v2.2.0 breaks previous URL map logic for url-encoded path segments containing %2F

[ChiliJohnson]

Version 2.2.0 seems to change the way url-encoded path segments (specifically paths which contain the escape sequence for /, %2F) are handled in rules/maps in the routing module.

Here's a self-contained example demonstrating the difference in routing behavior, save this in werkzeug_test.py for example:

from werkzeug.routing import Map, Rule
from werkzeug.wrappers import Request, Response


class PathTester:

    URL_MAP = Map(
        [
            Rule(
                "/<path:some_path>/some_route",
                endpoint="simple_route",
            ),
            Rule(
                "/<path:some_path>/<segment_a>/<segment_b>",
                endpoint="complex_route",
            ),
        ]
    )

    def on_simple_route(self, request, some_path):
        return Response("Matched simple route")

    def on_complex_route(self, request, some_path, segment_a, segment_b):
        return Response("Matched complex route")

    def dispatch_request(self, request):
        adapter = self.URL_MAP.bind_to_environ(request.environ)
        endpoint, values = adapter.match()
        return getattr(self, f"on_{endpoint}")(request, **values)

    def wsgi_app(self, environ, start_response):
        request = Request(environ)
        response = self.dispatch_request(request)
        return response(environ, start_response)

    def __call__(self, environ, start_response):
        return self.wsgi_app(environ, start_response)


if __name__ == "__main__":
    from werkzeug.serving import run_simple
    run_simple("127.0.0.1", 5000, PathTester())

Running this example using werkzeug 2.1.2:

$ pip install --upgrade Werkzeug==2.1.2
$ python werkzeug_test.py

# … in another terminal

$ curl http://localhost:5000/my%2Fpath/some_route
Matched simple route

Now, running this example using werkzeug 2.2.0:

$ pip install --upgrade Werkzeug==2.2.0
$ python werkzeug_test.py

# … in another terminal

$ curl http://localhost:5000/my%2Fpath/some_route
Matched complex route

Environment:

• Python version: 3.9.13
• Werkzeug version: 2.2.0

[elfosardo]

We're experiencing a similar issue with a change of behavior in the routing where a trailing slash triggers a 404 in Flask, while before an url ending at '/' was correctly redirected to the canonical URL for the endpoint.
I believe the issue is related, we did some troubleshooting and it seems the issue started after the commit at 88125be

[jonathan-s]

Having this same issue as well. When starting the process, it hangs with 100% of usage dedicated to the function parse_rules.

[pgjones]

@elfosardo & @jonathan-s I think your issues are different. Could you open a new issue each with a code snippet that reproduces the problem I can use to track it down.

@elfosardo could you confirm that your issue is different to #1074? As fixing that bug could result in the change you have seen.

[elfosardo]

@pgjones the issue seems the same as in #1074 and probably the fix caused the change we're seeing. Would you still suggest to open a different issue?

[pgjones]

@elfosardo given what you know about #1074 do you consider it a bug still? If so please open a new issue.

[elfosardo]

@pgjones after having a look at the issue/fix you pointed out, we've gone into the direction of changing the code on our side.
Thanks!