View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.commons.fileupload;
18  
19  /**
20   * This exception is thrown in case of an invalid file name.
21   * A file name is invalid, if it contains a NUL character.
22   * Attackers might use this to circumvent security checks:
23   * For example, a malicious user might upload a file with the name
24   * "foo.exe\0.png". This file name might pass security checks (i.e.
25   * checks for the extension ".png"), while, depending on the underlying
26   * C library, it might create a file named "foo.exe", as the NUL
27   * character is the string terminator in C.
28   */
29  public class InvalidFileNameException extends RuntimeException {
30  
31      /**
32       * Serial version UID, being used, if the exception
33       * is serialized.
34       */
35      private static final long serialVersionUID = 7922042602454350470L;
36  
37      /**
38       * The file name causing the exception.
39       */
40      private final String name;
41  
42      /**
43       * Creates a new instance.
44       *
45       * @param pName The file name causing the exception.
46       * @param pMessage A human readable error message.
47       */
48      public InvalidFileNameException(String pName, String pMessage) {
49          super(pMessage);
50          name = pName;
51      }
52  
53      /**
54       * Returns the invalid file name.
55       *
56       * @return the invalid file name.
57       */
58      public String getName() {
59          return name;
60      }
61  
62  }