Suffix Matching: UseSuffixPatternMatch set to false to prevent suffix pattern matching :: Recipe Details

Recipe Name:

Suffix Matching: UseSuffixPatternMatch set to false to prevent suffix pattern matching

Description:

Prevent suffix pattern matching by setting UseSuffixPatternMatching to false

Level:

warning

Language:

java

Tags:

Spring
security
framework specific
web
Spring Web

Documentation

Prior to 5.3, Spring MVC by default allowed suffix pattern matching. In other words, a controller mapping to /users, also maps to /users.* (where the wildcard could be a path extension, such as .json or .xml). Best practices for content negotiation recommend the use of the Accept header over file extensions.

Before

configureMapping.setUseSuffixPatternMatch(true);

After

configureMapping.setUseSuffixPatternMatch(false);

Resources

Spring docs: Spring WebMVC - Suffix Match

Recipe

id: scw:spring:web:UseSuffixPatternMatch
version: 10
metadata:
  name: 'Suffix Matching: UseSuffixPatternMatch set to false to prevent suffix pattern matching'
  shortDescription: Prevent suffix pattern matching by setting UseSuffixPatternMatching to false
  level: warning
  language: java
  enabled: true
  descriptionFile: descriptions/Suffix_Matching_UseSuffixPatternMatch_set_to_false_to_prevent_suffix_pattern_matching.html
  tags: Spring;security;framework specific;web;Spring Web
search:
  methodcall:
    args:
      1:
        type: boolean
        value:
          stringified: "true"
    name: setUseSuffixPatternMatch
    anyOf:
    - type: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping
    - type: org.springframework.web.servlet.config.annotation.PathMatchConfigurer
scopes:
  library:
    name:
      contains: org.springframework:spring-webmvc
      caseSensitive: false
    maxVersion: 5.2.3.RELEASE
availableFixes:
- name: Set UseSuffixPatternMatch to false
  actions:
  - modifyArguments:
      rewrite:
        1: "false"