diff options
3 files changed, 7 insertions, 2 deletions
diff --git a/container-core/src/main/java/com/yahoo/restapi/Path.java b/container-core/src/main/java/com/yahoo/restapi/Path.java index 80f9391fb56..01bcb627639 100644 --- a/container-core/src/main/java/com/yahoo/restapi/Path.java +++ b/container-core/src/main/java/com/yahoo/restapi/Path.java @@ -46,6 +46,11 @@ public class Path { this.path = HttpURL.Path.parse(uri.getRawPath(), validator); } + /** Create a new Path for matching the given URI against patterns, without any segment validation. */ + public static Path withoutValidation(URI uri) { + return new Path(uri, __ -> { }); + } + private boolean matchesInner(String pathSpec) { values.clear(); List<String> specElements = HttpURL.Path.parse(pathSpec).segments(); diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/rule/RuleBasedRequestFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/rule/RuleBasedRequestFilter.java index fb384a3f980..88a241b8196 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/rule/RuleBasedRequestFilter.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/rule/RuleBasedRequestFilter.java @@ -118,7 +118,7 @@ public class RuleBasedRequestFilter extends JsonSecurityRequestFilterBase { boolean methodMatches = methods.isEmpty() || methods.contains(method.toUpperCase()); String host = uri.getHost(); boolean hostnameMatches = hostnames.isEmpty() || (host != null && hostnames.contains(host)); - Path pathMatcher = new Path(uri); + Path pathMatcher = Path.withoutValidation(uri); boolean pathMatches = pathGlobExpressions.isEmpty() || pathGlobExpressions.stream().anyMatch(pathMatcher::matches); return methodMatches && hostnameMatches && pathMatches; } diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/rule/RuleBasedRequestFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/rule/RuleBasedRequestFilterTest.java index c4171ecd4d7..cfd0e80968f 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/rule/RuleBasedRequestFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/rule/RuleBasedRequestFilterTest.java @@ -51,7 +51,7 @@ class RuleBasedRequestFilterTest { Metric metric = mock(Metric.class); RuleBasedRequestFilter filter = new RuleBasedRequestFilter(metric, config); MockResponseHandler responseHandler = new MockResponseHandler(); - filter.filter(request("PATCH", "http://myserver:80/path-to-resource"), responseHandler); + filter.filter(request("PATCH", "http://myserver:80/path-to-resource%2F"), responseHandler); assertAllowed(responseHandler, metric); |