Class PathUtils
java.lang.Object
org.springframework.cloud.config.server.support.PathUtils
-
Method Summary
Modifier and TypeMethodDescriptionstatic boolean
checkResource
(org.springframework.core.io.Resource resource, org.springframework.core.io.Resource location, List<org.springframework.core.io.Resource> allowedLocations) Perform additional checks on a resolved resource beyond checking whether the resources exists and is readable.static boolean
isInvalidEncodedLocation
(String location) Check whether the given location contains invalid escape sequences.static boolean
isInvalidEncodedPath
(String path) Check whether the given path contains invalid escape sequences.static boolean
isInvalidPath
(String path) Identifies invalid resource paths.protected static String
processPath
(String path) Process the given resource path.
-
Method Details
-
isInvalidEncodedLocation
Check whether the given location contains invalid escape sequences.- Parameters:
location
- the location to validate- Returns:
true
if the path is invalid,false
otherwise
-
isInvalidEncodedPath
Check whether the given path contains invalid escape sequences.- Parameters:
path
- the path to validate- Returns:
true
if the path is invalid,false
otherwise
-
processPath
Process the given resource path.The default implementation replaces:
- Backslash with forward slash.
- Duplicate occurrences of slash with a single slash.
- Any combination of leading slash and control characters (00-1F and 7F) with a
single "/" or "". For example
" / // foo/bar"
becomes"/foo/bar"
.
- Parameters:
path
- path to process- Returns:
- the processed path
- Since:
- 3.2.12
-
isInvalidPath
Identifies invalid resource paths. By default rejects:- Paths that contain "WEB-INF" or "META-INF"
- Paths that contain "../" after a call to
StringUtils.cleanPath(java.lang.String)
. - Paths that represent a
valid URL
or would represent one after the leading slash is removed.
Note: this method assumes that leading, duplicate '/' or control characters (e.g. white space) have been trimmed so that the path starts predictably with a single '/' or does not have one.
- Parameters:
path
- the path to validate- Returns:
true
if the path is invalid,false
otherwise- Since:
- 3.0.6
-
checkResource
public static boolean checkResource(org.springframework.core.io.Resource resource, org.springframework.core.io.Resource location, List<org.springframework.core.io.Resource> allowedLocations) throws IOException Perform additional checks on a resolved resource beyond checking whether the resources exists and is readable. The default implementation also verifies the resource is either under the location relative to which it was found or is under one of theallowed locations
.- Parameters:
resource
- the resource to checklocation
- the location relative to which the resource was foundallowedLocations
- set of allowed locations- Returns:
- "true" if resource is in a valid location, "false" otherwise.
- Throws:
IOException
- if Resource URLS fail to parse.- Since:
- 4.1.2
-