我正在尝试防止对我的项目进行目录遍历攻击,但我不知道这有什么问题
public static final String validateOnDiskFilePath(final String absoluteFolderPath, final String child) {
String absolutePath = null;
try {
String filePath = absoluteFolderPath + File.separator +child;
absolutePath = new File(absoluteFolderPath, child).getCanonicalPath();
if (!absolutePath.startsWith(filePath)) {
throw new SecureStorageException(MessageFormat.format("Invalid path constructed! path ={0}, absolutePath ={1}", filePath, absolutePath));
}
}catch(IOException ie){
throw new SecureStorageException("Failed to get the absolutePath", ie);
}
return absolutePath;
}
public static final String validateOnDiskFilePath(final String absoluteFolderPath) {
String absolutePath = null;
try {
absolutePath = new File(absoluteFolderPath).getCanonicalPath();
if (!absolutePath.startsWith(absoluteFolderPath)) {
throw new SecureStorageException(MessageFormat.format("Invalid path constructed! path ={0}, absolutePath ={1}", absoluteFolderPath, absolutePath));
}
}catch(IOException ie){
throw new SecureStorageException("Failed to get the absolutePath", ie);
}
return absolutePath;
}