ResourceUrlProvider.getForLookupPath fails if path contains double slashes [SPR-16296] #20843
Description
Michael Freitag opened SPR-16296 and commented
If the ResourceUrlProvider.getLookupForPath(String) method is called with a path containing double slashes, a StringIndexOutOfBoundsException is thrown. This situation may arise, for example, if a third-party library is sloppily programmed and contains references to resources with double slashes. As developers may not be able to modify such libraries, the ResourceUrlProvider should be able to handle such requests.
Below is a test case illustrating the issue.
import org.junit.Test;
import org.springframework.web.servlet.resource.ResourceHttpRequestHandler;
import org.springframework.web.servlet.resource.ResourceResolver;
import org.springframework.web.servlet.resource.ResourceUrlProvider;
import static org.junit.Assert.assertEquals;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
public class ResourceUrlProviderTest {
@Test
public void getForLookupPathShouldNotFailIfPathContainsDoubleSlashes() {
// given
ResourceResolver mockResourceResolver = mock(ResourceResolver.class);
when(mockResourceResolver.resolveUrlPath(any(), any(), any())).thenReturn("some-path");
ResourceHttpRequestHandler handler = new ResourceHttpRequestHandler();
handler.getResourceResolvers().add(mockResourceResolver);
ResourceUrlProvider provider = new ResourceUrlProvider();
provider.getHandlerMap().put("/some-pattern/**", handler);
// when
String lookupForPath = provider.getForLookupPath("/some-pattern/some-lib//some-resource");
// then
assertEquals("/some-pattern/some-path", lookupForPath);
}
}Affects: 5.0.2
Referenced from: commits ea73ec5