Semicolon in Query string causes it to not be sent upstream

[Azrael-1123]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

When a query string contains a Semicolon (;) anywhere, the request to the upstream resource does not contain any query part.

here is a minimal config that i could reproduce the issue with:

# /opt/ory/oathkeeper/config/oathkeeper.yml (which is passed to oathkeeper by starting it using the following command)
#   /opt/ory/oathkeeper/bin/oathkeeper serve -c /opt/ory/oathkeeper/config/oathkeeper.yml

log:
  level: trace
  format: text
  leak_sensitive_values: true

serve:
  proxy:
    port: 80

access_rules:
  matching_strategy: regexp
  repositories:
    - file:///opt/ory/oathkeeper/config/rules.yml

authenticators:
  noop:
    enabled: true

authorizers:
  allow:
    enabled: true

mutators:
  noop:
    enabled: true

# /opt/ory/oathkeeper/config/rules.yml
-
  id: "our-upstream-app"
  upstream:
    url: "http://123.123.123.123/"
  match:
    # <"http" | "https"> "://" <any domain or IP> "/" <any path>
    # in our actual use case, this is more restrictive, of course, but this catchall rule produces the issue too.
    url: "<https?://[^/]+/.*>"
    methods:
      - GET
      - POST
      - PUT
      - DELETE
      - PATCH
  authenticators:
    -
      handler: noop
  authorizer:
    handler: allow
  mutators:
    - handler: noop

Using this configuration, assuming oathkeeper is set up on the host 1.2.3.4, a request to http://1.2.3.4/index?a=b would get correctly proxied to http://123.123.123.123/index?a=b, but requests to http://1.2.3.4/index?a=b;c=d or http://1.2.3.4/index?a=b; both lead to http://123.123.123.123/index.

This is easily verifiable using the above configuration and a tool like tcpdump: sudo tcpdump -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420' (shows all HTTP GET requests, to verify that the query string is present on the incoming but not the outgoing ones)

Reproducing the bug

1. oathkeeper serve -c /opt/ory/oathkeeper/config/oathkeeper.yml (i.e. run oathkeeper with the example config shown)
2. make a http request (for convenience, i recommend GET since it can be easily sent via browser) whose query string obtains a semicolon
3. observe that the request to the upstream server does not contain any query string

Relevant log output

Relevant configuration

Version

v0.40.9

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Binary

Additional Context

No response