Sensei Logo Sensei Hub

Recipe - Suffix Matching: UseRegisteredSuffixPatternMatch set to false to prevent suffix pattern matching

Description:
Prevent suffix pattern matching by setting UseRegisteredSuffixPatternMatch to false
Level:
warning
Language:
  • java
Tags:
  • Spring
  • security
  • framework specific
  • web
  • Spring Web
Documentation

setUseRegisteredSuffixPatternMatch(true) allows suffix pattern matching. In other words, a controller mapping to /users, also maps to /users.* (where the wildcard equates to a pattern registered in the contentNegotiationManager). Best practices for content negotiation recommend the use of the Accept header over file extensions.

Before
configureMapping.setUseRegisteredSuffixPatternMatch(true);
After
configureMapping.setUseRegisteredSuffixPatternMatch(false);
Resources
Recipe
id: scw:spring:web:UseRegisteredSuffixPatternMatch
version: 10
metadata:
  name: 'Suffix Matching: UseRegisteredSuffixPatternMatch set to false to prevent suffix pattern matching'
  shortDescription: Prevent suffix pattern matching by setting UseRegisteredSuffixPatternMatch to false
  level: warning
  language: java
  enabled: true
  descriptionFile: descriptions/Suffix_Matching_UseRegisteredSuffixPatternMatch_set_to_false_to_prevent_suffix_pattern_matching.html
  tags: Spring;security;framework specific;web;Spring Web
search:
  methodcall:
    args:
      1:
        type: boolean
        value:
          stringified: "true"
    name: setUseRegisteredSuffixPatternMatch
    anyOf:
    - type: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping
    - type: org.springframework.web.servlet.config.annotation.PathMatchConfigurer
scopes:
  library:
    name:
      contains: org.springframework:spring-webmvc
      caseSensitive: false
    maxVersion: 5.2.3.RELEASE
availableFixes:
- name: Set UseRegisteredSuffixPatternMatch to false
  actions:
  - modifyArguments:
      rewrite:
        1: "false"