Details
-
Type:
Bug
-
Status:
Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 7.5.4
-
Fix Version/s: 7.6.0
-
Component/s: None
-
Labels:None
-
Number of attachments :
Description
The following code blows up when uriInContext is a relative path like: /../../lexs/3.1/lexs.xsd
We have an application that is loading some XSD schema files that reference other schema files via a relative schemaLocation and we get a big stack trace on startup. I don't think Maven Jetty Plugin needs to worry about finding the resource but if URIUtil.canonicalPath returns null it could fairly easily avoid the NPE (which occurs on uri.startsWith). URIUtil.canonicalPath returns null when it thinks someone is trying to .. their way to another app.
The Uri orginates in and xsd file with an import:
<xsd:import
namespace="http://usdoj.gov/leisp/lexs/3.1"
schemaLocation="../../lexs/3.1/lexs.xsd"/>
I think the ../../lexs/3.1/lexs.xsd is prefixed with a leading slash by the time it gets to this method (although that may be coming from a URI resolver in the app...)
JettyWebAppContext.getResource(String uriInContext)
...
String uri = URIUtil.canonicalPath(uriInContext);
try
{
// Replace /WEB-INF/classes with candidates for the classpath
if (uri.startsWith(WEB_INF_CLASSES_PREFIX))
Activity
| Field | Original Value | New Value |
|---|---|---|
| Assignee | Jan Bartel [ janb ] |
| Status | Open [ 1 ] | Resolved [ 5 ] |
| Fix Version/s | 7.6.0 [ 17652 ] | |
| Resolution | Fixed [ 1 ] |