Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit f7238cf

Browse files
pixeebot[bot]pixeebot[bot]
authored
Introduced protections against user-controlled internal request forwarding
1 parent fbe7b75 commit f7238cf

File tree

3 files changed

+13
-2
lines changed
  • flow-tests/vaadin-spring-tests

3 files changed

+13
-2
lines changed

flow-tests/vaadin-spring-tests/pom.xml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
<maven.deploy.skip>true</maven.deploy.skip>
1919
<component.version>24.3.13</component.version>
2020
<nimbus-jose-jwt.version>9.39.3</nimbus-jose-jwt.version>
21+
<versions.java-security-toolkit>1.2.1</versions.java-security-toolkit>
2122
</properties>
2223

2324
<dependencyManagement>
@@ -64,6 +65,11 @@
6465
<type>pom</type>
6566
<scope>import</scope>
6667
</dependency>
68+
<dependency>
69+
<groupId>io.github.pixee</groupId>
70+
<artifactId>java-security-toolkit</artifactId>
71+
<version>${versions.java-security-toolkit}</version>
72+
</dependency>
6773
</dependencies>
6874
</dependencyManagement>
6975

flow-tests/vaadin-spring-tests/test-spring-security-flow-urlmapping/pom.xml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,10 @@
5050
<type>test-jar</type>
5151
<scope>test</scope>
5252
</dependency>
53+
<dependency>
54+
<groupId>io.github.pixee</groupId>
55+
<artifactId>java-security-toolkit</artifactId>
56+
</dependency>
5357
</dependencies>
5458

5559
<build>

flow-tests/vaadin-spring-tests/test-spring-security-flow-urlmapping/src/main/java/com/vaadin/flow/spring/flowsecurityurlmapping/Application.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
package com.vaadin.flow.spring.flowsecurityurlmapping;
22

3+
import static io.github.pixee.security.jakarta.PathValidator.validateDispatcherPath;
34
import jakarta.servlet.FilterChain;
45
import jakarta.servlet.ServletException;
56
import jakarta.servlet.http.HttpServletRequest;
@@ -40,8 +41,8 @@ protected void doFilterInternal(HttpServletRequest request,
4041
HttpServletResponse response,
4142
FilterChain filterChain)
4243
throws ServletException, IOException {
43-
request.getRequestDispatcher(request.getRequestURI()
44-
.substring(URL_MAPPING.length()))
44+
request.getRequestDispatcher(validateDispatcherPath(request.getRequestURI()
45+
.substring(URL_MAPPING.length())))
4546
.forward(request, response);
4647
}
4748
});

0 commit comments

Comments
 (0)