Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-9098

Error not handled in ResourceServlet with malicious resource path

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Neutral
    • None
    • None
    • None
    • None

    Description

      Steps to reproduce

      1. Hit url with malicious path under .resources
        1. E.g: https://www.swissre.com/.resources/swissre-web/webresources/img/logos/%20ns=netsparker(0x00%2001CA)
      2. Status code is 500

      Expected results

      MalformedPathException should be handled and throw another error code such as 404.

      E.g:

      Actual results

      Status code is 500 internal server error

      Development notes

      • In ResourcesServlet, do not catch exception when get resource
      • JcrResourceOrigin which implements ResourceOrigin throws MalformedPathException.

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              Unassigned Unassigned
              minh.nguyen Minh Nguyen
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Bug DoR
                  Task DoD