public class PathUtils extends Object
Modifier and Type | Method and Description |
---|---|
static String |
appendFileSeparator(String filePath) |
static void |
ensurePathInSecureDir(String secureDir,
String untrustedPath)
Checks if using
untrustedPath would result in path traversal. |
static boolean |
isChildPath(File parentPath,
File childPath)
Checks if the
childPath is in fact a child path of the provided parentPath . |
static boolean |
isPathInSecureDir(File secureDir,
File untrustedPath)
Checks if using
untrustedPath would result in path traversal. |
static boolean |
isPathInSecureDir(String secureDir,
String untrustedPath)
Checks if using
untrustedPath would result in path traversal. |
static String |
joinPaths(String... paths) |
public static void ensurePathInSecureDir(String secureDir, String untrustedPath) throws PathTraversalException, IOException
untrustedPath
would result in path traversal. We consider that a path traversal
occurs if the file or directory referred to in untrustedPath
is not contained in
secureDir
. This method uses the technique described in IDS02-J
in the CERT Secure Coding Standard.
Note that secureDir
is assumed to be secure, so this parameter must never contain
user-supplied input.
secureDir
- a String containing the path to a "secure" base directoryuntrustedPath
- a String containing a path that was built using user-supplied input (relative or absolute)PathTraversalException
- if untrustedPath
is not below secureDir
IOException
- if there is an I/O problem calling java.io.File.getCanonicalPath()
public static boolean isPathInSecureDir(String secureDir, String untrustedPath) throws IOException
untrustedPath
would result in path traversal. We consider that a path traversal
occurs if the file or directory referred to in untrustedPath
is not contained in
secureDir
. This method uses the technique described in IDS02-J
in the CERT Secure Coding Standard.
Note that secureDir
is assumed to be secure, so this parameter must never contain
user-supplied input.
secureDir
- a String containing the path to a "secure" base directoryuntrustedPath
- a String containing a path that was built using user-supplied input (relative or absolute)untrustedPath
in secureDir
IOException
- if there is an I/O problem calling java.io.File.getCanonicalPath()
public static boolean isPathInSecureDir(File secureDir, File untrustedPath) throws IOException
untrustedPath
would result in path traversal. We consider that a path traversal
occurs if the file or directory referred to in untrustedPath
is not contained in
secureDir
. This method uses the technique described in IDS02-J
in the CERT Secure Coding Standard.
Note that secureDir
is assumed to be secure, so this parameter must never contain
user-supplied input.
secureDir
- a File representing the path to a "secure" base directoryuntrustedPath
- a File representing a path that was built using user-supplied input (relative or absolute)untrustedPath
in secureDir
IOException
- if there is an I/O problem calling java.io.File.getCanonicalPath()
public static boolean isChildPath(File parentPath, File childPath) throws IOException
childPath
is in fact a child path of the provided parentPath
.parentPath
- a File representing the path to the parent directorychildPath
- a File representing the path to the child directorychildPath
is in parentPath
IOException
- if there is an I/O problem calling java.io.File.getCanonicalPath()
Copyright © 2002-2021 Atlassian. All Rights Reserved.