Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[breaking] resources - Not allowing to serve resources from root clas…
…spath as it is considered as a security flaw (see #253)
  • Loading branch information
fcamblor committed Aug 21, 2017
1 parent e6e5edd commit 9effdfd
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions restx-core/src/main/java/restx/ResourcesRoute.java
Expand Up @@ -93,6 +93,9 @@ public ResourcesRoute(String name, String baseRestPath, String baseResourcePath,
this.baseRestPath = ("/" + checkNotNull(baseRestPath) + "/").replaceAll("/+", "/");
this.baseResourcePath = checkNotNull(baseResourcePath)
.replace('.', '/').replaceAll("^/", "").replaceAll("/$", "") + "/";
if("/".equals(this.baseResourcePath)){
throw new IllegalArgumentException("Please, avoid using '/' as ResourcesRoute's baseResourcePath as it represents serious security flaws (people will be able to read your classpath configuration files)");
}
this.aliases = checkNotNull(aliases);
this.cachedResourcePolicies = ImmutableList.copyOf(cachedResourcePolicies);
}
Expand Down

0 comments on commit 9effdfd

Please sign in to comment.