Now query parameters are decoded by default

Chris Wiechmann · Chris Wiechmann · commit ba13b584ca38 · 2022-06-24T14:20:14.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.6.0] 2022-06-24
+### Added
+- Now query parameters are by default decoded before send to the validator (e.g. otr%C3%B3s -> otr�s)
+
 ## [1.5.0] 2022-06-23
 ### Added
 - If the Content-Type header is duplicated, only the first header is taken and all others are deleted.
diff --git a/README.md b/README.md
@@ -39,6 +39,10 @@ def invoke(msg)
     // https://github.com/Axway-API-Management-Plus/openapi-validator/issues/2
     // validator.getExposurePath2SpecifiedPathMap().setMaxSize(5000);
     
+    // By default query parameters are decoded by default. You may turn this off for each 
+    // individual validator instance
+    // validator.setDecodeQueryParams(false);
+    
     // Get required parameters for the validation
     def payload = bodyAsString(msg.get('content.body'));
     def path = msg.get("http.request.path");
diff --git a/src/main/java/com/axway/apim/openapi/validator/OpenAPIValidator.java b/src/main/java/com/axway/apim/openapi/validator/OpenAPIValidator.java
@@ -1,6 +1,8 @@
 package com.axway.apim.openapi.validator;
 
 import java.net.URI;
+import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -36,6 +38,8 @@ public class OpenAPIValidator
 	
 	private int payloadLogMaxLength = 40;
 	
+	private boolean decodeQueryParams = true;
+	
 	public static synchronized OpenAPIValidator getInstance(String openAPISpec)  {
 		int hashCode = openAPISpec.hashCode();
 		if(instances.containsKey(hashCode)) {
@@ -219,6 +223,9 @@ public Collection<String> getQueryParameters() {
 			public Collection<String> getQueryParameterValues(String name) {
 				if(queryParams==null) return Collections.emptyList();
 				ArrayList<String> values = queryParams.getHeaderValues(name);
+				if(decodeQueryParams) {
+					values.replaceAll(headerValue -> URLDecoder.decode(headerValue, StandardCharsets.UTF_8));
+				}
 				return (Collection<String>) ((values == null) ? Collections.emptyList() : values);
 			}
 			
@@ -297,4 +304,8 @@ public void setMaxSize(int maxSize) {
 	public MaxSizeHashMap<String, Object> getExposurePath2SpecifiedPathMap() {
 		return exposurePath2SpecifiedPathMap;
 	}
+
+	public void setDecodeQueryParams(boolean decodeQueryParams) {
+		this.decodeQueryParams = decodeQueryParams;
+	}
 }
diff --git a/src/test/java/com/axway/apim/openapi/validator/TestOpenAPIValidator.java b/src/test/java/com/axway/apim/openapi/validator/TestOpenAPIValidator.java
@@ -232,4 +232,31 @@ public void validResponsewithoutBody() throws IOException
     	
     	Assert.assertFalse(validator.isValidResponse(null, verb, path, status, headers), "Request should be not valid!");
     }
+    
+    @Test
+    public void testSpecialCharsQueryParam() throws IOException
+    {
+    	String swagger = Files.readFile(this.getClass().getClassLoader().getResourceAsStream(TEST_PACKAGE + "PetstoreSwagger2.0.json"));
+    	OpenAPIValidator validator = OpenAPIValidator.getInstance(swagger);
+    	
+    	String path = "/user/login";
+    	String verb = "GET";
+    	HeaderSet headers = new HeaderSet();
+    	headers.addHeader("Content-Type", "application/json");
+    	QueryStringHeaderSet queryParams = new QueryStringHeaderSet();
+    	queryParams.addHeader("username", "otr%C3%B3s");
+    	queryParams.addHeader("password", "otr�s");
+    	
+    	Assert.assertTrue(validator.isValidRequest(null, verb, path, queryParams, headers));
+    	
+    	validator.setDecodeQueryParams(false);
+    	
+    	QueryStringHeaderSet queryParams2 = new QueryStringHeaderSet();
+    	queryParams2.addHeader("username", "otr%C3%B3s");
+    	queryParams2.addHeader("password", "otr�s");
+    	
+    	Assert.assertFalse(validator.isValidRequest(null, verb, path, queryParams2, headers));
+    }
+    
+    
 }
diff --git a/src/test/resources/com/axway/apim/openapi/validator/PetstoreSwagger2.0.json b/src/test/resources/com/axway/apim/openapi/validator/PetstoreSwagger2.0.json
@@ -738,14 +738,18 @@
             "in": "query",
             "description": "The user name for login",
             "required": true,
-            "type": "string"
+            "type": "string",
+            "minLength": 2,
+            "maxLength": 5
           },
           {
             "name": "password",
             "in": "query",
             "description": "The password for login in clear text",
             "required": true,
-            "type": "string"
+            "type": "string",
+            "minLength": 2,
+            "maxLength": 5
           }
         ],
         "responses": {
