How to configure Spring MVC to prevent "Path-Based Vulnerability"

Question

I have a Spring MVC (5.0.8.RELEASE) application and a recent security scan indicates that it has "Path-Based Vulnerability". Here is the controller:

@RequestMapping(value = "/faq", method = RequestMethod.GET)
public String faq(HttpServletRequest request) {
    return "faq";
}

For the above controller, here is the valid url for my FAQ page:

http://example.com/faq

However, based on the security scan and what I tested, the following url works too:

http://example.com/faq.anything

How can I configure Spring MVC to make http://example.com/faq to the only valid URL? (suppose that I don't use @PathVariable)

score 2 · Accepted Answer · edited Sep 24 '18 at 08:43

2

Because spring support suffix ".*" default. /person is also mapped to /person.* /person.xml or /person.pdf or /person.any is also mapped. - To completely disable the use of file extensions, you must set both of these:

.useSuffixPatternMatching(false)

.favorPathExtension(false)

https://docs.spring.io/spring/docs/current/spring-framework-reference/web.html#mvc-ann-requestmapping-suffix-pattern-match

edited Sep 24 '18 at 08:43

Markus Pscheidt

6,853
5
55
76

answered Sep 22 '18 at 14:56

Huy Nguyen

1,931
1
11
11

Hi huy, can you give a code example on how to use these methods. – antnewbee Feb 05 '20 at 05:49
Please refer to spring document, it already have a clear example. – Huy Nguyen Feb 05 '20 at 06:55

How to configure Spring MVC to prevent "Path-Based Vulnerability"

1 Answers1

Linked