|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.atlassian.jira.util.PathUtils
public class PathUtils
This class contains utility methods for manipulating paths.
Method Summary | |
---|---|
static String |
appendFileSeparator(String filePath)
|
static void |
ensurePathInSecureDir(String secureDir,
String untrustedPath)
Checks if using untrustedPath would result in path traversal. |
static boolean |
isPathInSecureDir(String secureDir,
String untrustedPath)
Checks if using untrustedPath would result in path traversal. |
static String |
joinPaths(String... paths)
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail |
---|
public static String appendFileSeparator(String filePath)
public static String joinPaths(String... paths)
public static void ensurePathInSecureDir(String secureDir, String untrustedPath) throws PathTraversalException, IOException
untrustedPath
would result in path traversal. We consider that a path traversal
occurs if the file or directory refered to in untrustedPath
is not contained in
secureDir
. This method uses the technique described in IDS02-J
in the CERT Secure Coding Standard.
Note that secureDir
is assumed to be secure, so this parameter must never contain
user-supplied input.
secureDir
- a String containing the path to a "secure" base directoryuntrustedPath
- a String containing a path that was built using user-supplied input (relative or absolute)
PathTraversalException
- if untrustedPath
is not below secureDir
IOException
- if there is an I/O problem calling java.io.File.getCanonicalPath()
public static boolean isPathInSecureDir(String secureDir, String untrustedPath) throws IOException
untrustedPath
would result in path traversal. We consider that a path traversal
occurs if the file or directory refered to in untrustedPath
is not contained in
secureDir
. This method uses the technique described in IDS02-J
in the CERT Secure Coding Standard.
Note that secureDir
is assumed to be secure, so this parameter must never contain
user-supplied input.
secureDir
- a String containing the path to a "secure" base directoryuntrustedPath
- a String containing a path that was built using user-supplied input (relative or absolute)
untrustedPath
in secureDir
IOException
- if there is an I/O problem calling java.io.File.getCanonicalPath()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |