Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.commons.fileupload;
018
019/**
020 * This exception is thrown in case of an invalid file name.
021 * A file name is invalid, if it contains a NUL character.
022 * Attackers might use this to circumvent security checks:
023 * For example, a malicious user might upload a file with the name
024 * "foo.exe\0.png". This file name might pass security checks (i.e.
025 * checks for the extension ".png"), while, depending on the underlying
026 * C library, it might create a file named "foo.exe", as the NUL
027 * character is the string terminator in C.
028 *
029 * @version $Id: InvalidFileNameException.java 1454691 2013-03-09 12:15:54Z simonetripodi $
030 */
031public class InvalidFileNameException extends RuntimeException {
032
033    /**
034     * Serial version UID, being used, if the exception
035     * is serialized.
036     */
037    private static final long serialVersionUID = 7922042602454350470L;
038
039    /**
040     * The file name causing the exception.
041     */
042    private final String name;
043
044    /**
045     * Creates a new instance.
046     *
047     * @param pName The file name causing the exception.
048     * @param pMessage A human readable error message.
049     */
050    public InvalidFileNameException(String pName, String pMessage) {
051        super(pMessage);
052        name = pName;
053    }
054
055    /**
056     * Returns the invalid file name.
057     *
058     * @return the invalid file name.
059     */
060    public String getName() {
061        return name;
062    }
063
064}