Unhandled Promise Rejection on ALB event

[repl-ullas-ml]

Given an ALB event with multiValueQueryStringParameters but one of the value fails decodeURIComponent , the promise isnt handled at all. Expectation is that it should return an error and consumers treat that error

serverless-express/src/event-sources/aws/alb.js

Line 40 in 1376bd0

path: getPathWithQueryStringUseUnescapeParams({ event })

serverless-express/src/event-sources/aws/alb.js

Line 17 in 1376bd0

query[formattedKey] = event.multiValueQueryStringParameters[key].map(value => decodeUrlencoded(value))

The below test wont even report the failure since the promise is left unhandled

  test('serverlessExpressInstance should throw', async () => {
    const multiValueQueryStringParameters = { etype: ['odp'], passurl: ['/category/'], template: ['../../../../../../../../../etc/passwd%%0000.html'] }

    const event = makeEvent({
      eventSourceName: 'alb',
      path: '/',
      httpMethod: 'GET',
      multiValueQueryStringParameters
    })
    await expect(serverlessExpressInstance(event)).toThrow('some')
  })

[brettstack]

Thanks for the report. Serverless Express catches errors and returns to a response to the event source with the error in a format expected by the event source. For example, API Gateway expects a statusCode so it returns 500 along with the error. This is usually what you want, since if the Lambda throws an error, API Gateway returns a different error to the client. See:

https://github.com/CodeGenieApp/serverless-express/blob/mainline/src/configure.js#L72-L95 which catches the error, and

https://github.com/CodeGenieApp/serverless-express/blob/mainline/src/transport.js#L62-L80 which determines how to respond. Note line 63 ALB is included in the list of services that will include a response format rather than throwing the error.

If you really want to throw an error, you can do something like const response = await serverlessExpressInstance(event) and inspect it for a 500, and then throw.