[breaking] resources - Not allowing to serve resources from root clas…

…spath as it is considered as a security flaw (see #253)
restx · Aug 21, 2017 · 9effdfd3205f05e6c9baf67b702ecbfb3e020cc3 · 9effdfd
1 parent e6e5edd
commit 9effdfd3205f05e6c9baf67b702ecbfb3e020cc3
Unified Split

Showing with 3 additions and 0 deletions.

+3 −0 restx-core/src/main/java/restx/ResourcesRoute.java
diff --git a/restx-core/src/main/java/restx/ResourcesRoute.java b/restx-core/src/main/java/restx/ResourcesRoute.java
@@ -93,6 +93,9 @@ public ResourcesRoute(String name, String baseRestPath, String baseResourcePath,
        this.baseRestPath = ("/" + checkNotNull(baseRestPath) + "/").replaceAll("/+", "/");
        this.baseResourcePath = checkNotNull(baseResourcePath)
                .replace('.', '/').replaceAll("^/", "").replaceAll("/$", "") + "/";
+        if("/".equals(this.baseResourcePath)){
+            throw new IllegalArgumentException("Please, avoid using '/' as ResourcesRoute's baseResourcePath as it represents serious security flaws (people will be able to read your classpath configuration files)");
+        }
        this.aliases = checkNotNull(aliases);
        this.cachedResourcePolicies = ImmutableList.copyOf(cachedResourcePolicies);
    }