Recipe Name:
Suffix Matching: UseRegisteredSuffixPatternMatch set to false to prevent suffix pattern matching
Description:
Prevent suffix pattern matching by setting UseRegisteredSuffixPatternMatch to false
Level:
warning
Language:
- java
Tags:
- Spring
- security
- framework specific
- web
- Spring Web
Documentation
setUseRegisteredSuffixPatternMatch(true) allows suffix pattern matching. In other words, a controller mapping to /users, also maps to /users.* (where the wildcard equates to a pattern registered in the contentNegotiationManager). Best practices for content negotiation recommend the use of the Accept header over file extensions.
configureMapping.setUseRegisteredSuffixPatternMatch(true);After
configureMapping.setUseRegisteredSuffixPatternMatch(false);Resources
Recipe
id: scw:spring:web:UseRegisteredSuffixPatternMatch
version: 10
metadata:
name: 'Suffix Matching: UseRegisteredSuffixPatternMatch set to false to prevent suffix pattern matching'
shortDescription: Prevent suffix pattern matching by setting UseRegisteredSuffixPatternMatch to false
level: warning
language: java
enabled: true
descriptionFile: descriptions/Suffix_Matching_UseRegisteredSuffixPatternMatch_set_to_false_to_prevent_suffix_pattern_matching.html
tags: Spring;security;framework specific;web;Spring Web
search:
methodcall:
args:
1:
type: boolean
value:
stringified: "true"
name: setUseRegisteredSuffixPatternMatch
anyOf:
- type: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping
- type: org.springframework.web.servlet.config.annotation.PathMatchConfigurer
scopes:
library:
name:
contains: org.springframework:spring-webmvc
caseSensitive: false
maxVersion: 5.2.3.RELEASE
availableFixes:
- name: Set UseRegisteredSuffixPatternMatch to false
actions:
- modifyArguments:
rewrite:
1: "false"