View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.commons.fileupload;
18  
19  /**
20   * This exception is thrown in case of an invalid file name.
21   * A file name is invalid, if it contains a NUL character.
22   * Attackers might use this to circumvent security checks:
23   * For example, a malicious user might upload a file with the name
24   * "foo.exe\0.png". This file name might pass security checks (i.e.
25   * checks for the extension ".png"), while, depending on the underlying
26   * C library, it might create a file named "foo.exe", as the NUL
27   * character is the string terminator in C.
28   *
29   * @version $Id: InvalidFileNameException.java 1454691 2013-03-09 12:15:54Z simonetripodi $
30   */
31  public class InvalidFileNameException extends RuntimeException {
32  
33      /**
34       * Serial version UID, being used, if the exception
35       * is serialized.
36       */
37      private static final long serialVersionUID = 7922042602454350470L;
38  
39      /**
40       * The file name causing the exception.
41       */
42      private final String name;
43  
44      /**
45       * Creates a new instance.
46       *
47       * @param pName The file name causing the exception.
48       * @param pMessage A human readable error message.
49       */
50      public InvalidFileNameException(String pName, String pMessage) {
51          super(pMessage);
52          name = pName;
53      }
54  
55      /**
56       * Returns the invalid file name.
57       *
58       * @return the invalid file name.
59       */
60      public String getName() {
61          return name;
62      }
63  
64  }