Uploaded image for project: 'XWiki Commons'
  1. XWiki Commons
  2. XCOMMONS-3327

Provide an internal helper to safely access ClassLoader resources

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • Major
    • 16.10.7, 17.4.0-rc-1
    • 16.10.6
    • Classloader
    • None
    • Unit
    • Unknown
    • N/A
    • N/A

    Description

      In an application server, ClassLoader#getResource and ClassLoader#getResourceAsStream can be fooled by path traversal syntaxes (../) to go read files which are not really support to be part of the classloader.

      To make it easier to avoid this problem, it would be nice to produce a tool with a protection against that.

      Attachments

        Activity

          People

            tmortagne Thomas Mortagne
            tmortagne Thomas Mortagne
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: