[breaking] resources - Not allowing to serve resources from root clas…

…spath as it is considered as a security flaw (see #253)
restx · Aug 21, 2017 · 9effdfd · 9effdfd
1 parent e6e5edd
commit 9effdfd
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/restx-core/src/main/java/restx/ResourcesRoute.java b/restx-core/src/main/java/restx/ResourcesRoute.java
@@ -93,6 +93,9 @@ public ResourcesRoute(String name, String baseRestPath, String baseResourcePath,
         this.baseRestPath = ("/" + checkNotNull(baseRestPath) + "/").replaceAll("/+", "/");
         this.baseResourcePath = checkNotNull(baseResourcePath)
                 .replace('.', '/').replaceAll("^/", "").replaceAll("/$", "") + "/";
+        if("/".equals(this.baseResourcePath)){
+            throw new IllegalArgumentException("Please, avoid using '/' as ResourcesRoute's baseResourcePath as it represents serious security flaws (people will be able to read your classpath configuration files)");
+        }
         this.aliases = checkNotNull(aliases);
         this.cachedResourcePolicies = ImmutableList.copyOf(cachedResourcePolicies);
     }