Package com.atlassian.confluence.util

Class FilesystemUtils

java.lang.Object

com.atlassian.confluence.util.FilesystemUtils

public final class FilesystemUtils
extends Object

Since:

8.6

Field Summary

Fields

Modifier and Type	Field	Description
static final List<String>	FORBIDDEN_PATH_CONTAINS
static final List<String>	FORBIDDEN_PATH_ENDINGS
static final List<String>	FORBIDDEN_PATH_EQUALS

Constructor Summary

Constructors

Constructor	Description
FilesystemUtils()

Method Summary

Modifier and Type	Method	Description
static boolean	containsEncodedPathTraversal(String str)	Checks if the given string contains any of the forbidden path traversal patterns.
static boolean	containsPathTraversal(String str)	Checks if the given string contains any of the forbidden path traversal patterns.
static boolean	isSafePath(String path)	Ensures the path is safe and is not vulnerable to path traversal vulnerabilities.
static boolean	isSafePath(Path path)
static boolean	isSafeTitleForFilesystem(String title)	Ensure the title is safe to be written to the file system.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

FORBIDDEN_PATH_EQUALS

public static final List<String> FORBIDDEN_PATH_EQUALS

FORBIDDEN_PATH_CONTAINS

public static final List<String> FORBIDDEN_PATH_CONTAINS

FORBIDDEN_PATH_ENDINGS

public static final List<String> FORBIDDEN_PATH_ENDINGS

Constructor Details

FilesystemUtils

public FilesystemUtils()

Method Details

isSafeTitleForFilesystem

public static boolean isSafeTitleForFilesystem(String title)

Ensure the title is safe to be written to the file system.

Parameters:

title - The title to check

Returns:

True if the title is safe for the filesystem, false otherwise

containsPathTraversal

public static boolean containsPathTraversal(String str)

Checks if the given string contains any of the forbidden path traversal patterns.

Parameters:

str - The string to check

Returns:

True if the string contains any of the forbidden path traversal patterns

containsEncodedPathTraversal

public static boolean containsEncodedPathTraversal(String str)

Checks if the given string contains any of the forbidden path traversal patterns. The string is first decoded using HtmlUtil.loopedUrlDecode(String).

Parameters:

str - The string to check

Returns:

True if the string contains any of the forbidden path traversal patterns

isSafePath

public static boolean isSafePath(String path)

Ensures the path is safe and is not vulnerable to path traversal vulnerabilities. On top of filesystem specific checks it also rejects any paths containing risky path elements known to cause path traversal issues in different file systems (e.g. `..`, `/..`, `..\`).

Parameters:

path - The path to check

Returns:

True if the path is safe

isSafePath

public static boolean isSafePath(Path path)

Parameters:

path - The path to check

Returns:

True if the path is safe

See Also:

• isSafePath(String)