[undertow-dev] Different checks between servlet context's get resource methods
Stuart Douglas
sdouglas at redhat.com
Thu Jul 30 00:02:10 EDT 2020
I would just leave it for now, fixing it has the potential to break
applications, with no real gain.
Stuart
On Thu, 30 Jul 2020 at 13:51, Brad Wood <bdw429s at gmail.com> wrote:
> Fair enough, is it worth a pull request or do we leave it?
>
> Thanks!
>
> ~Brad
>
> *Developer Advocate*
> *Ortus Solutions, Corp *
>
> E-mail: brad at coldbox.org
> ColdBox Platform: http://www.coldbox.org
> Blog: http://www.codersrevolution.com
>
>
>
> On Wed, Jul 29, 2020 at 10:47 PM Stuart Douglas <sdouglas at redhat.com>
> wrote:
>
>> Probably an oversight, I would guess that maybe there is a TCK test for
>> one method and not the other :-)
>>
>>
>> On Thu, 30 Jul 2020 at 04:07, Brad Wood <bdw429s at gmail.com> wrote:
>>
>>> Why does the *getResource()* method in *ServletContextImpl* have the
>>> following check
>>>
>>> if (!path.startsWith("/")) {
>>> throw
>>> UndertowServletMessages.MESSAGES.pathMustStartWithSlash(path);
>>> }
>>>
>>> but the *getResourceAsStream()* method in the same class does not.
>>>
>>> The ServletContext spec does say "*The path must begin with a / *" for
>>> the *getResource()* method
>>>
>>> https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#getResource-java.lang.String-
>>>
>>>
>>> And the *getResourceAsStream()* method also says that "*The path must
>>> be specified according to the rules given in getResource*"
>>>
>>>
>>> https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#getResourceAsStream-java.lang.String-
>>>
>>>
>>> So it seems the same validation rules should apply to both methods.
>>>
>>> Thanks!
>>>
>>> ~Brad
>>>
>>> *Developer Advocate*
>>> *Ortus Solutions, Corp *
>>>
>>> E-mail: brad at coldbox.org
>>> ColdBox Platform: http://www.coldbox.org
>>> Blog: http://www.codersrevolution.com
>>>
>>> _______________________________________________
>>> undertow-dev mailing list
>>> undertow-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20200730/1a6c348d/attachment-0001.html
More information about the undertow-dev
mailing list