This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-io.git
The following commit(s) were added to refs/heads/master by this push:
new d203ffc Reimplement FilenameUtils.requireNonNullChars() to reuse JRE
method.
d203ffc is described below
commit d203ffc1c07e237c0154fe1d13cd298fee88f703
Author: Gary Gregory <gardgreg...@gmail.com>
AuthorDate: Tue Jan 12 12:12:56 2021 -0500
Reimplement FilenameUtils.requireNonNullChars() to reuse JRE method.
This is simpler; bonus: no repeated calls to charAt().
---
src/main/java/org/apache/commons/io/FilenameUtils.java | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/src/main/java/org/apache/commons/io/FilenameUtils.java
b/src/main/java/org/apache/commons/io/FilenameUtils.java
index d5bed27..9c82182 100644
--- a/src/main/java/org/apache/commons/io/FilenameUtils.java
+++ b/src/main/java/org/apache/commons/io/FilenameUtils.java
@@ -994,18 +994,16 @@ public class FilenameUtils {
}
/**
- * Check the input for null bytes, a sign of unsanitized data being passed
to to file level functions.
+ * Checks the input for null bytes, a sign of unsanitized data being
passed to to file level functions.
*
* This may be used for poison byte attacks.
+ *
* @param path the path to check
*/
private static void requireNonNullChars(final String path) {
- final int len = path.length();
- for (int i = 0; i < len; i++) {
- if (path.charAt(i) == 0) {
- throw new IllegalArgumentException("Null byte present in
file/path name. There are no " +
- "known legitimate use cases for such data, but several
injection attacks may use it");
- }
+ if (path.indexOf(0) >= 0) {
+ throw new IllegalArgumentException("Null byte present in file/path
name. There are no "
+ + "known legitimate use cases for such data, but several
injection attacks may use it");
}
}
