RequestValidator.validate incorrectly decodes query string when removing port #601
Description
Issue Summary
When removing the port RequestValidator.validate incorrectly decodes the path, query, and fragment.
e.g.
https://someurl.com:443/somepath?param1=client%3AAnonymous is converted to
https://someurl.com/somepath?param1=client:Anonymous A suggestion is to consider using getRawPath, getRawQuery, and getRawFragment instead.
Steps to Reproduce
- The snippet below demonstrates the issue. The
validateoutput should be the same for both URLs.
Code Snippet
import java.net.URI; import java.util.HashMap; import com.twilio.security.RequestValidator; ... String url1 = "https://someurl.com/somepath?param1=client%3AAnonymous"; String url2 = "https://someurl.com:443/somepath?param1=client%3AAnonymous"; String signature = "PM+bjB+ITJ9a3LIYStKWOTMZMlU="; RequestValidator r= new RequestValidator("1234567890"); System.out.println("valid without port?: " + r.validate(url1, new HashMap<>(), signature)); System.out.println("valid with port?: " + r.validate(url2, new HashMap<>(), signature));Exception/Log
valid without port?: true valid with port?: false Technical details:
- twilio-java version: 7.55.3 (latest as of submission)
- java version: 1.8.0_161