Holger,
On 4/13/26 4:02 PM, Holger Klawitter wrote:
thanks for your explanation! I understand that cgis are not a vital
component of tomcat and are subject to restrictions. But you sparked
my courisity ;-) I dug into CGIServlet and I would like to suggest a
simple addition:
<----snip
***
apache-tomcat-9.0.117-src/java/org/apache/catalina/servlets/CGIServlet.javaMon
Mar 30 20:21:16 2026
--- CGIServlet.java Mon Apr 13 21:42:19 2026
***************
*** 812,817 ****
--- 812,818 ----
cgiPath.append(cgiPathPrefix);
}
urlPath.append(servletPath);
+ cgiScript = resources.getResource(cgiPath.toString());
StringTokenizer pathWalker = new StringTokenizer(pathInfo, "/");
<----snip
Suffixes matching a directory still yield 404 (or can be explicitly mapped for
api path like calls).
This is an interesting suggestion. It looks like there aren't many unit
tests for mapping CGIServlet requests to files. It would be very helpful
to have such tests to verify the behavior before and after this proposed
patch.
In fact this is a bit safer than the current behavior as the currently (unless
you
have the option to move all scripts into a subtree) would be having to register
each
script individually in web.xml. The suggested patch also catches forgotten
files.
There is no need to map each file individually. You just need to use a
prefix map.
-chris
Christopher Schultz wrote (at 2026-04-10 09:26 -0400):
Holger,
On 4/10/26 8:39 AM, Holger Klawitter wrote:
I have made a strange observation with the cgi servlet (enabled in
local web.xml) using tomcat 9.0.117 (also *.111):
when I use a subdirectory as a url pattern, everything works fine,
but when I use a file suffix pattern, the scripts are not being found and
I am getting 404.
<servlet>
<servlet-name>cgi</servlet-name>
<servlet-class>org.apache.catalina.servlets.CGIServlet</servlet-class>
<load-on-startup>5</load-on-startup>
<init-param>
<param-name>executable</param-name>
<param-value>/usr/bin/python3</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>cgi</servlet-name>
<url-pattern>/bin/*</url-pattern><!-- works -->
<url-pattern>*.py</url-pattern><!-- does not work -->
</servlet-mapping>
* Priviledged is enabled
* no cgiPathPrefix is set.
* I tried with and without the executable init-param
* python is there and the script exists in ./simple.py and bin/simple.py
What's wrong here?
I can provide a minimal war file if needed.
The CGIServlet requires a path-mapping and won't work with an extension
mapping. It's non-trivial to make an extension mapping work, and typically
in a web application all CGIs are rooted in the same place, anyway.
So you'll need to use a path-mapping.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]