com.atlassian.jira.util
Class PathUtils

java.lang.Object
  extended by com.atlassian.jira.util.PathUtils

public class PathUtils
extends Object

This class contains utility methods for manipulating paths.

Since:
v4.3

Method Summary
static String appendFileSeparator(String filePath)
           
static void ensurePathInSecureDir(String secureDir, String untrustedPath)
          Checks if using untrustedPath would result in path traversal.
static boolean isPathInSecureDir(String secureDir, String untrustedPath)
          Checks if using untrustedPath would result in path traversal.
static String joinPaths(String... paths)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

appendFileSeparator

public static String appendFileSeparator(String filePath)

joinPaths

public static String joinPaths(String... paths)

ensurePathInSecureDir

public static void ensurePathInSecureDir(String secureDir,
                                         String untrustedPath)
                                  throws PathTraversalException,
                                         IOException
Checks if using untrustedPath would result in path traversal. We consider that a path traversal occurs if the file or directory refered to in untrustedPath is not contained in secureDir. This method uses the technique described in IDS02-J in the CERT Secure Coding Standard.

Note that secureDir is assumed to be secure, so this parameter must never contain user-supplied input.

Parameters:
secureDir - a String containing the path to a "secure" base directory
untrustedPath - a String containing a path that was built using user-supplied input (relative or absolute)
Throws:
PathTraversalException - if untrustedPath is not below secureDir
IOException - if there is an I/O problem calling java.io.File.getCanonicalPath()

isPathInSecureDir

public static boolean isPathInSecureDir(String secureDir,
                                        String untrustedPath)
                                 throws IOException
Checks if using untrustedPath would result in path traversal. We consider that a path traversal occurs if the file or directory refered to in untrustedPath is not contained in secureDir. This method uses the technique described in IDS02-J in the CERT Secure Coding Standard.

Note that secureDir is assumed to be secure, so this parameter must never contain user-supplied input.

Parameters:
secureDir - a String containing the path to a "secure" base directory
untrustedPath - a String containing a path that was built using user-supplied input (relative or absolute)
Returns:
a boolean indicating whether untrustedPath in secureDir
Throws:
IOException - if there is an I/O problem calling java.io.File.getCanonicalPath()


Copyright © 2002-2014 Atlassian. All Rights Reserved.