Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

quarkus-resteasy-reactive PathMatcher allows any extra character in the end of valid path #23110

Closed
DmitriyO opened this issue Jan 22, 2022 · 1 comment · Fixed by #23123
Closed

quarkus-resteasy-reactive PathMatcher allows any extra character in the end of valid path #23110

DmitriyO opened this issue Jan 22, 2022 · 1 comment · Fixed by #23123
Labels
area/kotlin area/resteasy-reactive kind/bug Something isn't working
Milestone
2.7.0.Final

Comments

@DmitriyO
Copy link

Describe the bug

when using quarkus-resteasy-reactive, appending any extra character in the end of a valid path doesn't result in 404 but instead gets to the existing valid route
making simple @Path("hello") resource, will return a response when calling /hello, but also /helloX (X = any character) and /helloX/, while the invalid paths should result in 404
appending more than 1 character results in a valid behaviour and returns 404
seems that the PathMatcher treats the last character as if it was a trailing slash since in some places in the code only the length of the remaining path part is checked (I suppose for performance reasons?)

quarkus-resteasy PathMatcher does behave as expected

Expected behavior

/hello should return a response
/helloX and /helloX/ should return 404 (X == any character)

Actual behavior

/hello should return a response
/helloX and /helloX/ return same response as /hello

How to Reproduce?

create a starter quarkus project with quarkus-resteasy-reactive extension
add a simple hello resource

(kotlin version)

@Path("hello")
class HelloResource {
    @GET
    @Produces(MediaType.TEXT_PLAIN)
    fun hello() : String {
        return "Hello"
    }
}

Output of uname -a or ver

Darwin MacBook-Pro.local 20.6.0 Darwin Kernel Version 20.6.0; root:xnu-7195.141.8~1/RELEASE_X86_64 x86_64

Output of java -version

openjdk version "16.0.2" 2021-07-20; OpenJDK Runtime Environment Corretto-16.0.2.7.1 (build 16.0.2+7)

GraalVM version (if different from Java)

Quarkus version or git rev

2.6.3.Final

Build tool (ie. output of mvnw --version or gradlew --version)

Gradle 6.9

Additional information

No response
@DmitriyO DmitriyO added the kind/bug Something isn't working label Jan 22, 2022
@quarkus-bot
Copy link

quarkus-bot bot commented Jan 22, 2022

/cc @FroMage, @evanchooly, @geoand, @stuartwdouglas

stuartwdouglas added a commit to stuartwdouglas/quarkus that referenced this issue Jan 24, 2022
@stuartwdouglas
RequestMapper allows trailing characters
a079fbb 
Fixes quarkusio#23110
@stuartwdouglas stuartwdouglas mentioned this issue Jan 24, 2022
Merged
stuartwdouglas added a commit to stuartwdouglas/quarkus that referenced this issue Jan 24, 2022
@stuartwdouglas
RequestMapper allows trailing characters
bf677b0 
Fixes quarkusio#23110
@quarkus-bot quarkus-bot bot added this to the 2.8 - main milestone Jan 24, 2022
@gsmet gsmet modified the milestones: 2.8 - main, 2.7.0.Final Jan 24, 2022
gsmet pushed a commit to gsmet/quarkus that referenced this issue Jan 24, 2022
@stuartwdouglas @gsmet
RequestMapper allows trailing characters
585aa6d 
Fixes quarkusio#23110

(cherry picked from commit bf677b0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/kotlin area/resteasy-reactive kind/bug Something isn't working
Projects
None yet
Milestone
2.7.0.Final
Development

Successfully merging a pull request may close this issue.

RequestMapper allows trailing characters stuartwdouglas/quarkus
2 participants
@gsmet @DmitriyO