I have a system where user can upload file. I want to throw an exception in case the filename is contains sensitive characters like "../", etc. (to avoid Path Traversal vulnerability: "file/../../file.txt").
I have the code String originalFilename = multipartFile.getOriginalFilename();
There's an option to use StringUtils.cleanPath(originalFilename) but it's not exactly what I need (I want to validate the file, not to normalize it).
The only option I see is to compare the normalized filename (the result of the StringUtils.cleanPath(...) method) with the original String, but I'd like to know if there's something easier. For example something like: StringUtils.isPathValid(originalFilename).
In addition, I'd prefer to use a method that is already developed (open source) and commonly used instead of creating my own solution with regex.
Validate String in Java To Avoid Path Traversal
985 views Asked by rons1 At
0
There are 0 answers
Related Questions in JAVA
- Add image to JCheckBoxMenuItem
- How to access invisible Unordered List element with Selenium WebDriver using Java
- Inheritance in Java, apparent type vs actual type
- Java catch the ball Game
- Access objects variable & method by name
- GridBagLayout is displaying JTextField and JTextArea as short, vertical lines
- Perform a task each interval
- Compound classes stored in an array are not accessible in selenium java
- How to avoid concurrent access to a resource?
- Why does processing goes slower on implementing try catch block in java?
- Redirect inside java interceptor
- Push toolbar content below statusbar
- Animation in Java on top of JPanel
- JPA - How to query with a LIKE operator in combination with an AttributeConverter
- Java Assign a Value to an array cell
Related Questions in VALIDATION
- Escape dot in jquery validate plugin
- PHP form validation: Where to plop the code
- i want to create a service that does the login functionality?
- Stray start tag head, Element style not allowed as child of element body in this context. (Suppressing further errors from this subtree.)
- Html File Input on Chrome for Android missing extension and mime type
- javascript check input fields are not blank and check input field length?
- Symfony 2 form - date widget and validator
- Bean Validation message interpolation with array constraint parameter used as variable in message
- Bash regular expression execution hangs on long expressions
- Accessing the main object in a javax.validation.ConstraintValidator
- RAILS: date_select validation
- How can I define items of an array in a form in AngularJS
- Validation DataGridView Windows Forms
- How to handle multiple if statements PHP
- Restrict comma in asp.net textbox
Related Questions in SECURE-CODING
- Storing Database Password
- CWE 201: fetch function
- How to convert NSCoding to NSSecureCoding?
- nonetype error when securing passwords in environment variables in windows 11
- Clearing memory buffers securely to prevent data leaks in C
- Spring Boot 3 Security with JWT Verification without Users
- How to address CWE-502 for Swift's Codable
- Deleting secure files if program crashes
- How to resolve Trust Bound Violation In Date parameter
- How to add password to Tab in order to open it's content
- I want API JSON response data but don't want it to be shown in network tab as its not specific to logged in user yet very sensitive?
- For C/C++, when people say code is insecure, does it mean the application will crash, or it can be abused to launch cyber attack?
- Securing application settings in Active Directory
- code and classes are not secure using proguard
- Validate String in Java To Avoid Path Traversal
Related Questions in STRING-UTILS
- removing duplicates from string array - using HashSet
- Java Map Values to Comma Separated String
- String truncation in Java based on some conditions
- How to manipulate a string in java in below scenario
- What to use instead of str-utils functions?
- StringUtils problems. How to fix this String alphabet letter check?
- isBlank method to test string without space StringUtils.isBlank(" ") = false;
- Django simple-apps template error - no StringUtil
- "Cannot find symbol"?
- which is best between string isEmpty and StringUtils.isNotBlank()
- StringUtils.split() returns an empty string?
- Apache Commons Lang comes by default with Spring Boot?
- StringUtil indexOf() equivalent postgreSQL query
- CountMatches() equivalent Postgres query
- The method isNullOrEmpty(String) is undefined for the type StringUtils
Related Questions in PATH-TRAVERSAL
- Path Traversal vulnerability for a file object
- Path Traversal Issue Fix in Nodejs
- Path traversal vulnerability
- Validate String in Java To Avoid Path Traversal
- Traverse an object of arrays, for a nested form
- checkmarx stored absolute path traversal
- Openstack path traversal guidelines docs has a broken example. What went wrong?
- A Path Traversal vulnerability in asp.net core
- ASP.NET - Path Traversel exploit when downloading a File
- Input_Path_Not_Canonicalized - PathTravesal Vulnerability in checkmarx
- How to deal with Path Traversal?
- How can I perform a path traversal attack on this service hosted in IIS?
- Given the cordinates of rectangles, connect them to make path from start to end
- Fixing Path_traversel when downloading a file
- Does Azure storage allow path traversal?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)