Uploaded image for project: 'XWiki Commons'
  1. XWiki Commons
  2. XCOMMONS-3327

Provide an internal helper to safely access ClassLoader resources

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • Major
    • 16.10.7, 17.4.0-rc-1
    • 16.10.6
    • Classloader
    • None
    • Unit
    • Unknown
    • N/A
    • N/A

    Description

      In an application server, ClassLoader#getResource and ClassLoader#getResourceAsStream can be fooled by path traversal syntaxes (../) to go read files which are not really support to be part of the classloader.

      To make it easier to avoid this problem, it would be nice to produce a tool with a protection against that.

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-19350 Configuration files can be accessed through webjars API

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-23109 Configuration files can be accessed through jsx and sx endpoints

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed
          causes

          Bug - A problem which impairs or prevents the functions of the product. XCOMMONS-3332 Issues when creating and running an instance of XWiki 16.10.7 on Windows

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Activity

            People

              tmortagne Thomas Mortagne
              tmortagne Thomas Mortagne
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: