...
This compliant solution uses a whitelist to reject file names containing unsafe file namescharacters. Further input validation may be necessary, for example, to ensure that a file or directory name does not end with a period.
| Code Block | ||
|---|---|---|
| ||
public static void main(String[] args) throws Exception {
if (args.length < 1) {
// Handle error
}
String filename = args[0];
Pattern pattern =
Pattern.compile("[^A-Za-z0-9._]");
Matcher matcher = pattern.matcher(filename);
if (matcher.find()) {
// File name contains bad chars; handle error
}
File f = new File(filename);
OutputStream out = new FileOutputStream(f);
// ...
}
|
...