Class Overview
This class contains utility methods for manipulating paths.
Summary
[Expand]
Inherited Methods |
From class
java.lang.Object
Object
|
clone()
|
boolean
|
equals(Object arg0)
|
void
|
finalize()
|
final
Class<?>
|
getClass()
|
int
|
hashCode()
|
final
void
|
notify()
|
final
void
|
notifyAll()
|
String
|
toString()
|
final
void
|
wait()
|
final
void
|
wait(long arg0, int arg1)
|
final
void
|
wait(long arg0)
|
|
Public Methods
public
static
void
ensurePathInSecureDir
(String secureDir, String untrustedPath)
Checks if using untrustedPath
would result in path traversal. We consider that a path traversal
occurs if the file or directory refered to in untrustedPath
is not contained in
secureDir
. This method uses the technique described in IDS02-J
in the CERT Secure Coding Standard.
Note that
secureDir
is assumed to be secure, so this parameter must never contain
user-supplied input.
Parameters
secureDir
| a String containing the path to a "secure" base directory |
untrustedPath
| a String containing a path that was built using user-supplied input (relative or absolute) |
public
static
boolean
isPathInSecureDir
(String secureDir, String untrustedPath)
Checks if using untrustedPath
would result in path traversal. We consider that a path traversal
occurs if the file or directory refered to in untrustedPath
is not contained in
secureDir
. This method uses the technique described in IDS02-J
in the CERT Secure Coding Standard.
Note that
secureDir
is assumed to be secure, so this parameter must never contain
user-supplied input.
Parameters
secureDir
| a String containing the path to a "secure" base directory |
untrustedPath
| a String containing a path that was built using user-supplied input (relative or absolute) |
Returns
- a boolean indicating whether
untrustedPath
in secureDir
Throws
IOException
| if there is an I/O problem calling java.io.File.getCanonicalPath()
|