@Test public void checkResource() throws IOException { Resource location = new ClassPathResource("test/", PathResourceResolver.class); testCheckResource(location, "../testsecret/secret.txt"); testCheckResource(location, "test/../../testsecret/secret.txt"); location = new UrlResource(getClass().getResource("./test/")); String secretPath = new UrlResource(getClass().getResource("testsecret/secret.txt")).getURL().getPath(); testCheckResource(location, "file:" + secretPath); testCheckResource(location, "/file:" + secretPath); testCheckResource(location, "/" + secretPath); testCheckResource(location, "////../.." + secretPath); testCheckResource(location, "/%2E%2E/testsecret/secret.txt"); testCheckResource(location, "/%2e%2e/testsecret/secret.txt"); testCheckResource(location, " " + secretPath); testCheckResource(location, "/ " + secretPath); testCheckResource(location, "url:" + secretPath); }
@Test public void checkResourceWithAllowedLocations() { this.resolver.setAllowedLocations( new ClassPathResource("test/", PathResourceResolver.class), new ClassPathResource("testalternatepath/", PathResourceResolver.class) ); Resource location = getResource("main.css"); List<Resource> locations = Collections.singletonList(location); String actual = this.resolver.resolveUrlPath("../testalternatepath/bar.css", locations, null); assertEquals("../testalternatepath/bar.css", actual); }
@Test public void checkFileLocation() throws Exception { Resource resource = getResource("main.css"); assertTrue(this.resolver.checkResource(resource, resource)); }