I have a system where user can upload file. I want to throw an exception in case the filename is contains sensitive characters like "../", etc. (to avoid Path Traversal vulnerability: "file/../../file.txt").
I have the code String originalFilename = multipartFile.getOriginalFilename();
There's an option to use StringUtils.cleanPath(originalFilename) but it's not exactly what I need (I want to validate the file, not to normalize it).
The only option I see is to compare the normalized filename (the result of the StringUtils.cleanPath(...) method) with the original String, but I'd like to know if there's something easier. For example something like: StringUtils.isPathValid(originalFilename).
In addition, I'd prefer to use a method that is already developed (open source) and commonly used instead of creating my own solution with regex.
Validate String in Java To Avoid Path Traversal
985 views Asked by rons1 At
0
There are 0 answers
Related Questions in JAVA
- I need the BIRT.war that is compatible with Java 17 and Tomcat 10
- Creating global Class holder
- No method found for class java.lang.String in Kafka
- Issue edit a jtable with a pictures
- getting error when trying to launch kotlin jar file that use supabase "java.lang.NoClassDefFoundError"
- Does the && (logical AND) operator have a higher precedence than || (logical OR) operator in Java?
- Mixed color rendering in a JTable
- HTTPS configuration in Spring Boot, server returning timeout
- How to use Layout to create textfields which dont increase in size?
- Function for making the code wait in javafx
- How to create beans of the same class for multiple template parameters in Spring
- How could you print a specific String from an array with the values of an array from a double array on the same line, using iteration to print all?
- org.telegram.telegrambots.meta.exceptions.TelegramApiException: Bot token and username can't be empty
- Accessing Secret Variables in Classic Pipelines through Java app in Azure DevOps
- Postgres && statement Error in Mybatis Mapper?
Related Questions in VALIDATION
- Terraform valdiate that one of N variables is set to "true"
- How to validate if Confirm Password is same or not with the Password in React Native using ValidateJS?
- How to create yup schema for dynamic array of different objects
- Quintic Number Number Counting Hash Function
- DropdownButtonFormField doesn't apply custom InputDecoration style
- Is there a way to set a cells value based on the value this cell held at a certain time, even when the cell value changes over time?
- Multiple regex expressions to check mobile number in javascript
- Java Pojos - Setter-Call (Field Touched) Detection
- Input Field Required
- Angular restore ngModel input field to it's previous value
- Bean Validaton : org.springframework.web.bind.MethodArgumentNotValidException
- javax validation not working on spring boot
- How to show warning message for unmatched confirm password
- Flutter TextFormField validation with Firestore
- eval_set in CatBoostRegressor
Related Questions in SECURE-CODING
- Storing Database Password
- CWE 201: fetch function
- How to convert NSCoding to NSSecureCoding?
- nonetype error when securing passwords in environment variables in windows 11
- Clearing memory buffers securely to prevent data leaks in C
- Spring Boot 3 Security with JWT Verification without Users
- How to address CWE-502 for Swift's Codable
- Deleting secure files if program crashes
- How to resolve Trust Bound Violation In Date parameter
- How to add password to Tab in order to open it's content
- I want API JSON response data but don't want it to be shown in network tab as its not specific to logged in user yet very sensitive?
- For C/C++, when people say code is insecure, does it mean the application will crash, or it can be abused to launch cyber attack?
- Securing application settings in Active Directory
- code and classes are not secure using proguard
- Validate String in Java To Avoid Path Traversal
Related Questions in STRING-UTILS
- Validate String in Java To Avoid Path Traversal
- Apache Commons Lang comes by default with Spring Boot?
- StringUtils problems. How to fix this String alphabet letter check?
- String truncation in Java based on some conditions
- Convert accent characters to english using java
- How to convert a String into HashMap?
- How to make conditions StringUtils less than specific character in Java
- Java validating input values
- The method isNullOrEmpty(String) is undefined for the type StringUtils
- How to get UpperCamelCase using StringUtils?
- Java splitting XML into Separate Strings
- How to format a string n number of times with a specified character, and then append it to another string?
- How to manipulate a string in java in below scenario
- Want to replace WhiteSpace from array of String
- String utils split - linux
Related Questions in PATH-TRAVERSAL
- Path Traversal vulnerability for a file object
- Path Traversal Issue Fix in Nodejs
- Path traversal vulnerability
- Validate String in Java To Avoid Path Traversal
- Traverse an object of arrays, for a nested form
- checkmarx stored absolute path traversal
- Openstack path traversal guidelines docs has a broken example. What went wrong?
- A Path Traversal vulnerability in asp.net core
- ASP.NET - Path Traversel exploit when downloading a File
- Input_Path_Not_Canonicalized - PathTravesal Vulnerability in checkmarx
- How to deal with Path Traversal?
- How can I perform a path traversal attack on this service hosted in IIS?
- Given the cordinates of rectangles, connect them to make path from start to end
- Fixing Path_traversel when downloading a file
- Does Azure storage allow path traversal?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)