Skip to content

chore: Add comprehensive test cases for RequestValidator to improve coverage and debugging #902 #904

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Sep 18, 2025
Merged

chore: Add comprehensive test cases for RequestValidator to improve coverage and debugging #902 #904

merged 9 commits into from
Sep 18, 2025
+176 −0

Conversation

manisha1997
Copy link
Contributor

@manisha1997 manisha1997 commented Sep 18, 2025
edited
Loading

The RequestValidator test suite previously had only 11 basic test cases, making it difficult for developers to diagnose validation issues and understand expected behavior in edge cases. This PR significantly expands test coverage by adding 17 new comprehensive test cases.

What's Changed

New test coverage includes:

  • Empty and null parameter handling - Tests validation with empty maps, null parameters, and missing form data
  • Query parameter scenarios - URLs with and without query parameters, including URL-encoded values and non-Twilio parameters
  • Edge case data handling - Special characters, unicode, very long values (1000+ chars), empty/null parameter values
  • Behavioral verification - Parameter key case sensitivity, alphabetical sorting, international characters in URLs
  • Error conditions - Invalid, null, and empty signatures to ensure proper failure modes

Example of improved debugging capabilities:

// Before: Only basic validation test
@Test
public void testValidate() {
    Assert.assertTrue("Request does not match provided signature", 
        validator.validate(url, params, signature));
}

// After: Comprehensive edge case coverage
@Test
public void testValidateWithSpecialCharactersInParams() {
    Map<String, String> specialParams = new HashMap<>();
    specialParams.put("Message", "Hello & goodbye! @#$%^*()");
    specialParams.put("Special", "unicode: ñáéíóú");
    
    String expectedSignature = "dCPiR4WtQ6QFN6pJh81CtlCcWLQ=";
    boolean isValid = validator.validate(url, specialParams, expectedSignature);
    
    Assert.assertTrue("Validation should succeed with special characters", isValid);
}

Impact

  • Test count increased from 11 to 28 - More than doubled test coverage
  • Better developer experience - Clear examples of expected behavior across various scenarios
  • Improved reliability - Edge cases that could cause real-world validation failures are now tested
  • Enhanced security - Comprehensive testing of the security-critical RequestValidator component

All new test cases use correctly calculated signatures and follow existing project conventions. The expanded test suite makes RequestValidator much more usable and debuggable for developers integrating Twilio webhooks.

Fixes #645.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@manisha1997 manisha1997 changed the title Manisha1997 patch 1 chore: Add comprehensive test cases for RequestValidator to improve coverage and debugging #902 Sep 18, 2025
@manisha1997 manisha1997 merged commit 8fdf86b into 11.0.0-rc Sep 18, 2025
7 of 8 checks passed
@manisha1997 manisha1997 deleted the manisha1997-patch-1 branch September 18, 2025 12:48
shrutiburman
shrutiburman reviewed Sep 18, 2025
View reviewed changes
src/test/java/com/twilio/security/RequestValidatorTest.java
public void testValidateWithNullParams() {
// Test with null parameters
String expectedSignature = "zYQTYrRWXE7LtzbG4PfP7/bkkGo="; // hash of URL only
boolean isValid = validator.validate(url, (Map<String, String>) null, expectedSignature);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what if we dont type-cast null, we should expect a NPE?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shrutiburman shrutiburman shrutiburman left review comments

@sbansla sbansla sbansla approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@manisha1997 @shrutiburman @sbansla @Copilot