1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 package org.apache.commons.fileupload; 18 19 /** 20 * This exception is thrown in case of an invalid file name. 21 * A file name is invalid, if it contains a NUL character. 22 * Attackers might use this to circumvent security checks: 23 * For example, a malicious user might upload a file with the name 24 * "foo.exe\0.png". This file name might pass security checks (i.e. 25 * checks for the extension ".png"), while, depending on the underlying 26 * C library, it might create a file named "foo.exe", as the NUL 27 * character is the string terminator in C. 28 */ 29 public class InvalidFileNameException extends RuntimeException { 30 31 /** 32 * Serial version UID, being used, if the exception 33 * is serialized. 34 */ 35 private static final long serialVersionUID = 7922042602454350470L; 36 37 /** 38 * The file name causing the exception. 39 */ 40 private final String name; 41 42 /** 43 * Creates a new instance. 44 * 45 * @param name The file name causing the exception. 46 * @param message A human readable error message. 47 */ 48 public InvalidFileNameException(final String name, final String message) { 49 super(message); 50 this.name = name; 51 } 52 53 /** 54 * Returns the invalid file name. 55 * 56 * @return the invalid file name. 57 */ 58 public String getName() { 59 return name; 60 } 61 62 }