Sensei Logo Sensei Hub

Recipe - Suffix Matching: UseSuffixPatternMatch set to false to prevent suffix pattern matching

Description:
Prevent suffix pattern matching by setting UseSuffixPatternMatching to false
Level:
warning
Language:
  • java
Tags:
  • Spring
  • security
  • framework specific
  • web
  • Spring Web
Documentation

Prior to 5.3, Spring MVC by default allowed suffix pattern matching. In other words, a controller mapping to /users, also maps to /users.* (where the wildcard could be a path extension, such as .json or .xml). Best practices for content negotiation recommend the use of the Accept header over file extensions.

Before
configureMapping.setUseSuffixPatternMatch(true);
After
configureMapping.setUseSuffixPatternMatch(false);
Resources
Recipe
id: scw:spring:web:UseSuffixPatternMatch
version: 10
metadata:
  name: 'Suffix Matching: UseSuffixPatternMatch set to false to prevent suffix pattern matching'
  shortDescription: Prevent suffix pattern matching by setting UseSuffixPatternMatching to false
  level: warning
  language: java
  enabled: true
  descriptionFile: descriptions/Suffix_Matching_UseSuffixPatternMatch_set_to_false_to_prevent_suffix_pattern_matching.html
  tags: Spring;security;framework specific;web;Spring Web
search:
  methodcall:
    args:
      1:
        type: boolean
        value:
          stringified: "true"
    name: setUseSuffixPatternMatch
    anyOf:
    - type: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping
    - type: org.springframework.web.servlet.config.annotation.PathMatchConfigurer
scopes:
  library:
    name:
      contains: org.springframework:spring-webmvc
      caseSensitive: false
    maxVersion: 5.2.3.RELEASE
availableFixes:
- name: Set UseSuffixPatternMatch to false
  actions:
  - modifyArguments:
      rewrite:
        1: "false"