[undertow-dev] Different checks between servlet context's get resource methods

[Brad Wood]

Fair enough, is it worth a pull request or do we leave it?

Thanks!

~Brad

*Developer Advocate*
*Ortus Solutions, Corp *

E-mail: brad at coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com



On Wed, Jul 29, 2020 at 10:47 PM Stuart Douglas <sdouglas at redhat.com> wrote:

> Probably an oversight, I would guess that maybe there is a TCK test for
> one method and not the other :-)
>
>
> On Thu, 30 Jul 2020 at 04:07, Brad Wood <bdw429s at gmail.com> wrote:
>
>> Why does the *getResource()* method in *ServletContextImpl* have the
>> following check
>>
>>         if (!path.startsWith("/")) {
>>             throw
>> UndertowServletMessages.MESSAGES.pathMustStartWithSlash(path);
>>         }
>>
>> but the *getResourceAsStream()* method in the same class does not.
>>
>> The ServletContext spec does say "*The path must begin with a / *" for
>> the *getResource()* method
>>
>> https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#getResource-java.lang.String-
>>
>>
>> And the *getResourceAsStream()* method also says that "*The path must be
>> specified according to the rules given in getResource*"
>>
>>
>> https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#getResourceAsStream-java.lang.String-
>>
>>
>> So it seems the same validation rules should apply to both methods.
>>
>> Thanks!
>>
>> ~Brad
>>
>> *Developer Advocate*
>> *Ortus Solutions, Corp *
>>
>> E-mail: brad at coldbox.org
>> ColdBox Platform: http://www.coldbox.org
>> Blog: http://www.codersrevolution.com
>>
>> _______________________________________________
>> undertow-dev mailing list
>> undertow-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20200729/5557b451/attachment.html