Package org.apache.tomcat.util.http.fileupload

Class InvalidFileNameException

  • All Implemented Interfaces:
    java.io.Serializable
    public class InvalidFileNameException
extends java.lang.RuntimeException
    This exception is thrown in case of an invalid file name. A file name is invalid, if it contains a NUL character. Attackers might use this to circumvent security checks: For example, a malicious user might upload a file with the name "foo.exe\0.png". This file name might pass security checks (i.e. checks for the extension ".png"), while, depending on the underlying C library, it might create a file named "foo.exe", as the NUL character is the string terminator in C.
    See Also:
    Serialized Form

    • Constructor Summary

      Constructors 
      Constructor Description
      InvalidFileNameException​(java.lang.String pName, java.lang.String pMessage)
      Creates a new instance.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String getName()
      Returns the invalid file name.

      • Methods inherited from class java.lang.Throwable

        addSuppressed, fillInStackTrace, getCause, getLocalizedMessage, getMessage, getStackTrace, getSuppressed, initCause, printStackTrace, printStackTrace, printStackTrace, setStackTrace, toString

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

    • Constructor Detail

      • InvalidFileNameException

        public InvalidFileNameException​(java.lang.String pName,
                                java.lang.String pMessage)
        Creates a new instance.
        Parameters:
        pName - The file name causing the exception.
        pMessage - A human readable error message.

    • Method Detail

      • getName

        public java.lang.String getName()
        Returns the invalid file name.
        Returns:
        the invalid file name.