Permalink
Browse files

[breaking] resources - Not allowing to serve resources from root clas…

…spath as it is considered as a security flaw (see #253)
  • Loading branch information...
fcamblor committed Aug 21, 2017
1 parent e6e5edd commit 9effdfd3205f05e6c9baf67b702ecbfb3e020cc3
Showing with 3 additions and 0 deletions.
  1. +3 −0 restx-core/src/main/java/restx/ResourcesRoute.java
@@ -93,6 +93,9 @@ public ResourcesRoute(String name, String baseRestPath, String baseResourcePath,
this.baseRestPath = ("/" + checkNotNull(baseRestPath) + "/").replaceAll("/+", "/");
this.baseResourcePath = checkNotNull(baseResourcePath)
.replace('.', '/').replaceAll("^/", "").replaceAll("/$", "") + "/";
if("/".equals(this.baseResourcePath)){
throw new IllegalArgumentException("Please, avoid using '/' as ResourcesRoute's baseResourcePath as it represents serious security flaws (people will be able to read your classpath configuration files)");
}
this.aliases = checkNotNull(aliases);
this.cachedResourcePolicies = ImmutableList.copyOf(cachedResourcePolicies);
}

0 comments on commit 9effdfd

Please sign in to comment.