...
| Code Block | ||
|---|---|---|
| ||
public static void main(String[] args) throws Exception {
if (args.length < 1) {
// Handle error
}
String filename = args[0];
Pattern pattern = Pattern.compile("[^A-Za-z0-9._]");
Matcher matcher = pattern.matcher(filename);
if (matcher.find()) {
// File name contains bad chars; handle error
}
File f = new File(filename);
OutputStream out = new FileOutputStream(f);
// ...
}
|
Exceptions
IDS05FIO99-EX0: A program may accept a file or path name that uses "unsafe" characters provided that the developer has determined that the file is not used in a restricted sink such as a command interpreter, shell, parser,logger, or other complex subsystem that attaches a particular meaning to these characters.
...
Related Guidelines
MSC09-CPP. Character encoding: Use subset of ASCII for safety | |
Choice of Filenames and Other External Identifiers [AJN] | |
CWE-116, Improper encoding or escaping of output |
...