...
| Code Block | ||
|---|---|---|
| ||
public static void main(String[] args) {
File f = new File("/tmp/" + args[0]);
String absPath = f.getAbsolutePath();
if(!absPath.equals("/tmp/somefile")) { // Validation
throw new IllegalArgumentException();
} }
}
|
Compliant Solution
This compliant solution uses the getCanonicalPath() method, introduced in Java 2, because it resolves the aliases, shortcuts or symbolic links consistently, across all platforms. The value of the alias is not included in the returned value. Moreover, relative references like the double period (..) are also removed so that the input is reduced to a canonicalized form before validation is carried out. The getCanonicalPath() method throws a security exception when used within applets as it reveals too much information about the host machine. The getCanonicalFile() method behaves like getCanonicalPath() but returns a new File object instead of a String.
...