Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
1.3.1 Release
-
None
-
Linux prometheus 2.6.26-1-amd64 #1 SMP Fri Mar 13 17:46:45 UTC 2009 x86_64 GNU/Linux, Debian sid
Description
Validate a URL using the file scheme/protocol for a file on a local Linux filesystem returns false. An extensive set of tests can be found here: URLTest.java
.
The following code snippet is a quick proof-of-concept:
import org.apache.commons.validator.UrlValidator;
class URLTest {
public static void main(String[] args) {
String url = "file:///etc/hosts";
UrlValidator urlValidator = new UrlValidator(new String[] {"http", "https", "ftp", "gopher", "file"});
boolean result = urlValidator.isValid(url);
System.out.println(String.format("URL '%s' is valid: %s", url, result));
}
}
This issue occurs whether the scheme String[] constructor or the ALLOW_ALL_SCHEMES equivalent is used.