You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/org/owasp/fileio/FileValidator.java
+133-5Lines changed: 133 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -16,6 +16,7 @@
16
16
importjava.io.File;
17
17
importjava.io.IOException;
18
18
importjava.util.ArrayList;
19
+
importjava.util.Arrays;
19
20
importjava.util.Iterator;
20
21
importjava.util.List;
21
22
importjava.util.regex.Pattern;
@@ -63,6 +64,7 @@ public FileValidator() {
63
64
64
65
/**
65
66
* Initialize file validator with an appropriate set of codecs
67
+
* @param encoder
66
68
*/
67
69
publicFileValidator(Encoderencoder) {
68
70
fileEncoder = encoder;
@@ -109,6 +111,13 @@ public void setFileEncoder(Encoder fileEncoder) {
109
111
*
110
112
* <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean
111
113
* to use /etc, use its real path (/private/etc), not the symlink (/etc).</p>
114
+
*
115
+
* @param context
116
+
* @param input
117
+
* @param parent
118
+
* @param allowNull
119
+
*
120
+
* @return true if no validation exceptions are thrown
@@ -124,6 +133,15 @@ public boolean isValidDirectoryPath(String context, String input, File parent, b
124
133
*
125
134
* <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean
126
135
* to use /etc, use its real path (/private/etc), not the symlink (/etc).</p>
136
+
*
137
+
* @param context A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the
138
+
* value passed in.
139
+
* @param input The actual input data to validate.
140
+
* @param parent
141
+
* @param allowNull If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
142
+
* @param errors
143
+
*
144
+
* @return true if no validation exceptions are thrown
@@ -144,6 +162,7 @@ public boolean isValidDirectoryPath(String context, String input, File parent, b
144
162
* @param context A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the
145
163
* value passed in.
146
164
* @param input The actual input data to validate.
165
+
* @param parent
147
166
* @param allowNull If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
148
167
*
149
168
* @return A valid directory path
@@ -192,6 +211,14 @@ public String getValidDirectoryPath(String context, String input, File parent, b
192
211
193
212
/**
194
213
* Calls getValidDirectoryPath with the supplied error List to capture ValidationExceptions
* @param context A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the
254
309
* value passed in.
255
310
* @param input The actual input data to validate.
311
+
* @param allowedExtensions
256
312
* @param allowNull If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
* <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean
324
388
* to use /etc, use its real path (/private/etc), not the symlink (/etc).</p>
389
+
*
390
+
* @param context
391
+
* @param directorypath
392
+
* @param filename
393
+
* @param parent
394
+
* @param content
395
+
* @param maxBytes
396
+
* @param allowNull
397
+
*
398
+
* @return true if no validation exceptions are thrown
* <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean
336
412
* to use /etc, use its real path (/private/etc), not the symlink (/etc).</p>
413
+
*
414
+
* @param context A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the
415
+
* value passed in.
416
+
* @param directorypath
417
+
* @param filename
418
+
* @param parent
419
+
* @param content
420
+
* @param maxBytes
421
+
* @param allowNull If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
422
+
* @param errors
423
+
*
424
+
* @return true if no validation exceptions are thrown
* @param context A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the
348
436
* value passed in.
349
-
* @param filepath The file path of the uploaded file.
437
+
* @param directorypath The file path of the uploaded file.
350
438
* @param filename The filename of the uploaded file
439
+
* @param parent
351
440
* @param content A byte array containing the content of the uploaded file.
352
441
* @param maxBytes The max number of bytes allowed for a legal file upload.
442
+
* @param allowedExtensions
353
443
* @param allowNull If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
354
444
*
355
445
* @throws ValidationException
@@ -362,9 +452,18 @@ public void assertValidFileUpload(String context, String directorypath, String f
362
452
363
453
/**
364
454
* Calls getValidFileUpload with the supplied List to capture ValidationExceptions
@@ -466,7 +590,9 @@ public byte[] getValidFileContent(String context, byte[] input, int maxBytes, bo
466
590
* @param type The regular expression name which maps to the actual regular expression from "ESAPI.properties".
467
591
* @param maxLength The maximum post-canonicalized String length allowed.
468
592
* @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
@@ -482,7 +608,9 @@ public String getValidInput(String context, String input, String type, int maxLe
482
608
* @param maxLength The maximum String length allowed. If input is canonicalized per the canonicalize argument, then maxLength must be verified after canonicalization
483
609
* @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
484
610
* @param canonicalize If canonicalize is true then input will be canonicalized before validation
611
+
*
485
612
* @return The user input, may be canonicalized if canonicalize argument is true
0 commit comments