Class PathUtils

java.lang.Object
org.springframework.cloud.config.server.support.PathUtils
public abstract class PathUtils extends Object

  • Method Details

    • isInvalidEncodedLocation

      public static boolean isInvalidEncodedLocation(String location)
      Check whether the given location contains invalid escape sequences.
      Parameters:
      location - the location to validate
      Returns:
      true if the path is invalid, false otherwise

    • isInvalidEncodedPath

      public static boolean isInvalidEncodedPath(String path)
      Check whether the given path contains invalid escape sequences.
      Parameters:
      path - the path to validate
      Returns:
      true if the path is invalid, false otherwise

    • processPath

      protected static String processPath(String path)
      Process the given resource path.

      The default implementation replaces:

      • Backslash with forward slash.
      • Duplicate occurrences of slash with a single slash.
      • Any combination of leading slash and control characters (00-1F and 7F) with a single "/" or "". For example " / // foo/bar" becomes "/foo/bar".
      Parameters:
      path - path to process
      Returns:
      the processed path
      Since:
      3.2.12

    • isInvalidPath

      public static boolean isInvalidPath(String path)
      Identifies invalid resource paths. By default rejects:
      • Paths that contain "WEB-INF" or "META-INF"
      • Paths that contain "../" after a call to StringUtils.cleanPath(String).
      • Paths that represent a valid URL or would represent one after the leading slash is removed.

      Note: this method assumes that leading, duplicate '/' or control characters (e.g. white space) have been trimmed so that the path starts predictably with a single '/' or does not have one.

      Parameters:
      path - the path to validate
      Returns:
      true if the path is invalid, false otherwise
      Since:
      3.0.6

    • checkResource

      public static boolean checkResource(org.springframework.core.io.Resource resource, org.springframework.core.io.Resource location, List<org.springframework.core.io.Resource> allowedLocations) throws IOException
      Perform additional checks on a resolved resource beyond checking whether the resources exists and is readable. The default implementation also verifies the resource is either under the location relative to which it was found or is under one of the
      invalid reference 
      allowed locations
      .
      Parameters:
      resource - the resource to check
      location - the location relative to which the resource was found
      allowedLocations - set of allowed locations
      Returns:
      "true" if resource is in a valid location, "false" otherwise.
      Throws:
      IOException - if Resource URLS fail to parse.
      Since:
      4.1.2