001/* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.apache.commons.fileupload; 018 019/** 020 * This exception is thrown in case of an invalid file name. 021 * A file name is invalid, if it contains a NUL character. 022 * Attackers might use this to circumvent security checks: 023 * For example, a malicious user might upload a file with the name 024 * "foo.exe\0.png". This file name might pass security checks (i.e. 025 * checks for the extension ".png"), while, depending on the underlying 026 * C library, it might create a file named "foo.exe", as the NUL 027 * character is the string terminator in C. 028 */ 029public class InvalidFileNameException extends RuntimeException { 030 031 /** 032 * Serial version UID, being used, if the exception 033 * is serialized. 034 */ 035 private static final long serialVersionUID = 7922042602454350470L; 036 037 /** 038 * The file name causing the exception. 039 */ 040 private final String name; 041 042 /** 043 * Creates a new instance. 044 * 045 * @param pName The file name causing the exception. 046 * @param pMessage A human readable error message. 047 */ 048 public InvalidFileNameException(String pName, String pMessage) { 049 super(pMessage); 050 name = pName; 051 } 052 053 /** 054 * Returns the invalid file name. 055 * 056 * @return the invalid file name. 057 */ 058 public String getName() { 059 return name; 060 } 061 062}