Skip to content

Validate url domain and path #4522

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Net-burst merged 3 commits into from
May 29, 2026
+189 −47
Merged

Validate url domain and path #4522

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a129a68
Added validation to domain and path parameters
Lightwood13 May 29, 2026
c3bd93c
Added unit tests
Lightwood13 May 29, 2026
a98e646
Added validation for null and empty domain names
Lightwood13 May 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/main/java/org/prebid/server/bidder/acuityads/AcuityadsBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ private ExtImpAcuityads parseImpExt(Imp imp) {

private String resolveEndpoint(String host, String accountId) {
return endpointUrl
.replace(URL_HOST_MACRO, StringUtils.stripToEmpty(host))
.replace(URL_HOST_MACRO, HttpUtil.validateDomainName(StringUtils.stripToEmpty(host)))
.replace(URL_ACCOUNT_ID_MACRO, StringUtils.stripToEmpty(accountId));
}

Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/prebid/server/bidder/adhese/AdheseBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ private ExtImpAdhese parseImpExt(Imp imp) {
}

private String getUrl(ExtImpAdhese extImpAdhese) {
return endpointUrl.replace("{{AccountId}}", extImpAdhese.getAccount());
return endpointUrl.replace("{{AccountId}}", HttpUtil.validateDomainName(extImpAdhese.getAccount()));
}

private BidRequest modifyBidRequest(BidRequest bidRequest, ExtImpAdhese extImpAdhese) {
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/prebid/server/bidder/adtonos/AdtonosBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ private ExtImpAdtonos parseImpExt(Imp imp) {
}

private String makeUrl(ExtImpAdtonos extImp) {
return endpointUrl.replace(PUBLISHER_ID_MACRO, extImp.getSupplierId());
return endpointUrl.replace(PUBLISHER_ID_MACRO, HttpUtil.validatePathSegment(extImp.getSupplierId()));
}

@Override
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/prebid/server/bidder/adview/AdviewBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ private static Banner resolveBanner(Banner banner) {
}

private String resolveEndpoint(String accountId) {
return endpointUrl.replace(ACCOUNT_ID_MACRO, HttpUtil.encodeUrl(accountId));
return endpointUrl.replace(ACCOUNT_ID_MACRO, HttpUtil.encodeUrl(HttpUtil.validatePathSegment(accountId)));
}

@Override
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/prebid/server/bidder/axonix/AxonixBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ private ExtImpAxonix parseImpExt(Imp imp) {
}

private String resolveEndpoint(String supplyId) {
return endpointUrl.replace(URL_SUPPLY_ID_MACRO, HttpUtil.encodeUrl(supplyId));
return endpointUrl.replace(URL_SUPPLY_ID_MACRO, HttpUtil.encodeUrl(HttpUtil.validatePathSegment(supplyId)));
}

@Override
Expand Down
6 changes: 3 additions & 3 deletions src/main/java/org/prebid/server/bidder/bidmachine/BidmachineBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,9 +142,9 @@ private static boolean isMissedRewardedBattr(List<Integer> battr) {
}

private String buildEndpointUrl(ExtImpBidmachine extImpBidmachine) {
return endpointUrl.replace("{{HOST}}", extImpBidmachine.getHost())
.replace("{{PATH}}", extImpBidmachine.getPath())
.replace("{{SELLER_ID}}", extImpBidmachine.getSellerId());
return endpointUrl.replace("{{HOST}}", HttpUtil.validateDomainName(extImpBidmachine.getHost()))
.replace("{{PATH}}", HttpUtil.validatePathSegment(extImpBidmachine.getPath()))
.replace("{{SELLER_ID}}", HttpUtil.validatePathSegment(extImpBidmachine.getSellerId()));
}

private ExtPrebid<ExtImpPrebid, ExtImpBidmachine> parseImpExt(Imp imp) {
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/prebid/server/bidder/blis/BlisBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ private static MultiMap makeHeaders(String supplyId) {
}

private String makeUrl(String supplyId) {
return endpointUrl.replace(SUPPLY_ID_MACRO, HttpUtil.encodeUrl(supplyId));
return endpointUrl.replace(SUPPLY_ID_MACRO, HttpUtil.encodeUrl(HttpUtil.validatePathSegment(supplyId)));
}

@Override
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/prebid/server/bidder/clydo/ClydoBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ private static MultiMap constructHeaders(BidRequest bidRequest) {
private static String resolveUrl(String endpoint, ExtImpClydo extImp) {
return endpoint
.replace(REGION_MACRO, getRegionInfo(extImp))
.replace(PARTNER_ID_MACRO, HttpUtil.encodeUrl(extImp.getPartnerId()));
.replace(PARTNER_ID_MACRO, HttpUtil.encodeUrl(HttpUtil.validatePathSegment(extImp.getPartnerId())));
}

private static String getRegionInfo(ExtImpClydo extImp) {
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/prebid/server/bidder/contxtful/ContxtfulBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ private static User modifyUser(User user) {
}

private String makeUrl(String customerId) {
return endpointUrl.replace(ACCOUNT_ID_MACRO, HttpUtil.encodeUrl(customerId));
return endpointUrl.replace(ACCOUNT_ID_MACRO, HttpUtil.encodeUrl(HttpUtil.validatePathSegment(customerId)));
}

@Override
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/prebid/server/bidder/elementaltv/ElementalTVBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ private ExtImpElementalTV parseAndValidateImpExt(Imp imp) {
private String resolveUrl(ExtImpElementalTV extImp) {
try {
return endpointTemplate
.replace("{{AdUnit}}", HttpUtil.encodeUrl(extImp.getAdunit()));
.replace("{{AdUnit}}", HttpUtil.encodeUrl(HttpUtil.validatePathSegment(extImp.getAdunit())));
} catch (Exception e) {
throw new PreBidException(e.getMessage());
}
Expand Down
7 changes: 6 additions & 1 deletion src/main/java/org/prebid/server/bidder/eplanning/EplanningBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,12 @@ private String resolveRequestUri(BidRequest request, List<String> requestsString
? app.getBundle()
: pageDomain;

final String uri = "%s/%s/%s/%s/%s".formatted(endpointUrl, clientId, DFP_CLIENT_ID, requestTarget, SEC);
final String uri = "%s/%s/%s/%s/%s".formatted(
endpointUrl,
HttpUtil.validatePathSegment(clientId),
DFP_CLIENT_ID,
HttpUtil.validatePathSegment(requestTarget),
SEC);

final URIBuilder uriBuilder;
try {
Expand Down
6 changes: 4 additions & 2 deletions src/main/java/org/prebid/server/bidder/gamoshi/GamoshiBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ public Result<List<HttpRequest<BidRequest>>> makeHttpRequests(BidRequest request

if (validImps.isEmpty()) {
errors.add(BidderError.badInput("No valid impressions in the bid request"));
return Result.of(Collections.emptyList(), errors);
return Result.of(Collections.<HttpRequest<BidRequest>>emptyList(), errors);
}

final ExtImpGamoshi firstImpExt;
Expand All @@ -69,7 +69,9 @@ public Result<List<HttpRequest<BidRequest>>> makeHttpRequests(BidRequest request

final BidRequest outgoingRequest = request.toBuilder().imp(validImps).build();

final String requestUrl = endpointUrl + "/r/" + firstImpExt.getSupplyPartnerId() + "/bidr?bidder=prebid-server";
final String requestUrl = endpointUrl + "/r/"
+ HttpUtil.validatePathSegment(firstImpExt.getSupplyPartnerId())
+ "/bidr?bidder=prebid-server";
final MultiMap headers = resolveHeaders(request.getDevice());

return Result.of(Collections.singletonList(
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/prebid/server/bidder/imds/ImdsBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,8 @@ public Result<List<HttpRequest<BidRequest>>> makeHttpRequests(BidRequest bidRequ
}

private String generateEndpointUrl(ExtImpImds firstExtImp) {
final String accountId = URLEncoder.encode(firstExtImp.getSeatId(), StandardCharsets.UTF_8);
final String accountId = URLEncoder.encode(
HttpUtil.validatePathSegment(firstExtImp.getSeatId()), StandardCharsets.UTF_8);
final String sourceId = URLEncoder.encode(prebidVersion, StandardCharsets.UTF_8);
return endpointUrl
.replaceAll("\\{\\{AccountID}}", accountId)
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/prebid/server/bidder/kayzen/KayzenBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,8 @@ private ExtImpKayzen parseImpExt(Imp imp) {
}

private HttpRequest<BidRequest> createRequest(ExtImpKayzen extImpKayzen, BidRequest request, List<Imp> imps) {
final String url = endpointUrl.replace(URL_ZONE_ID_MACRO, extImpKayzen.getZone())
final String url = endpointUrl
.replace(URL_ZONE_ID_MACRO, HttpUtil.validateDomainName(extImpKayzen.getZone()))
.replace(URL_ACCOUNT_ID_MACRO, extImpKayzen.getExchange());
final BidRequest outgoingRequest = request.toBuilder().imp(imps).build();

Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/prebid/server/bidder/kueezrtb/KueezRtbBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,8 @@ private KueezRtbImpExt parseImpExt(Imp imp) throws PreBidException {

private HttpRequest<BidRequest> makeHttpRequest(BidRequest bidRequest, Imp imp, KueezRtbImpExt impExt) {
final BidRequest modifiedBidRequest = bidRequest.toBuilder().imp(Collections.singletonList(imp)).build();
final String uri = endpointUrl + HttpUtil.encodeUrl(StringUtils.defaultString(impExt.getConnectionId()).trim());
final String uri = endpointUrl + HttpUtil.encodeUrl(
HttpUtil.validatePathSegment(StringUtils.defaultString(impExt.getConnectionId()).trim()));

return BidderUtil.defaultRequest(modifiedBidRequest, uri, mapper);
}
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/prebid/server/bidder/madvertise/MadvertiseBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ private ExtImpMadvertise parseImpExt(Imp imp) {
}

private HttpRequest<BidRequest> createRequest(BidRequest request, String zoneID) {
final String url = endpointUrl.replace(ZONE_ID_MACRO, HttpUtil.encodeUrl(zoneID));
final String url = endpointUrl.replace(ZONE_ID_MACRO, HttpUtil.encodeUrl(HttpUtil.validatePathSegment(zoneID)));

return HttpRequest.<BidRequest>builder()
.method(HttpMethod.POST)
Expand Down
5 changes: 4 additions & 1 deletion src/main/java/org/prebid/server/bidder/mgid/MgidBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,10 @@ public final Result<List<HttpRequest<BidRequest>>> makeHttpRequests(BidRequest b
.imp(imps)
.build();

return Result.withValue(BidderUtil.defaultRequest(outgoingRequest, endpointUrl + accountId, mapper));
return Result.withValue(BidderUtil.defaultRequest(
outgoingRequest,
endpointUrl + HttpUtil.validatePathSegment(accountId),
mapper));
}

private ExtImpMgid parseImpExt(Imp imp) {
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/prebid/server/bidder/onetag/OnetagBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,8 @@ public Result<List<HttpRequest<BidRequest>>> makeHttpRequests(BidRequest request
}
}

final String url = endpointUrl.replace(URL_PUBLISHER_ID_MACRO, StringUtils.defaultString(requestPubId));
final String url = endpointUrl.replace(
URL_PUBLISHER_ID_MACRO, HttpUtil.validatePathSegment(StringUtils.defaultString(requestPubId)));
return Result.withValue(BidderUtil.defaultRequest(request, url, mapper));
}

Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/prebid/server/bidder/operaads/OperaadsBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,8 @@ private HttpRequest<BidRequest> createRequest(BidRequest bidRequest, Imp imp, Ex

private String resolveUrl(ExtImpOperaads extImpOperaads) {
return endpointUrl
.replace(PUBLISHER_ID_MACRO, HttpUtil.encodeUrl(extImpOperaads.getPublisherId()))
.replace(PUBLISHER_ID_MACRO,
HttpUtil.encodeUrl(HttpUtil.validatePathSegment(extImpOperaads.getPublisherId())))
.replace(ACCOUNT_ID_MACRO, HttpUtil.encodeUrl(extImpOperaads.getEndpointId()));
}

Expand Down
6 changes: 4 additions & 2 deletions src/main/java/org/prebid/server/bidder/ownadx/OwnAdxBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,8 +88,10 @@ private HttpRequest<BidRequest> createHttpRequest(BidRequest bidRequest, ExtImpO
private String makeUrl(ExtImpOwnAdx extImpOwnAdx) {
final Optional<ExtImpOwnAdx> ownAdx = Optional.ofNullable(extImpOwnAdx);
return endpointUrl
.replace(SEAT_ID_MACROS_ENDPOINT, ownAdx.map(ExtImpOwnAdx::getSeatId).orElse(StringUtils.EMPTY))
.replace(SSP_ID_MACROS_ENDPOINT, ownAdx.map(ExtImpOwnAdx::getSspId).orElse(StringUtils.EMPTY))
.replace(SEAT_ID_MACROS_ENDPOINT,
HttpUtil.validatePathSegment(ownAdx.map(ExtImpOwnAdx::getSeatId).orElse(StringUtils.EMPTY)))
.replace(SSP_ID_MACROS_ENDPOINT,
HttpUtil.validatePathSegment(ownAdx.map(ExtImpOwnAdx::getSspId).orElse(StringUtils.EMPTY)))
.replace(TOKEN_ID_MACROS_ENDPOINT, ownAdx.map(ExtImpOwnAdx::getTokenId).orElse(StringUtils.EMPTY));
}

Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/prebid/server/bidder/rediads/RediadsBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,8 @@ private static App modifyApp(App app, String accountId) {
}

private String resolveEndpointUrl(String subdomain) {
return endpointUrl.replace(SUBDOMAIN_MACRO, StringUtils.defaultIfBlank(subdomain, defaultSubdomain));
return endpointUrl.replace(
SUBDOMAIN_MACRO, HttpUtil.validateDomainName(StringUtils.defaultIfBlank(subdomain, defaultSubdomain)));
}

@Override
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/prebid/server/bidder/relevantdigital/RelevantDigitalBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@ private String makeUrl(String host) {
.replace("http://", "")
.replace("https://", "")
.replace(".relevant-digital.com", "");
return endpointUrl.replace(HOST_MACRO, modifiedHost);
return endpointUrl.replace(HOST_MACRO, HttpUtil.validateDomainName(modifiedHost));
}

private static MultiMap makeHeaders(BidRequest bidRequest) {
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/prebid/server/bidder/roulax/RoulaxBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,8 @@ private ExtImpRoulax parseImpExt(Imp imp) {

private String resolveEndpoint(ExtImpRoulax extImpRoulax) {
return endpointUrl
.replace(PUBLISHER_PATH_MACRO, StringUtils.defaultString(extImpRoulax.getPublisherPath()).trim())
.replace(PUBLISHER_PATH_MACRO,
HttpUtil.validatePathSegment(StringUtils.defaultString(extImpRoulax.getPublisherPath()).trim()))
.replace(ACCOUNT_ID_MACRO, StringUtils.defaultString(extImpRoulax.getPid()).trim());
}

Expand Down
4 changes: 2 additions & 2 deletions src/main/java/org/prebid/server/bidder/silvermob/SilvermobBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,8 +104,8 @@ private static Boolean isInvalidHost(String host) {

private String resolveEndpoint(ExtImpSilvermob extImp) {
return endpointUrl
.replace(URL_HOST_MACRO, extImp.getHost())
.replace(URL_ZONE_ID_MACRO, HttpUtil.encodeUrl(extImp.getZoneId()));
.replace(URL_HOST_MACRO, HttpUtil.validateDomainName(extImp.getHost()))
.replace(URL_ZONE_ID_MACRO, HttpUtil.encodeUrl(HttpUtil.validatePathSegment(extImp.getZoneId())));
}

private static MultiMap resolveHeaders(Device device) {
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/prebid/server/bidder/smartyads/SmartyAdsBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ private static Imp updateImp(Imp imp) {

private String resolveUrl(ExtImpSmartyAds extImp) {
return endpointUrl
.replace(URL_HOST_MACRO, extImp.getHost())
.replace(URL_HOST_MACRO, HttpUtil.validateDomainName(extImp.getHost()))
.replace(URL_SOURCE_ID_MACRO, HttpUtil.encodeUrl(extImp.getSourceId()))
.replace(URL_ACCOUNT_ID_MACRO, HttpUtil.encodeUrl(extImp.getAccountId()));
}
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/prebid/server/bidder/smilewanted/SmileWantedBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,8 @@ public Result<List<HttpRequest<BidRequest>>> makeHttpRequests(BidRequest request
}

final BidRequest outgoingRequest = request.toBuilder().at(DEFAULT_AT).build();
final String url = endpointUrl.replace(ZONE_ID_MACRO, HttpUtil.encodeUrl(extImpSmilewanted.getZoneId()));
final String url = endpointUrl.replace(
ZONE_ID_MACRO, HttpUtil.encodeUrl(HttpUtil.validatePathSegment(extImpSmilewanted.getZoneId())));

return Result.withValue(BidderUtil.defaultRequest(
outgoingRequest,
Expand Down
4 changes: 3 additions & 1 deletion src/main/java/org/prebid/server/bidder/tappx/TappxBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import org.prebid.server.proto.openrtb.ext.request.tappx.ExtImpTappx;
import org.prebid.server.proto.openrtb.ext.response.BidType;
import org.prebid.server.util.BidderUtil;
import org.prebid.server.util.HttpUtil;

import java.math.BigDecimal;
import java.net.URISyntaxException;
Expand Down Expand Up @@ -101,7 +102,8 @@ private String resolveUrl(ExtImpTappx extImpTappx, Integer test) {

if (!isNewEndpoint) {
final List<String> pathSegments = uriBuilder.getPathSegments();
uriBuilder.setPathSegments(ListUtils.union(pathSegments, Collections.singletonList(subdomain)));
uriBuilder.setPathSegments(ListUtils.union(pathSegments,
Collections.singletonList(HttpUtil.validatePathSegment(subdomain))));
}

uriBuilder.addParameter("tappxkey", extImpTappx.getTappxkey());
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/prebid/server/bidder/thetradedesk/TheTradeDeskBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,8 @@ private static App modifyApp(BidRequest request, String publisherId) {
private String resolveEndpoint(String sourceSupplyId) {
return endpointUrl.replace(
SUPPLY_ID_MACRO,
HttpUtil.encodeUrl(StringUtils.defaultString(ObjectUtils.defaultIfNull(sourceSupplyId, supplyId))));
HttpUtil.encodeUrl(HttpUtil.validatePathSegment(
StringUtils.defaultString(ObjectUtils.defaultIfNull(sourceSupplyId, supplyId)))));
}

@Override
Expand Down
5 changes: 3 additions & 2 deletions src/main/java/org/prebid/server/bidder/tradplus/TradPlusBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,9 @@ private void validateImpExt(ExtImpTradPlus extImpTradPlus) {
private HttpRequest<BidRequest> makeHttpRequest(ExtImpTradPlus extImpTradPlus, List<Imp> imps,
BidRequest bidRequest) {
final String uri;
uri = endpointUrl.replace(ZONE_ID, extImpTradPlus.getZoneId()).replace(ACCOUNT_ID,
extImpTradPlus.getAccountId());
uri = endpointUrl
.replace(ZONE_ID, HttpUtil.validateDomainName(extImpTradPlus.getZoneId()))
.replace(ACCOUNT_ID, HttpUtil.validatePathSegment(extImpTradPlus.getAccountId()));

final BidRequest outgoingRequest = bidRequest.toBuilder().imp(removeImpsExt(imps)).build();

Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/prebid/server/bidder/trafficgate/TrafficGateBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ private HttpRequest<BidRequest> createSingleRequest(ExtImpTrafficGate extImpTraf
}

private String resolveHost(ExtImpTrafficGate extImpTrafficGate) {
return endpointUrl.replace(SUBDOMAIN_MACRO, extImpTrafficGate.getHost());
return endpointUrl.replace(SUBDOMAIN_MACRO, HttpUtil.validateDomainName(extImpTrafficGate.getHost()));
}

private ExtImpTrafficGate parseImpExt(Imp imp) {
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/prebid/server/bidder/ucfunnel/UcfunnelBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,8 @@ public Result<List<HttpRequest<BidRequest>>> makeHttpRequests(BidRequest request
errors.add(BidderError.badInput(e.getMessage()));
}

final String requestUrl = "%s/%s/request".formatted(endpointUrl, HttpUtil.encodeUrl(partnerId));
final String requestUrl = "%s/%s/request".formatted(endpointUrl,
HttpUtil.encodeUrl(HttpUtil.validatePathSegment(partnerId)));

return Result.of(Collections.singletonList(BidderUtil.defaultRequest(request, requestUrl, mapper)),
errors);
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/prebid/server/bidder/vidazoo/VidazooBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,8 @@ private VidazooImpExt parseImpExt(Imp imp) throws PreBidException {

private HttpRequest<BidRequest> makeHttpRequest(BidRequest bidRequest, Imp imp, VidazooImpExt impExt) {
final BidRequest modifiedBidRequest = bidRequest.toBuilder().imp(Collections.singletonList(imp)).build();
final String uri = endpointUrl + HttpUtil.encodeUrl(StringUtils.defaultString(impExt.getConnectionId()).trim());
final String uri = endpointUrl + HttpUtil.encodeUrl(
HttpUtil.validatePathSegment(StringUtils.defaultString(impExt.getConnectionId()).trim()));

return BidderUtil.defaultRequest(modifiedBidRequest, uri, mapper);
}
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/prebid/server/bidder/yeahmobi/YeahmobiBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ private String resolveNativeRequest(String nativeRequest) {
private HttpRequest<BidRequest> makeHttpRequest(BidRequest request, String zoneId) {
return BidderUtil.defaultRequest(
request,
endpointUrl.replace(HOST_MACRO, HOST_PATTERN.formatted(zoneId)),
endpointUrl.replace(HOST_MACRO, HttpUtil.validateDomainName(HOST_PATTERN.formatted(zoneId))),
mapper);
}

Expand Down
9 changes: 5 additions & 4 deletions src/main/java/org/prebid/server/bidder/yieldlab/YieldlabBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,8 @@ private ExtImpYieldlab parseImpExt(Imp imp) {
}

private String makeUrl(ExtImpYieldlab extImpYieldlab, BidRequest request, Map<String, ExtImpYieldlab> extImps) {
final String updatedPath = "%s/%s".formatted(endpointUrl, extImpYieldlab.getAdslotId());
final String updatedPath = "%s/%s".formatted(
endpointUrl, HttpUtil.validatePathSegment(extImpYieldlab.getAdslotId()));

final URIBuilder uriBuilder;
try {
Expand Down Expand Up @@ -546,9 +547,9 @@ private String makeNurl(BidRequest bidRequest, ExtImpYieldlab extImp, YieldlabBi
}

return AD_SOURCE_URL.formatted(
extImp.getAdslotId(),
extImp.getSupplyId(),
yieldlabBid.getAdSize(),
HttpUtil.validatePathSegment(extImp.getAdslotId()),
HttpUtil.validatePathSegment(extImp.getSupplyId()),
HttpUtil.validatePathSegment(yieldlabBid.getAdSize()),
uriBuilder.toString().replace("?", ""));
}

Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/prebid/server/bidder/zeroclickfraud/ZeroclickfraudBidder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ private ExtImpZeroclickfraud parseAndValidateImpExt(ObjectNode extNode) {
private HttpRequest<BidRequest> makeHttpRequest(ExtImpZeroclickfraud extImpZeroclickfraud, List<Imp> imps,
BidRequest bidRequest) {
final String uri = endpointTemplate
.replace(HOST, extImpZeroclickfraud.getHost())
.replace(HOST, HttpUtil.validateDomainName(extImpZeroclickfraud.getHost()))
.replace(SOURCE_ID, extImpZeroclickfraud.getSourceId().toString());

final BidRequest outgoingRequest = bidRequest.toBuilder().imp(imps).build();
Expand Down
Loading
Loading