Uploaded image for project: 'sip2'
  1. sip2
  2. SIP2-63

Pre-URLencode query param values

    XMLWordPrintable

    Details

    • Template:
      Standard Bug Write-Up Format
    • Sprint:
      3Ms-SIP2-68

      Description

      As explained by the Vert.x devs in this issue https://github.com/vert-x3/vertx-web/issues/1315, we may need to pre-encode the path parameters so that the downstream server won't reject the request and we don't open the door for CQL injection.

      For each query parameter, we should do following:

      import org.folio.util.StringUtil;
      
      ...
      
      String path = "/some/path?query=";
      String encodedQueryParam = StringUtil.urlEncode("(id==xyzzy and name==\"John Doe\")");
      String relativeUrl = path + encodedQueryParam;
      

      StringUtil.urlEncode catches the ridiculous UnsupportedEncodingException that java.net.URLEncoder.encode declares to throw which is annoying since it cannot be thrown for "UTF-8" encoding.

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                Unassigned Unassigned
                Reporter:
                mreno Mathew Reno
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases