From a50e2579d75bf0708e17e8e58a69158944715794 Mon Sep 17 00:00:00 2001 From: Bhaskar Date: Mon, 18 Nov 2024 18:43:51 +0530 Subject: [PATCH] changed RequestValidator updatePort() to use raw Query, raw Path and raw Fragment --- .../com/twilio/security/RequestValidator.java | 6 +++--- .../com/twilio/security/RequestValidatorTest.java | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/twilio/security/RequestValidator.java b/src/main/java/com/twilio/security/RequestValidator.java index 336291fcad..2b554f22a1 100644 --- a/src/main/java/com/twilio/security/RequestValidator.java +++ b/src/main/java/com/twilio/security/RequestValidator.java @@ -141,9 +141,9 @@ private String updatePort(URI url, int newPort) { url.getUserInfo(), url.getHost(), newPort, - url.getPath(), - url.getQuery(), - url.getFragment()).toString(); + url.getRawPath(), + url.getRawQuery(), + url.getRawFragment()).toString(); } catch (Exception e) { return url.toString(); } diff --git a/src/test/java/com/twilio/security/RequestValidatorTest.java b/src/test/java/com/twilio/security/RequestValidatorTest.java index a97418277c..060f223f55 100644 --- a/src/test/java/com/twilio/security/RequestValidatorTest.java +++ b/src/test/java/com/twilio/security/RequestValidatorTest.java @@ -114,4 +114,19 @@ public void testValidateAddsPortHttp() { Assert.assertTrue("Validator did not add port 80 to http url", isValid); } + @Test + public void testValidateRemovesPortHttpsWithSpecialParams() { + String url = "https://mycompany.com/myapp.php"; + String param = "?param1=client%3AAnonymous"; + url = url + param; + boolean isValid = validator.validate(url, params, "iQIea/lNtwezVhrpQ/KiGTEmJDA="); + + Assert.assertTrue("Validator did not strip port from url", isValid); + + url = url.replace(".com", ".com:1234"); + isValid = validator.validate(url, params, "g7dthJtIvMAeMJ8XhiywDKG63Gg="); + + Assert.assertTrue("Validator did not strip port from url", isValid); + } + }