01215703.jpg\",\"quantity_by_dc\":[{\"id\":1,\"quantity\":0},{\"id\":2,\"quantity\":0}],\"repair_time\":null,\"repair_savings\":null,\"skill_level\":1,\"labor_hours\":null,\"prodcut_categories\":[{\"id\":1,\"name\":\"Appliances\"}]}],\"email\":\"test12@example.com\",\"billing_address\":{\"first_name\":\"John\",\"last_name\":\"Doe\",\"street1\":\"2600 S River Rd\",\"street2\":\"\",\"city\":\"Des Plaines\",\"state\":\"IL\",\"country\":\"US\",\"zipcode\":\"60018\",\"phone\":\"1231231234\",\"ext\":\"\",\"business_name\":\"\",\"is_business_address\":false,\"is_po_box\":false},\"shipping_address\":{\"first_name\":\"John\",\"last_name\":\"Doe\",\"street1\":\"2600 S River Rd\",\"street2\":\"\",\"city\":\"Des Plaines\",\"state\":\"IL\",\"country\":\"US\",\"zipcode\":\"60018\",\"phone\":\"1231231234\",\"ext\":\"\",\"business_name\":\"\",\"is_business_address\":false,\"is_po_box\":false},\"shipping_choice\":{\"shipping_option_id\":1,\"ship_to_po_box\":false,\"is_saturday_delivery\":false,\"ship_complete\":true,\"is_home_business\":false},\"total\":15.71,\"discount\":0.0,\"subtotal\":8.54,\"shipping_charge\":6.25,\"offshore_surcharge\":0.0,\"saturday_shipping_surcharge\":0.0,\"saturday_shipping_surcharge_for_ship_method\":15.00,\"oversize_surcharge\":0.0,\"weight_surcharge\":0.0,\"international_processing_fee\":0.0,\"sales_tax\":0.92,\"sales_tax_label\":\"Estimated Sales Tax\",\"purchase_order_number\":null,\"promotion_code\":\"\",\"device_data\":\"{\\"device_session_id\\":\\"6E0E291D4A295930E103D3F89D9DA58F\\",\\"fraud_merchant_id\\":\\"600000\\"}\",\"is_promo_code_valid\":false},\"sop_number\":\"\",\"security_code\":null,\"rc_order_form\":\"\",\"o_checksum\":\"7AB4149F2F0E47E9A3F7546FB0E21ABD\",\"rc_checksum\":\"703BE7B71AA016C82132378323E98B9E\"}","payment":{"payment_type_id":0,"credit_card":{"nonce":"tokencc_bd_v3q2pq_nr8xwy_w8k5dt_qcvdvw_yxy","expiration_month":"03","expiration_year":2019},"paypal":null}}

Seems like JMeter converts \\\"device_session_id\\\" to \\"device_session_id\\" (with the latter being invalid JSON).

Please let me know if you need more information. Sorry about the big wall of text.

Thanks,
uTosTan
Comment 1 justin 2019-03-28 07:14:12 UTC 
Do you mind providing a simple .jmx file or Results Tree script so I can replicate this myself? I feel I can help fix this if I'm able to replicate what you are experiencing. Having trouble understanding based on your post alone
Comment 2 avam0nst3r 2020-05-18 12:35:30 UTC 
Created attachment 37249 [details]
incorrect multiple-backslash processing in request body

simple JMX, proving that POST request body is being sent "as is", until you add any ${var}. Then it start "fixing" the double-backslashes, and m.b. other chars too.
Comment 3 avam0nst3r 2020-05-18 12:39:19 UTC 
simple jmx attached, just check what it actually tries to send in tree view for both requests

The post request body 
{"field","value\\value"} 
is sent exactly as
{"field","value\\value"}

While 
{"field${__threadNum}","value\\value"} 
is sent as
{"field1","value\value"}
Comment 4 avam0nst3r 2020-05-18 12:55:23 UTC 
Jmeter 5.3 still has this problem
Comment 5 Jerome 2020-09-03 12:48:48 UTC 
Same issue here. Apparently, the problematic code is within `FunctionParser.compileString(String value)` method.

As stated in javadoc: "Removes escapes from '$', ',' and '\'."

This is why it's working perfectly fine when no variable is used.
Comment 6 Jerome 2020-09-03 13:35:35 UTC 
Pull request to fix the issue: https://github.com/apache/jmeter/pull/616

I'm not sure of the overall impact of this modification. It now allows multiple '\' without removing any of them, as long as it's not in front of a `$` or a `,`.
Comment 7 The ASF infrastructure team 2022-09-24 20:38:16 UTC 
This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/5035