Merge branch '5.1.x'

This commit is contained in:
Rossen Stoyanchev
2019-08-29 15:13:36 +03:00
6 changed files with 86 additions and 34 deletions

View File

@@ -19,7 +19,9 @@ import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.jupiter.api.BeforeEach;
@@ -28,8 +30,10 @@ import org.junit.jupiter.api.Test;
import org.springframework.core.io.ClassPathResource;
import org.springframework.mock.web.test.MockHttpServletRequest;
import org.springframework.mock.web.test.MockHttpServletResponse;
import org.springframework.web.bind.ServletRequestBindingException;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
/**
* Unit tests for {@code ResourceUrlEncodingFilter}.
@@ -155,14 +159,31 @@ public class ResourceUrlEncodingFilterTests {
"/resources/bar-11e16cf79faee7ac698c805cf28248d2.css?foo=bar&url=https://example.org#something");
}
private void testEncodeUrl(MockHttpServletRequest request, String url, String expected)
throws ServletException, IOException {
@Test // gh-23508
public void invalidLookupPath() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI("/a/b/../logo.png");
request.setServletPath("/a/logo.png");
this.filter.doFilter(request, new MockHttpServletResponse(), (req, res) -> {
req.setAttribute(ResourceUrlProviderExposingInterceptor.RESOURCE_URL_PROVIDER_ATTR, this.urlProvider);
String result = ((HttpServletResponse) res).encodeURL(url);
assertThat(result).isEqualTo(expected);
ResourceUrlProviderExposingInterceptor interceptor =
new ResourceUrlProviderExposingInterceptor(this.urlProvider);
assertThatThrownBy(() -> interceptor.preHandle((HttpServletRequest) req, (HttpServletResponse) res, null))
.isInstanceOf(ServletRequestBindingException.class);
});
}
private void testEncodeUrl(MockHttpServletRequest request, String url, String expected)
throws ServletException, IOException {
FilterChain chain = (req, res) -> {
req.setAttribute(ResourceUrlProviderExposingInterceptor.RESOURCE_URL_PROVIDER_ATTR, this.urlProvider);
String result = ((HttpServletResponse) res).encodeURL(url);
assertThat(result).isEqualTo(expected);
};
this.filter.doFilter(request, new MockHttpServletResponse(), chain);
}
}