-
Type:
Bug
-
Status: Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 1.3.1 Release
-
Fix Version/s: 1.4.0 Release
-
Component/s: Framework
-
Labels:None
-
Environment:
Linux prometheus 2.6.26-1-amd64 #1 SMP Fri Mar 13 17:46:45 UTC 2009 x86_64 GNU/Linux, Debian sid
Validate a URL using the file scheme/protocol for a file on a local Linux filesystem returns false. An extensive set of tests can be found here: URLTest.java.
The following code snippet is a quick proof-of-concept:
import org.apache.commons.validator.UrlValidator; class URLTest { public static void main(String[] args) { String url = "file:///etc/hosts"; UrlValidator urlValidator = new UrlValidator(new String[] {"http", "https", "ftp", "gopher", "file"}); boolean result = urlValidator.isValid(url); System.out.println(String.format("URL '%s' is valid: %s", url, result)); } }
This issue occurs whether the scheme String[] constructor or the ALLOW_ALL_SCHEMES equivalent is used.