Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
1.3.1 Release
-
None
-
Linux prometheus 2.6.26-1-amd64 #1 SMP Fri Mar 13 17:46:45 UTC 2009 x86_64 GNU/Linux, Debian sid
Description
Validate a URL using the file scheme/protocol for a file on a local Linux filesystem returns false. An extensive set of tests can be found here: URLTest.java.
The following code snippet is a quick proof-of-concept:
import org.apache.commons.validator.UrlValidator; class URLTest { public static void main(String[] args) { String url = "file:///etc/hosts"; UrlValidator urlValidator = new UrlValidator(new String[] {"http", "https", "ftp", "gopher", "file"}); boolean result = urlValidator.isValid(url); System.out.println(String.format("URL '%s' is valid: %s", url, result)); } }
This issue occurs whether the scheme String[] constructor or the ALLOW_ALL_SCHEMES equivalent is used.