From ac1d65886d7615e29a8bab7e45c1dd20f9dbbe84 Mon Sep 17 00:00:00 2001
From: "data-plane-api(Azure Pipelines)"
 <data-plane-api@users.noreply.github.com>
Date: Thu, 20 Oct 2022 04:05:43 +0000
Subject: [PATCH] Envoy ASSERT() due to regex rewrite path string contains 
 (#23448)

It is observed that Envoy crash in ASSERT() due to regex rewrite path string contains invalid character '
'.

We should prohibit null characters , 
,
 in the regex rewrite substitution string. This is well guarded in most other cases like RouteAction:prefix_rewrite, but is missing in RouteAction:regex_rewrite:substitution.

Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ 23f3ee57b012e28aea0d6e7bdd6a991edd392741
---
 envoy/type/matcher/v3/regex.proto | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/envoy/type/matcher/v3/regex.proto b/envoy/type/matcher/v3/regex.proto
index 6063fce5..69cb8ba1 100644
--- a/envoy/type/matcher/v3/regex.proto
+++ b/envoy/type/matcher/v3/regex.proto
@@ -95,5 +95,6 @@ message RegexMatchAndSubstitute {
   // backslash followed by the capture group number to denote a numbered
   // capture group. E.g., ``\1`` refers to capture group 1, and ``\2`` refers
   // to capture group 2.
-  string substitution = 2;
+  string substitution = 2
+      [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];
 }