1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 package org.apache.commons.fileupload; 18 19 20 /** 21 * This exception is thrown in case of an invalid file name. 22 * A file name is invalid, if it contains a NUL character. 23 * Attackers might use this to circumvent security checks: 24 * For example, a malicious user might upload a file with the name 25 * "foo.exe\0.png". This file name might pass security checks (i.e. 26 * checks for the extension ".png"), while, depending on the underlying 27 * C library, it might create a file named "foo.exe", as the NUL 28 * character is the string terminator in C. 29 */ 30 public class InvalidFileNameException extends RuntimeException { 31 private static final long serialVersionUID = 7922042602454350470L; 32 private final String name; 33 34 /** 35 * Creates a new instance. 36 * @param pName The file name causing the exception. 37 * @param pMessage A human readable error message. 38 */ 39 public InvalidFileNameException(String pName, String pMessage) { 40 super(pMessage); 41 name = pName; 42 } 43 44 /** 45 * Returns the invalid file name. 46 */ 47 public String getName() { 48 return name; 49 } 50 }