001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.commons.fileupload;
018
019
020 /**
021 * This exception is thrown in case of an invalid file name.
022 * A file name is invalid, if it contains a NUL character.
023 * Attackers might use this to circumvent security checks:
024 * For example, a malicious user might upload a file with the name
025 * "foo.exe\0.png". This file name might pass security checks (i.e.
026 * checks for the extension ".png"), while, depending on the underlying
027 * C library, it might create a file named "foo.exe", as the NUL
028 * character is the string terminator in C.
029 */
030 public class InvalidFileNameException extends RuntimeException {
031 private static final long serialVersionUID = 7922042602454350470L;
032 private final String name;
033
034 /**
035 * Creates a new instance.
036 * @param pName The file name causing the exception.
037 * @param pMessage A human readable error message.
038 */
039 public InvalidFileNameException(String pName, String pMessage) {
040 super(pMessage);
041 name = pName;
042 }
043
044 /**
045 * Returns the invalid file name.
046 */
047 public String getName() {
048 return name;
049 }
050 }