Commit d4fb4071 authored by Simon Urli's avatar Simon Urli
Browse files

XCOMMONS-2347: ServletEnvironement#getResource should not return URL with relative path component

  * Ensure to normalize URLs when calling ServletEnvironment#getResource
parent 73ebaa05
......@@ -23,6 +23,7 @@
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import javax.inject.Singleton;
......@@ -78,7 +79,12 @@ public URL getResource(String resourceName)
URL url;
try {
url = getServletContext().getResource(resourceName);
} catch (MalformedURLException e) {
// ensure to normalize the URI, we don't want relative path.
if (url != null) {
url = url.toURI().normalize().toURL();
}
} catch (MalformedURLException | URISyntaxException e) {
url = null;
this.logger.warn("Error getting resource [{}] because of invalid path format. Reason: [{}]",
resourceName, e.getMessage());
......
......@@ -21,6 +21,7 @@
import java.io.File;
import java.net.MalformedURLException;
import java.net.URL;
import javax.servlet.ServletContext;
......@@ -89,8 +90,9 @@ void getResourceOk() throws Exception
{
ServletContext servletContext = mock(ServletContext.class);
this.environment.setServletContext(servletContext);
this.environment.getResource("/test");
when(servletContext.getResource("/test")).thenReturn(new URL("file:/path/../test"));
assertEquals(new URL("file:/test"), this.environment.getResource("/test"));
verify(servletContext).getResource("/test");
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment