akankshajain18 commented on a change in pull request #11:
URL:
https://github.com/apache/sling-org-apache-sling-engine/pull/11#discussion_r570847191
##########
File path:
src/test/java/org/apache/sling/engine/impl/request/RequestDataTest.java
##########
@@ -129,4 +129,23 @@ public void testTooManyCallsOverride() throws Exception {
}});
assertTooManyCallsException(2);
}
+
+ @Test
+ public void testConsecutiveDots() {
+ //HttpRequest with consecutive dots
+ boolean isValid = RequestData.isValidRequest("/path/content../test");
Review comment:
Included some more scenarios and created different test methods for
non-overlapped scenarios.
##########
File path: src/main/java/org/apache/sling/engine/impl/request/RequestData.java
##########
@@ -563,6 +570,21 @@ public static void service(SlingHttpServletRequest request,
}
}
+ protected static boolean isValidRequest(String path){
+ boolean isValidRequest = true;
+ if(path.contains("...")){ //invalid request
+ isValidRequest = false;
+ }else {
+ List<String> pathSplits =
Arrays.asList(path.split(VALID_REQUEST_REGEX));
Review comment:
I found the "use of spit method" straight forward.
Changed the approach to use "indexof " instead of "split"
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
