Skip to content

Commit 9effdfd

Browse files
committed
[breaking] resources - Not allowing to serve resources from root classpath as it is considered as a security flaw (see #253)
1 parent e6e5edd commit 9effdfd

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

restx-core/src/main/java/restx/ResourcesRoute.java

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -93,6 +93,9 @@ public ResourcesRoute(String name, String baseRestPath, String baseResourcePath,
9393
this.baseRestPath = ("/" + checkNotNull(baseRestPath) + "/").replaceAll("/+", "/");
9494
this.baseResourcePath = checkNotNull(baseResourcePath)
9595
.replace('.', '/').replaceAll("^/", "").replaceAll("/$", "") + "/";
96+
if("/".equals(this.baseResourcePath)){
97+
throw new IllegalArgumentException("Please, avoid using '/' as ResourcesRoute's baseResourcePath as it represents serious security flaws (people will be able to read your classpath configuration files)");
98+
}
9699
this.aliases = checkNotNull(aliases);
97100
this.cachedResourcePolicies = ImmutableList.copyOf(cachedResourcePolicies);
98101
}

0 commit comments

Comments
 (0)