RequestValidator.validate incorrectly decodes query string when removing port #601
Description
Issue Summary
When removing the port RequestValidator.validate incorrectly decodes the path, query, and fragment.
e.g.
https://someurl.com:443/somepath?param1=client%3AAnonymous
is converted to
https://someurl.com/somepath?param1=client:Anonymous
A suggestion is to consider using getRawPath, getRawQuery, and getRawFragment instead.
Steps to Reproduce
- The snippet below demonstrates the issue. The
validateoutput should be the same for both URLs.
Code Snippet
import java.net.URI;
import java.util.HashMap;
import com.twilio.security.RequestValidator;
...
String url1 = "https://someurl.com/somepath?param1=client%3AAnonymous";
String url2 = "https://someurl.com:443/somepath?param1=client%3AAnonymous";
String signature = "PM+bjB+ITJ9a3LIYStKWOTMZMlU=";
RequestValidator r= new RequestValidator("1234567890");
System.out.println("valid without port?: " + r.validate(url1, new HashMap<>(), signature));
System.out.println("valid with port?: " + r.validate(url2, new HashMap<>(), signature));Exception/Log
valid without port?: true
valid with port?: false
Technical details:
- twilio-java version: 7.55.3 (latest as of submission)
- java version: 1.8.0_161