Package com.atlassian.jira.util

Class PathUtils

java.lang.Object
com.atlassian.jira.util.PathUtils
public class PathUtils extends Object
This class contains utility methods for manipulating paths.
Since:
v4.3

  • Method Details

    • appendFileSeparator

      public static String appendFileSeparator(String filePath)

    • joinPaths

      public static String joinPaths(String... paths)

    • ensurePathInSecureDir

      public static void ensurePathInSecureDir(String secureDir, String untrustedPath) throws PathTraversalException, IOException
      Checks if using untrustedPath would result in path traversal. We consider that a path traversal occurs if the file or directory referred to in untrustedPath is not contained in secureDir. This method uses the technique described in IDS02-J in the CERT Secure Coding Standard.

      Note that secureDir is assumed to be secure, so this parameter must never contain user-supplied input.

      Parameters:
      secureDir - a String containing the path to a "secure" base directory
      untrustedPath - a String containing a path that was built using user-supplied input (relative or absolute)
      Throws:
      PathTraversalException - if untrustedPath is not below secureDir
      IOException - if there is an I/O problem calling java.io.File.getCanonicalPath()

    • isPathInSecureDir

      public static boolean isPathInSecureDir(String secureDir, String untrustedPath) throws IOException
      Checks if using untrustedPath would result in path traversal. We consider that a path traversal occurs if the file or directory referred to in untrustedPath is not contained in secureDir. This method uses the technique described in IDS02-J in the CERT Secure Coding Standard.

      Note that secureDir is assumed to be secure, so this parameter must never contain user-supplied input.

      Parameters:
      secureDir - a String containing the path to a "secure" base directory
      untrustedPath - a String containing a path that was built using user-supplied input (relative or absolute)
      Returns:
      a boolean indicating whether untrustedPath in secureDir
      Throws:
      IOException - if there is an I/O problem calling java.io.File.getCanonicalPath()

    • isPathInSecureDir

      public static boolean isPathInSecureDir(File secureDir, File untrustedPath) throws IOException
      Checks if using untrustedPath would result in path traversal. We consider that a path traversal occurs if the file or directory referred to in untrustedPath is not contained in secureDir. This method uses the technique described in IDS02-J in the CERT Secure Coding Standard.

      Note that secureDir is assumed to be secure, so this parameter must never contain user-supplied input.

      Parameters:
      secureDir - a File representing the path to a "secure" base directory
      untrustedPath - a File representing a path that was built using user-supplied input (relative or absolute)
      Returns:
      a boolean indicating whether untrustedPath in secureDir
      Throws:
      IOException - if there is an I/O problem calling java.io.File.getCanonicalPath()

    • isChildPath

      public static boolean isChildPath(File parentPath, File childPath) throws IOException
      Checks if the childPath is in fact a child path of the provided parentPath.
      Parameters:
      parentPath - a File representing the path to the parent directory
      childPath - a File representing the path to the child directory
      Returns:
      a boolean indicating whether childPath is in parentPath
      Throws:
      IOException - if there is an I/O problem calling java.io.File.getCanonicalPath()