Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RequestValidator.validate incorrectly decodes query string when removing port #601

Open
alexcchan opened this issue Oct 22, 2020 · 4 comments · May be fixed by #823
Open

RequestValidator.validate incorrectly decodes query string when removing port #601

alexcchan opened this issue Oct 22, 2020 · 4 comments · May be fixed by #823
Labels
status: help wanted requesting help from the community type: bug bug in the library

Comments

@alexcchan
Copy link

Issue Summary

When removing the port RequestValidator.validate incorrectly decodes the path, query, and fragment.

e.g.

https://someurl.com:443/somepath?param1=client%3AAnonymous

is converted to

https://someurl.com/somepath?param1=client:Anonymous

https://github.com/twilio/twilio-java/blob/main/src/main/java/com/twilio/security/RequestValidator.java#L145-L147

A suggestion is to consider using getRawPath, getRawQuery, and getRawFragment instead.

Steps to Reproduce

  1. The snippet below demonstrates the issue. The validate output should be the same for both URLs.

Code Snippet

import java.net.URI;
import java.util.HashMap;
import com.twilio.security.RequestValidator;
...
        String url1 = "https://someurl.com/somepath?param1=client%3AAnonymous";
        String url2 = "https://someurl.com:443/somepath?param1=client%3AAnonymous";
        String signature = "PM+bjB+ITJ9a3LIYStKWOTMZMlU=";
        RequestValidator r= new RequestValidator("1234567890");
        System.out.println("valid without port?: " + r.validate(url1, new HashMap<>(), signature));
        System.out.println("valid with port?: " + r.validate(url2, new HashMap<>(), signature));

Exception/Log

valid without port?: true
valid with port?: false

Technical details:

  • twilio-java version: 7.55.3 (latest as of submission)
  • java version: 1.8.0_161
@eshanholtz
Copy link
Contributor

This issue has been added to our internal backlog to be prioritized. Pull requests and +1s on the issue summary will help it move up the backlog.

@eshanholtz eshanholtz added status: help wanted requesting help from the community type: bug bug in the library labels Oct 24, 2020
@prashant20101
Copy link

Has this issue been worked upon or is it resolved ?

@bhaskar16
Copy link

I would like to work on this @eshanholtz .

@bhaskar16 bhaskar16 linked a pull request Nov 18, 2024 that will close this issue
Open
8 tasks
@bhaskar16
Copy link

@eshanholtz Hello, is it possible to review this PR please? Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: help wanted requesting help from the community type: bug bug in the library
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: RequestValidator to use getRawPath, getRawQuery() and getRawFragment() bhaskar16/twilio-java
4 participants
@alexcchan @bhaskar16 @eshanholtz @prashant20101