Commit bdcd847
committed
Fix unhandled NumberFormatException in webhook timestamp parsing
When parsing the Stripe-Signature header, getTimestamp() calls Long.parseLong()
on the timestamp value without catching NumberFormatException. If a malformed
header contains a non-numeric timestamp value (e.g., 't=not_a_number'), the
exception propagates up uncaught, rather than being wrapped in a
SignatureVerificationException as documented.
This commit catches NumberFormatException and returns -1, which causes
verifyHeader() to throw the expected SignatureVerificationException with
the message 'Unable to extract timestamp and signatures from header'.
Also adds a test case for malformed timestamp values.1 parent 1afcc9c commit bdcd847
2 files changed
Lines changed: 20 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
176 | 176 | | |
177 | 177 | | |
178 | 178 | | |
179 | | - | |
| 179 | + | |
| 180 | + | |
| 181 | + | |
| 182 | + | |
| 183 | + | |
180 | 184 | | |
181 | 185 | | |
182 | 186 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
160 | 160 | | |
161 | 161 | | |
162 | 162 | | |
| 163 | + | |
| 164 | + | |
| 165 | + | |
| 166 | + | |
| 167 | + | |
| 168 | + | |
| 169 | + | |
| 170 | + | |
| 171 | + | |
| 172 | + | |
| 173 | + | |
| 174 | + | |
| 175 | + | |
| 176 | + | |
| 177 | + | |
163 | 178 | | |
164 | 179 | | |
165 | 180 | | |
| |||
0 commit comments