Global Rate Limit - safeRegexMatch does not match with Path

[aydinnyunus]

Title: Global Rate Limit - safeRegexMatch does not match with Path

Description:

safeRegexMatch does not match when query parameter is existing in the path.

Repro steps:

- properties:
            global:
              rate:
                - dimensions:
                    - headerValueMatch:
                        descriptorValue: test
                        headers:
                          - name: :path
                            safeRegexMatch:
                              regex: /test/([^/]+)/test
                    - requestHeaders:
                        descriptorKey: user-check
                        headerName: x-userid
                  requestPerUnit: 1
                  unit: minute
          type: ratelimit

I sent request with

curl http://test.service/test/123/test -H "x-userid: 1" it is matching.
curl "http://test.service/test/123/test?a=1" -H "x-userid: 1" does not match.

I think safeRegexMatch should match both of them because when I try on regex101 etc it was matched.

[adisuissa]

Thanks for raising this.
I think that no-partial matching in regex is by design (see

envoy/api/envoy/type/matcher/v3/regex.proto

Lines 64 to 66 in cd9d58c

	// The regex match string. The string must be supported by the configured engine. The regex is matched
	// against the full string, not as a partial match.
	string regex = 2 [(validate.rules).string = {min_len: 1}];

).

[aydinnyunus]

Thank you for response but i did not understand then why it is not matched when query parameter is exists