001/*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.commons.fileupload;
018
019/**
020 * This exception is thrown in case of an invalid file name.
021 * A file name is invalid, if it contains a NUL character.
022 * Attackers might use this to circumvent security checks:
023 * For example, a malicious user might upload a file with the name
024 * "foo.exe\0.png". This file name might pass security checks (i.e.
025 * checks for the extension ".png"), while, depending on the underlying
026 * C library, it might create a file named "foo.exe", as the NUL
027 * character is the string terminator in C.
028 */
029public class InvalidFileNameException extends RuntimeException {
030
031    /**
032     * Serial version UID, being used, if the exception
033     * is serialized.
034     */
035    private static final long serialVersionUID = 7922042602454350470L;
036
037    /**
038     * The file name causing the exception.
039     */
040    private final String name;
041
042    /**
043     * Creates a new instance.
044     *
045     * @param pName The file name causing the exception.
046     * @param pMessage A human readable error message.
047     */
048    public InvalidFileNameException(String pName, String pMessage) {
049        super(pMessage);
050        name = pName;
051    }
052
053    /**
054     * Returns the invalid file name.
055     *
056     * @return the invalid file name.
057     */
058    public String getName() {
059        return name;
060    }
061
062}