Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ResourceUrlProvider.getForLookupPath fails if path contains double slashes [SPR-16296] #20843

spring-issuemaster opened this issue Dec 13, 2017 · 1 comment


Copy link

@spring-issuemaster spring-issuemaster commented Dec 13, 2017

Michael Freitag opened SPR-16296 and commented

If the ResourceUrlProvider.getLookupForPath(String) method is called with a path containing double slashes, a StringIndexOutOfBoundsException is thrown. This situation may arise, for example, if a third-party library is sloppily programmed and contains references to resources with double slashes. As developers may not be able to modify such libraries, the ResourceUrlProvider should be able to handle such requests.

Below is a test case illustrating the issue.

import org.junit.Test;
import org.springframework.web.servlet.resource.ResourceHttpRequestHandler;
import org.springframework.web.servlet.resource.ResourceResolver;
import org.springframework.web.servlet.resource.ResourceUrlProvider;

import static org.junit.Assert.assertEquals;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

public class ResourceUrlProviderTest {

    public void getForLookupPathShouldNotFailIfPathContainsDoubleSlashes() {
        // given
        ResourceResolver mockResourceResolver = mock(ResourceResolver.class);
        when(mockResourceResolver.resolveUrlPath(any(), any(), any())).thenReturn("some-path");

        ResourceHttpRequestHandler handler = new ResourceHttpRequestHandler();

        ResourceUrlProvider provider = new ResourceUrlProvider();
        provider.getHandlerMap().put("/some-pattern/**", handler);

        // when
        String lookupForPath = provider.getForLookupPath("/some-pattern/some-lib//some-resource");

        // then
        assertEquals("/some-pattern/some-path", lookupForPath);

Affects: 5.0.2

Referenced from: commits ea73ec5

Copy link
Collaborator Author

@spring-issuemaster spring-issuemaster commented Jan 10, 2018

Rossen Stoyanchev commented

This should be fixed now in master. Thanks for providing a test!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.