Example usage for org.springframework.util StringUtils cleanPath

List of usage examples for org.springframework.util StringUtils cleanPath

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.util.*
  5. StringUtils
  6. cleanPath

Introduction

In this page you can find the example usage for org.springframework.util StringUtils cleanPath.

Prototype

public static String cleanPath(String path)

Source Link

Document

Normalize the path by suppressing sequences like "path/.."

Usage

From source file:org.springframework.web.reactive.resource.ResourceWebHandler.java

/**
 * Identifies invalid resource paths. By default rejects:
 * <ul>//from  w  ww . j av a2  s.  c  o  m
 * <li>Paths that contain "WEB-INF" or "META-INF"
 * <li>Paths that contain "../" after a call to
 * {@link StringUtils#cleanPath}.
 * <li>Paths that represent a {@link ResourceUtils#isUrl
 * valid URL} or would represent one after the leading slash is removed.
 * </ul>
 * <p><strong>Note:</strong> this method assumes that leading, duplicate '/'
 * or control characters (e.g. white space) have been trimmed so that the
 * path starts predictably with a single '/' or does not have one.
 * @param path the path to validate
 * @return {@code true} if the path is invalid, {@code false} otherwise
 */
protected boolean isInvalidPath(String path) {
    if (logger.isTraceEnabled()) {
        logger.trace("Applying \"invalid path\" checks to path: " + path);
    }
    if (path.contains("WEB-INF") || path.contains("META-INF")) {
        if (logger.isTraceEnabled()) {
            logger.trace("Path contains \"WEB-INF\" or \"META-INF\".");
        }
        return true;
    }
    if (path.contains(":/")) {
        String relativePath = (path.charAt(0) == '/' ? path.substring(1) : path);
        if (ResourceUtils.isUrl(relativePath) || relativePath.startsWith("url:")) {
            if (logger.isTraceEnabled()) {
                logger.trace("Path represents URL or has \"url:\" prefix.");
            }
            return true;
        }
    }
    if (path.contains("..")) {
        path = StringUtils.cleanPath(path);
        if (path.contains("../")) {
            if (logger.isTraceEnabled()) {
                logger.trace("Path contains \"../\" after call to StringUtils#cleanPath.");
            }
            return true;
        }
    }
    return false;
}

From source file:org.springframework.web.servlet.support.AbstractFlashMapManager.java

@Nullable
private String decodeAndNormalizePath(@Nullable String path, HttpServletRequest request) {
    if (path != null) {
        path = getUrlPathHelper().decodeRequestString(request, path);
        if (path.charAt(0) != '/') {
            String requestUri = getUrlPathHelper().getRequestUri(request);
            path = requestUri.substring(0, requestUri.lastIndexOf('/') + 1) + path;
            path = StringUtils.cleanPath(path);
        }//  ww w. ja  va2  s. c  om
    }
    return path;
}

From source file:org.springframework.web.servlet.support.DefaultFlashMapManager.java

private String decodeAndNormalizePath(String path, HttpServletRequest request) {
    if (path != null) {
        path = this.urlPathHelper.decodeRequestString(request, path);
        if (path.charAt(0) != '/') {
            String requestUri = this.urlPathHelper.getRequestUri(request);
            path = requestUri.substring(0, requestUri.lastIndexOf('/') + 1) + path;
            path = StringUtils.cleanPath(path);
        }//from w  w  w  .j a  va2s.c o m
    }
    return path;
}