...
- Leading dashes: Leading dashes can cause problems when programs are called with the file name as a parameter because the first character or characters of the file name might be interpreted as an option switch.
- Control characters, such as newlines, carriage returns, and escape: Control characters in a file name can cause unexpected results from shell scripts and in logging.
- Spaces: Spaces can cause problems with scripts and when double quotes are not used to surround the file name.
- Invalid character encodings: Character encodings can make it difficult to perform proper validation of file and path names. (See IDS11-J. Eliminate noncharacter code points before validation).
- Name-space separation characters: Including name-space separation characters in a file or path name Namespace prefixing and conventions: Namespace prefixes can cause unexpected and potentially insecure behavior when included in a path name.
- Command interpreters, scripts, and parsers: Characters that have special meaning when processed by a command interpreter, shell, or parser.
...
| Code Block | ||
|---|---|---|
| ||
public static void main(String[] args) throws Exception {
if (args.length < 1) {
// Handle error
}
String filename = args[0];
Pattern pattern =
Pattern.compile("[^A-Za-z0-9%&+,.:=_]");
Matcher matcher = pattern.matcher(filename);
if (matcher.find()) {
// File name contains bad chars; handle error
}
File f = new File(filename);
OutputStream out = new FileOutputStream(f);
// ...
}
|
...