Validate the result of concatenation with getRealPath("")

This rule flags Java code that has references to the following methods and parameters:

• javax.servlet.http.HttpServletRequest.getRealPath("")
• javax.servlet.ServletContext.getRealPath("")
• javax.servlet.ServletRequest.getRealPath("")

In Tomcat, these method calls will return a String ending with a forward slash. In Liberty, the return value will not end with a forward slash. As a result, String concatenation with this method may point to a valid file in Tomcat, but not in Liberty. For each method call flagged, check that any code using the result accounts for the lack of a trailing slash in Liberty.

For example, assume that you have installed an exploded war to /path/app.war. Then calling getRealPath("") has the following results:

• Tomcat: /path/app.war/
• Liberty: /path/app.war