Reputation: 21
Validate String in Java To Avoid Path Traversal
I have a system where user can upload file. I want to throw an exception in case the filename is contains sensitive characters like "../", etc. (to avoid Path Traversal vulnerability: "file/../../file.txt").
I have the code String originalFilename = multipartFile.getOriginalFilename();
There's an option to use StringUtils.cleanPath(originalFilename) but it's not exactly what I need (I want to validate the file, not to normalize it).
The only option I see is to compare the normalized filename (the result of the StringUtils.cleanPath(...) method) with the original String, but I'd like to know if there's something easier. For example something like: StringUtils.isPathValid(originalFilename).
In addition, I'd prefer to use a method that is already developed (open source) and commonly used instead of creating my own solution with regex.
Upvotes: 0
Views: 1448
Answers (0)
Related Questions
- String path validation
- Is there a way in Java to determine if a path is valid without attempting to create a file?
- ( Strict ) Relative Path Verification
- How to validate that the string path is valid in java class
- Validate to prevent a path string to go up to parent folder
- How to check the file string path is valid in java
- How to validate a file path in java?
- Making sure a path string is a valid java path string
- How do check if user-input path is correct?
- How to check whether a (String) location is a valid saving path in Java?