Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DefaultPathSegment allows shared empty parameters map to be mutated #27064

Closed
sbrannen opened this issue Jun 15, 2021 · 0 comments
Closed

DefaultPathSegment allows shared empty parameters map to be mutated #27064

sbrannen opened this issue Jun 15, 2021 · 0 comments
Assignees
@sbrannen
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: backported An issue that has been backported to maintenance branches type: bug A general bug
Milestone
5.3.9

Comments

@sbrannen
Copy link
Member

PR #27063 made me aware of the following existing bug.

If a PathContainer is created using Options.MESSAGE_ROUTE, DefaultPathSegment#parameters() returns a mutable map which allows the user to modify the contents of the static, shared EMPTY_PARAMS map in DefaultPathContainer.
@sbrannen sbrannen self-assigned this Jun 15, 2021
@sbrannen sbrannen added in: web Issues in web modules (web, webmvc, webflux, websocket) type: bug A general bug labels Jun 15, 2021
@sbrannen sbrannen added this to the 5.3.9 milestone Jun 15, 2021
@sbrannen sbrannen mentioned this issue Jun 15, 2021
Closed
@sbrannen sbrannen changed the title DefaultPathSegment allows shared empty map to be mutated DefaultPathSegment allows shared empty parameters map to be mutated Jun 15, 2021
sbrannen added a commit to sbrannen/spring-framework that referenced this issue Jun 15, 2021
@sbrannen
Ensure DefaultPathSegment does not allow parameters to be mutated
c5a138a 
Prior to this commit, if a PathContainer was created using
Options.MESSAGE_ROUTE, DefaultPathSegment#parameters() returned a
mutable map which would allow the user to modify the contents of the
static, shared EMPTY_PARAMS map in DefaultPathContainer.

This commit prevents corruption of the shared EMPTY_PARAMS map by
ensuring that parameters stored in DefaultPathSegment are always
immutable.

Closes spring-projectsgh-27064
@spring-projects-issues spring-projects-issues added the status: backported An issue that has been backported to maintenance branches label Jun 15, 2021
Closed
@sync-by-unito sync-by-unito bot mentioned this issue Jul 14, 2021
Merged
Zoran0104 pushed a commit to Zoran0104/spring-framework that referenced this issue Aug 20, 2021
@sbrannen @Zoran0104
Ensure DefaultPathSegment does not allow parameters to be mutated
7f8b4d6 
Prior to this commit, if a PathContainer was created using
Options.MESSAGE_ROUTE, DefaultPathSegment#parameters() returned a
mutable map which would allow the user to modify the contents of the
static, shared EMPTY_PARAMS map in DefaultPathContainer.

This commit prevents corruption of the shared EMPTY_PARAMS map by
ensuring that parameters stored in DefaultPathSegment are always
immutable.

Closes spring-projectsgh-27064
lxbzmy pushed a commit to lxbzmy/spring-framework that referenced this issue Mar 26, 2022
@sbrannen @lxbzmy
Ensure DefaultPathSegment does not allow parameters to be mutated
2d38004 
Prior to this commit, if a PathContainer was created using
Options.MESSAGE_ROUTE, DefaultPathSegment#parameters() returned a
mutable map which would allow the user to modify the contents of the
static, shared EMPTY_PARAMS map in DefaultPathContainer.

This commit prevents corruption of the shared EMPTY_PARAMS map by
ensuring that parameters stored in DefaultPathSegment are always
immutable.

Closes spring-projectsgh-27064
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sbrannen sbrannen

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: backported An issue that has been backported to maintenance branches type: bug A general bug
Projects
None yet
Milestone
5.3.9
Development

No branches or pull requests
2 participants
@sbrannen @spring-projects-issues