发表新帖
发表新帖

How to configure Spring MVC to prevent “Path-Based Vulnerability”

前端 未结
关注
1 1161
误落风尘
误落风尘 2021-01-27 04:30

I have a Spring MVC (5.0.8.RELEASE) application and a recent security scan indicates that it has \"Path-Based Vulnerability\". Here is the controller:

@RequestMa
相关标签:
1条回答
  • 灰色年华
    2021-01-27 04:43

    Because spring support suffix ".*" default. /person is also mapped to /person.* /person.xml or /person.pdf or /person.any is also mapped. - To completely disable the use of file extensions, you must set both of these:

    .useSuffixPatternMatching(false)

    .favorPathExtension(false)

    https://docs.spring.io/spring/docs/current/spring-framework-reference/web.html#mvc-ann-requestmapping-suffix-pattern-match

    0 讨论(0)
 看不清?
提交回复
热议问题