Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ResourceUrlProvider.getForLookupPath fails if path contains double slashes [SPR-16296] #20843

Closed
spring-issuemaster opened this issue Dec 13, 2017 · 1 comment

Comments

Projects
None yet
2 participants
@spring-issuemaster
Copy link
Collaborator

commented Dec 13, 2017

Michael Freitag opened SPR-16296 and commented

If the ResourceUrlProvider.getLookupForPath(String) method is called with a path containing double slashes, a StringIndexOutOfBoundsException is thrown. This situation may arise, for example, if a third-party library is sloppily programmed and contains references to resources with double slashes. As developers may not be able to modify such libraries, the ResourceUrlProvider should be able to handle such requests.

Below is a test case illustrating the issue.

import org.junit.Test;
import org.springframework.web.servlet.resource.ResourceHttpRequestHandler;
import org.springframework.web.servlet.resource.ResourceResolver;
import org.springframework.web.servlet.resource.ResourceUrlProvider;

import static org.junit.Assert.assertEquals;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

public class ResourceUrlProviderTest {

    @Test
    public void getForLookupPathShouldNotFailIfPathContainsDoubleSlashes() {
        // given
        ResourceResolver mockResourceResolver = mock(ResourceResolver.class);
        when(mockResourceResolver.resolveUrlPath(any(), any(), any())).thenReturn("some-path");

        ResourceHttpRequestHandler handler = new ResourceHttpRequestHandler();
        handler.getResourceResolvers().add(mockResourceResolver);

        ResourceUrlProvider provider = new ResourceUrlProvider();
        provider.getHandlerMap().put("/some-pattern/**", handler);

        // when
        String lookupForPath = provider.getForLookupPath("/some-pattern/some-lib//some-resource");

        // then
        assertEquals("/some-pattern/some-path", lookupForPath);
    }
}

Affects: 5.0.2

Referenced from: commits ea73ec5

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

commented Jan 10, 2018

Rossen Stoyanchev commented

This should be fixed now in master. Thanks for providing a test!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.