|
1 | 1 | require 'spec_helper' |
2 | 2 |
|
3 | 3 | describe Twilio::Request do |
4 | | - before do |
5 | | - @request = Twilio::Request.new('host', |
6 | | - 'port', |
7 | | - 'POST', |
8 | | - 'url', |
9 | | - { 'param-key' => 'param-value', 'param-keytwo' => 'param-valuetwo' }, |
10 | | - { 'data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo' }, |
11 | | - { 'header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo' }, |
12 | | - ['a', 'b'], |
13 | | - 'timeout') |
14 | | - end |
15 | | - |
16 | 4 | it 'should initialize readers correctly' do |
17 | | - expect(@request.host).to eq('host') |
18 | | - expect(@request.port).to eq('port') |
19 | | - expect(@request.method).to eq('POST') |
20 | | - expect(@request.url).to eq('url') |
21 | | - expect(@request.params).to eq('param-key' => 'param-value', 'param-keytwo' => 'param-valuetwo') |
22 | | - expect(@request.data).to eq('data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo') |
23 | | - expect(@request.headers).to eq('header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo') |
24 | | - expect(@request.auth).to eq(['a', 'b']) |
25 | | - expect(@request.timeout).to eq('timeout') |
| 5 | + request = Twilio::Request.new('host', |
| 6 | + 'port', |
| 7 | + 'POST', |
| 8 | + 'url', |
| 9 | + { 'param-key' => 'param-value', 'param-keytwo' => 'param-valuetwo' }, |
| 10 | + { 'data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo' }, |
| 11 | + { 'header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo' }, |
| 12 | + ['a', 'b'], |
| 13 | + 'timeout') |
| 14 | + expect(request.host).to eq('host') |
| 15 | + expect(request.port).to eq('port') |
| 16 | + expect(request.method).to eq('POST') |
| 17 | + expect(request.url).to eq('url') |
| 18 | + expect(request.params).to eq('param-key' => 'param-value', 'param-keytwo' => 'param-valuetwo') |
| 19 | + expect(request.data).to eq('data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo') |
| 20 | + expect(request.headers).to eq('header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo') |
| 21 | + expect(request.auth).to eq(['a', 'b']) |
| 22 | + expect(request.timeout).to eq('timeout') |
26 | 23 | end |
27 | 24 |
|
28 | 25 | it 'should be represented correctly' do |
| 26 | + request = Twilio::Request.new('host', |
| 27 | + 'port', |
| 28 | + 'POST', |
| 29 | + 'url', |
| 30 | + { 'param-key' => 'param-value', 'param-keytwo' => 'param-valuetwo' }, |
| 31 | + { 'data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo' }, |
| 32 | + { 'header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo' }, |
| 33 | + ['a', 'b'], |
| 34 | + 'timeout') |
29 | 35 | expected_string = %((a,b) POST url?param-key=param-value¶m-keytwo=param-valuetwo) + |
30 | 36 | %(\n-d "data-key"="data-value") + |
31 | 37 | %(\n-d "data-keytwo"="data-valuetwo") + |
32 | 38 | %(\n-H "header-key": "header-value") + |
33 | 39 | %(\n-H "header-keytwo": "header-valuetwo") |
34 | | - expect(@request.to_s).to eq(expected_string) |
| 40 | + expect(request.to_s).to eq(expected_string) |
| 41 | + end |
| 42 | + |
| 43 | + it 'should be percent encode properly' do |
| 44 | + request = Twilio::Request.new('host', |
| 45 | + 'port', |
| 46 | + 'POST', |
| 47 | + 'url', |
| 48 | + { 'param-key' => ':/?#[]@' }, |
| 49 | + { 'data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo' }, |
| 50 | + { 'header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo' }, |
| 51 | + ['a', 'b'], |
| 52 | + 'timeout') |
| 53 | + expected_string = %((a,b) POST url?param-key=%3A%2F%3F%23%5B%5D%40) + |
| 54 | + %(\n-d "data-key"="data-value") + |
| 55 | + %(\n-d "data-keytwo"="data-valuetwo") + |
| 56 | + %(\n-H "header-key": "header-value") + |
| 57 | + %(\n-H "header-keytwo": "header-valuetwo") |
| 58 | + expect(request.to_s).to eq(expected_string) |
| 59 | + end |
| 60 | + |
| 61 | + it 'should be percent encode properly for sub delimiters' do |
| 62 | + request = Twilio::Request.new('host', |
| 63 | + 'port', |
| 64 | + 'POST', |
| 65 | + 'url', |
| 66 | + { 'param-key' => '!$&\'()*+,;=' }, |
| 67 | + { 'data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo' }, |
| 68 | + { 'header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo' }, |
| 69 | + ['a', 'b'], |
| 70 | + 'timeout') |
| 71 | + expected_string = %((a,b) POST url?param-key=%21%24%26%27%28%29%2A%2B%2C%3B%3D) + |
| 72 | + %(\n-d "data-key"="data-value") + |
| 73 | + %(\n-d "data-keytwo"="data-valuetwo") + |
| 74 | + %(\n-H "header-key": "header-value") + |
| 75 | + %(\n-H "header-keytwo": "header-valuetwo") |
| 76 | + expect(request.to_s).to eq(expected_string) |
| 77 | + end |
| 78 | + |
| 79 | + it 'should be percent encode percent encode' do |
| 80 | + request = Twilio::Request.new('host', |
| 81 | + 'port', |
| 82 | + 'POST', |
| 83 | + 'url', |
| 84 | + { 'param-key' => '%25' }, |
| 85 | + { 'data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo' }, |
| 86 | + { 'header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo' }, |
| 87 | + ['a', 'b'], |
| 88 | + 'timeout') |
| 89 | + expected_string = %((a,b) POST url?param-key=%2525) + |
| 90 | + %(\n-d "data-key"="data-value") + |
| 91 | + %(\n-d "data-keytwo"="data-valuetwo") + |
| 92 | + %(\n-H "header-key": "header-value") + |
| 93 | + %(\n-H "header-keytwo": "header-valuetwo") |
| 94 | + expect(request.to_s).to eq(expected_string) |
| 95 | + end |
| 96 | + |
| 97 | + it 'should be not percent encode these characters' do |
| 98 | + request = Twilio::Request.new('host', |
| 99 | + 'port', |
| 100 | + 'POST', |
| 101 | + 'url', |
| 102 | + { 'param-key' => '-._~' }, |
| 103 | + { 'data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo' }, |
| 104 | + { 'header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo' }, |
| 105 | + ['a', 'b'], |
| 106 | + 'timeout') |
| 107 | + expected_string = %((a,b) POST url?param-key=-._~) + |
| 108 | + %(\n-d "data-key"="data-value") + |
| 109 | + %(\n-d "data-keytwo"="data-valuetwo") + |
| 110 | + %(\n-H "header-key": "header-value") + |
| 111 | + %(\n-H "header-keytwo": "header-valuetwo") |
| 112 | + expect(request.to_s).to eq(expected_string) |
| 113 | + end |
| 114 | + |
| 115 | + it 'tests parameter sanitation by encoding to prevent injection and XSS attacks' do |
| 116 | + request = Twilio::Request.new('host', |
| 117 | + 'port', |
| 118 | + 'POST', |
| 119 | + 'url', |
| 120 | + { 'param-key' => 'https://malicious.com/?q=<script>alert("xss")</script>' }, |
| 121 | + { 'data-key' => 'data-value', 'data-keytwo' => 'data-valuetwo' }, |
| 122 | + { 'header-key' => 'header-value', 'header-keytwo' => 'header-valuetwo' }, |
| 123 | + ['a', 'b'], |
| 124 | + 'timeout') |
| 125 | + expected_string = %((a,b) POST url?param-key=https%3A%2F%2Fmalicious.com%2F%3Fq%3D%3Cscript%3Ealert%28%22xss%22%29%3C%2Fscript%3E) + |
| 126 | + %(\n-d "data-key"="data-value") + |
| 127 | + %(\n-d "data-keytwo"="data-valuetwo") + |
| 128 | + %(\n-H "header-key": "header-value") + |
| 129 | + %(\n-H "header-keytwo": "header-valuetwo") |
| 130 | + expect(request.to_s).to eq(expected_string) |
35 | 131 | end |
36 | 132 | end |
0 commit comments