Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Config server resolves placeholders incorrectly for JSON and YAML endpoints
See original GitHub issueI am seeing problems with the resolvePlaceholder functionality in Spring Cloud Config Server. A set of examples is best. First here is an example yml file I have in my git repo…
jsk:
servlet:
healthcheck:
dirToWatch: '${catalina.home:.}/conf/_health'
When I call the server using the path used by the Spring Client the correct results are returned with the ${catalina.home:.} placeholder not being resolved.
_http://localhost:8888/sp_boot_sample/foo/ryan_test_
{
"name": "sp_boot_sample",
"profiles": [
"foo"
],
"label": "ryan_test",
"version": "ed19d558ff52e08aeb72a517e46685a344389fd1",
"propertySources": [
{
"name": "https://github.intuit.com/java-service-kit/sp-boot-sample-config/application.yml",
"source": {
"jsk.servlet.healthcheck.dirToWatch": "${catalina.home:.}/conf/_health"
}
}
]
}
It also behaives correctly when I request the configuration as properties with the resolvePlaceholder=false _http://localhost:8888/ryan_test/sp_boot_sample-foo.properties?resolvePlaceholders=false_
jsk.servlet.healthcheck.dirToWatch: ${catalina.home:.}/conf/_health
YML and JSON is where we have problems since it is trying to replace the placeholder.
_http://localhost:8888/ryan_test/sp_boot_sample-foo.json?resolvePlaceholders=false_
{
"jsk": {
"servlet": {
"healthcheck": {
"dirToWatch": "./conf/_health"
}
}
}
}
_http://localhost:8888/ryan_test/sp_boot_sample-foo.yml?resolvePlaceholders=false_
jsk:
servlet:
healthcheck:
dirToWatch: ./conf/_health
The issue gets more problematic when you remove the resolvePlaceholders as the behavior becomes inconsistent. YML _http://localhost:8888/ryan_test/sp_boot_sample-foo.yml_
jsk:
servlet:
healthcheck:
dirToWatch: ./conf/_health
JSON _http://localhost:8888/ryan_test/sp_boot_sample-foo.json_
{
"jsk": {
"servlet": {
"healthcheck": {
"dirToWatch": "./conf/_health"
}
}
}
}
Properties _http://localhost:8888/ryan_test/sp_boot_sample-foo.properties_
jsk.servlet.healthcheck.dirToWatch: /private/var/folders/5g/0hmbzds942318msw3jxvvbp0nw22jg/T/tomcat.1297932675264632683.8888/conf/_health
To be honest I am not sure which one is correct. If the properties version is the correct one then it exposes a dangerous security vulnerability since any client could start examining the server’s environment variables.
Issue Analytics
- State:
- Created 7 years ago
- Comments:5 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
That is my analysis as well, hopefully I will have more information for you soon.
I THINK this is a bug, I am able to reproduce the problem, but i am unfamiliar with the code. I also dont see any tests that test this specific scenario. I will check with the team next week and provide more info.