fix: improve ignore path matching to prevent false positives

georgidhristov · web-flow · commit 235b0475ab0e · 2026-06-12T23:45:44.000+03:00
Updated IsIgnoredPath in DebugProbeMiddleware to use boundary-aware matching. The logic now strictly checks for an exact match (path.Equals) or a valid child path by appending a trailing slash (path.StartsWith(ignorePath.TrimEnd('/') + "/")).
diff --git a/DebugProbe.AspNetCore.Tests/Middleware/MiddlewareExecutionFlowTests.cs b/DebugProbe.AspNetCore.Tests/Middleware/MiddlewareExecutionFlowTests.cs
@@ -41,6 +41,17 @@ public async Task Ignored_paths_are_skipped()
         Assert.Equal(HttpStatusCode.OK, response.StatusCode);
         Assert.Empty(app.Store.GetAll());
     }
+    [Fact]
+    public async Task Similar_paths_are_not_skipped()
+    {
+        await using var app = await DebugProbeTestApp.CreateAsync(
+            endpoints => endpoints.MapGet("/healthcare", () => Results.Ok()),
+            options => options.IgnorePaths = ["/health"]);
+
+        var response = await app.Client.GetAsync("/healthcare");
+        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+        Assert.Single(app.Store.GetAll());
+    }
 
     [Theory]
     [InlineData("/health")]
diff --git a/DebugProbe.AspNetCore/Middleware/DebugProbeMiddleware.cs b/DebugProbe.AspNetCore/Middleware/DebugProbeMiddleware.cs
@@ -162,7 +162,9 @@ private bool IsIgnoredPath(PathString requestPath)
         return DefaultIgnorePaths
             .Concat(_options.IgnorePaths)
             .Distinct(StringComparer.OrdinalIgnoreCase)
-            .Any(ignorePath => path.StartsWith(ignorePath, StringComparison.OrdinalIgnoreCase));
+            .Any(ignorePath => 
+                path.Equals(ignorePath, StringComparison.OrdinalIgnoreCase) ||
+                path.StartsWith(ignorePath.TrimEnd('/') + "/", StringComparison.OrdinalIgnoreCase));
     }
 
     private static async Task<string> CaptureRequestBodyAsync(HttpContext context, int maxBodySize)
