Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
SEC-1540: Namespace improperly handles method attribute when populating ChannelProcessingFilter.securityMetadataSource #1782
The namespace improperly handles the method attribute when populating ChannelProcessingFilter.securityMetadataSource. The problems differ between 3.0.x and 3.1.x. For 3.0.x the issue is that the method is ignored. The issue for 3.1.x is that if the path is /** the method is ignored. I have attached a patch with tests and a fix for both master and 3.0.x. Note that I included a test for 3.1.x that actually works but was broke in 3.0.x in order to ensure it continues to work. While it might be wise to refactor to reuse the logic in creating the securityMetadataSource, I did not do so to limit the scope of this change.
PS: I did not look at 2.x to see if it needed corrections.