java.lang.Object | |
↳ | com.atlassian.jira.util.PathUtils |
This class contains utility methods for manipulating paths.
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Checks if using
untrustedPath would result in path traversal. | |||||||||||
Checks if using
untrustedPath would result in path traversal. | |||||||||||
Checks if using
untrustedPath would result in path traversal. | |||||||||||
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class java.lang.Object |
Checks if using untrustedPath
would result in path traversal. We consider that a path traversal
occurs if the file or directory referred to in untrustedPath
is not contained in
secureDir
. This method uses the technique described in IDS02-J
in the CERT Secure Coding Standard.
Note that secureDir
is assumed to be secure, so this parameter must never contain
user-supplied input.
secureDir | a String containing the path to a "secure" base directory |
---|---|
untrustedPath | a String containing a path that was built using user-supplied input (relative or absolute) |
PathTraversalException | if untrustedPath is not below secureDir |
---|---|
IOException | if there is an I/O problem calling java.io.File.getCanonicalPath()
|
Checks if using untrustedPath
would result in path traversal. We consider that a path traversal
occurs if the file or directory referred to in untrustedPath
is not contained in
secureDir
. This method uses the technique described in IDS02-J
in the CERT Secure Coding Standard.
Note that secureDir
is assumed to be secure, so this parameter must never contain
user-supplied input.
secureDir | a File representing the path to a "secure" base directory |
---|---|
untrustedPath | a File representing a path that was built using user-supplied input (relative or absolute) |
untrustedPath
in secureDir
IOException | if there is an I/O problem calling java.io.File.getCanonicalPath()
|
---|
Checks if using untrustedPath
would result in path traversal. We consider that a path traversal
occurs if the file or directory referred to in untrustedPath
is not contained in
secureDir
. This method uses the technique described in IDS02-J
in the CERT Secure Coding Standard.
Note that secureDir
is assumed to be secure, so this parameter must never contain
user-supplied input.
secureDir | a String containing the path to a "secure" base directory |
---|---|
untrustedPath | a String containing a path that was built using user-supplied input (relative or absolute) |
untrustedPath
in secureDir
IOException | if there is an I/O problem calling java.io.File.getCanonicalPath()
|
---|