Decode path in getStaticFilePath (#11812)

* Decode path in getStaticFilePath Some containers do not decode path when using getPathInfo, in case path has not been decoded there is a risk for path traversal vulnerability.
author: Tatu Lund <tatu@vaadin.com> 2019-11-19 14:31:18 +0200
committer: Anna Koskinen <Ansku@users.noreply.github.com> 2019-11-19 14:31:18 +0200
commit: ce497adfbdb6875e3cbe783cfc280999a9ae04d9 (patch)
tree: 40796b5eda810a6e86c914890b7fcf9eddfcf5c1 /server/src/test
parent: c20e2e9c1aefb99eae2bd69df02e1324c7abe479 (diff)
download: vaadin-framework-ce497adfbdb6875e3cbe783cfc280999a9ae04d9.tar.gz
vaadin-framework-ce497adfbdb6875e3cbe783cfc280999a9ae04d9.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/server/src/test/java/com/vaadin/server/VaadinServletTest.java b/server/src/test/java/com/vaadin/server/VaadinServletTest.java
index f1490208d4..652dc30665 100644
--- a/server/src/test/java/com/vaadin/server/VaadinServletTest.java
+++ b/server/src/test/java/com/vaadin/server/VaadinServletTest.java
@@ -116,6 +116,8 @@ public class VaadinServletTest {
         HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
         Mockito.when(request.getServletPath()).thenReturn(servletPath);
         Mockito.when(request.getPathInfo()).thenReturn(pathInfo);
+        Mockito.when(request.getRequestURI()).thenReturn("/context"+pathInfo);
+        Mockito.when(request.getContextPath()).thenReturn("/context");
         return request;
     }
 }
author	Tatu Lund <tatu@vaadin.com>	2019-11-19 14:31:18 +0200
committer	Anna Koskinen <Ansku@users.noreply.github.com>	2019-11-19 14:31:18 +0200
commit	ce497adfbdb6875e3cbe783cfc280999a9ae04d9 (patch)
tree	40796b5eda810a6e86c914890b7fcf9eddfcf5c1 /server/src/test
parent	c20e2e9c1aefb99eae2bd69df02e1324c7abe479 (diff)
download	vaadin-framework-ce497adfbdb6875e3cbe783cfc280999a9ae04d9.tar.gz vaadin-framework-ce497adfbdb6875e3cbe783cfc280999a9ae04d9.zip