...
Solutions
Description | Example | Pros & Cons | ||||||
---|---|---|---|---|---|---|---|---|
1 | Change resource Identifier from a path param to a query param in the openapi.yml | Sample of url | Pros we are still using open API Cons We are changing the URL | |||||
2 | Keep it as path param also but we need to assume that all values after this slash belong to this resource only | /passthorough:Operational/{resource-identifier: .+}. As it is single param and if you enter the value by url URL encoding then you have to change spring HttpFirewall final StrictHttpFirewall firewall = new StrictHttpFirewall(); firewall.setAllowUrlEncodedSlash(true); | Pros Cons of this work aroundworkaround workaround is not advised as allows remote attackers to read arbitrary files
a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C)
in the URL | |||||
3 | Create a method in the controller without using open apiAPI |
| Pros We may need to use this approach for other methods. Does not change the url Cons Does not use open API |