Skip to content

Commit 87cba89

Browse files
manisha1997manisha1997
committed
chore: URL query percent encoded
1 parent bd17551 commit 87cba89

File tree

1 file changed

+111
-15
lines changed

1 file changed

+111
-15
lines changed

spec/framework/request_spec.rb

Lines changed: 111 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
require 'spec_helper'
22

33
describe Twilio::Request do
4-
before do
5-
@request = Twilio::Request.new('host',
4+
it 'should initialize readers correctly' do
5+
request = Twilio::Request.new('host',
66
'port',
77
'POST',
88
'url',
@@ -11,26 +11,122 @@
1111
{ 'header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo' },
1212
['a', 'b'],
1313
'timeout')
14-
end
15-
16-
it 'should initialize readers correctly' do
17-
expect(@request.host).to eq('host')
18-
expect(@request.port).to eq('port')
19-
expect(@request.method).to eq('POST')
20-
expect(@request.url).to eq('url')
21-
expect(@request.params).to eq('param-key' => 'param-value', 'param-keytwo' => 'param-valuetwo')
22-
expect(@request.data).to eq('data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo')
23-
expect(@request.headers).to eq('header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo')
24-
expect(@request.auth).to eq(['a', 'b'])
25-
expect(@request.timeout).to eq('timeout')
14+
expect(request.host).to eq('host')
15+
expect(request.port).to eq('port')
16+
expect(request.method).to eq('POST')
17+
expect(request.url).to eq('url')
18+
expect(request.params).to eq('param-key' => 'param-value', 'param-keytwo' => 'param-valuetwo')
19+
expect(request.data).to eq('data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo')
20+
expect(request.headers).to eq('header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo')
21+
expect(request.auth).to eq(['a', 'b'])
22+
expect(request.timeout).to eq('timeout')
2623
end
2724

2825
it 'should be represented correctly' do
26+
request = Twilio::Request.new('host',
27+
'port',
28+
'POST',
29+
'url',
30+
{ 'param-key' => 'param-value', 'param-keytwo' => 'param-valuetwo' },
31+
{ 'data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo' },
32+
{ 'header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo' },
33+
['a', 'b'],
34+
'timeout')
2935
expected_string = %((a,b) POST url?param-key=param-value&param-keytwo=param-valuetwo) +
3036
%(\n-d "data-key"="data-value") +
3137
%(\n-d "data-keytwo"="data-valuetwo") +
3238
%(\n-H "header-key": "header-value") +
3339
%(\n-H "header-keytwo": "header-valuetwo")
34-
expect(@request.to_s).to eq(expected_string)
40+
expect(request.to_s).to eq(expected_string)
41+
end
42+
43+
it 'should be percent encode properly' do
44+
request = Twilio::Request.new('host',
45+
'port',
46+
'POST',
47+
'url',
48+
{ 'param-key' => ':/?#[]@' },
49+
{ 'data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo' },
50+
{ 'header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo' },
51+
['a', 'b'],
52+
'timeout')
53+
expected_string = %((a,b) POST url?param-key=%3A%2F%3F%23%5B%5D%40) +
54+
%(\n-d "data-key"="data-value") +
55+
%(\n-d "data-keytwo"="data-valuetwo") +
56+
%(\n-H "header-key": "header-value") +
57+
%(\n-H "header-keytwo": "header-valuetwo")
58+
expect(request.to_s).to eq(expected_string)
59+
end
60+
61+
it 'should be percent encode properly for sub delimiters' do
62+
request = Twilio::Request.new('host',
63+
'port',
64+
'POST',
65+
'url',
66+
{ 'param-key' => '!$&\'()*+,;=' },
67+
{ 'data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo' },
68+
{ 'header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo' },
69+
['a', 'b'],
70+
'timeout')
71+
expected_string = %((a,b) POST url?param-key=%21%24%26%27%28%29%2A%2B%2C%3B%3D) +
72+
%(\n-d "data-key"="data-value") +
73+
%(\n-d "data-keytwo"="data-valuetwo") +
74+
%(\n-H "header-key": "header-value") +
75+
%(\n-H "header-keytwo": "header-valuetwo")
76+
expect(request.to_s).to eq(expected_string)
77+
end
78+
79+
it 'should be percent encode percent encode' do
80+
request = Twilio::Request.new('host',
81+
'port',
82+
'POST',
83+
'url',
84+
{ 'param-key' => '%25' },
85+
{ 'data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo' },
86+
{ 'header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo' },
87+
['a', 'b'],
88+
'timeout')
89+
expected_string = %((a,b) POST url?param-key=%2525) +
90+
%(\n-d "data-key"="data-value") +
91+
%(\n-d "data-keytwo"="data-valuetwo") +
92+
%(\n-H "header-key": "header-value") +
93+
%(\n-H "header-keytwo": "header-valuetwo")
94+
expect(request.to_s).to eq(expected_string)
95+
end
96+
97+
it 'should be not percent encode these characters' do
98+
request = Twilio::Request.new('host',
99+
'port',
100+
'POST',
101+
'url',
102+
{ 'param-key' => '-._~' },
103+
{ 'data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo' },
104+
{ 'header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo' },
105+
['a', 'b'],
106+
'timeout')
107+
expected_string = %((a,b) POST url?param-key=-._~) +
108+
%(\n-d "data-key"="data-value") +
109+
%(\n-d "data-keytwo"="data-valuetwo") +
110+
%(\n-H "header-key": "header-value") +
111+
%(\n-H "header-keytwo": "header-valuetwo")
112+
expect(request.to_s).to eq(expected_string)
113+
end
114+
115+
it 'tests parameter sanitation by encoding to prevent injection and XSS attacks' do
116+
request = Twilio::Request.new('host',
117+
'port',
118+
'POST',
119+
'url',
120+
{ 'param-key' => 'https://malicious.com/?q=<script>alert("xss")</script>' },
121+
{ 'data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo' },
122+
{ 'header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo' },
123+
['a', 'b'],
124+
'timeout')
125+
expected_string = %((a,b) POST url?param-key=https%3A%2F%2Fmalicious.com%2F%3Fq%3D%3Cscript%3Ealert%28%22xss%22%29%3C%2Fscript%3E) +
126+
%(\n-d "data-key"="data-value") +
127+
%(\n-d "data-keytwo"="data-valuetwo") +
128+
%(\n-H "header-key": "header-value") +
129+
%(\n-H "header-keytwo": "header-valuetwo")
130+
expect(request.to_s).to eq(expected_string)
35131
end
36132
end

0 commit comments

Comments
 (0)