Package org.primefaces.util
Class FileUploadUtils
- java.lang.Object
-
- org.primefaces.util.FileUploadUtils
-
public class FileUploadUtils extends Object
Utilities for FileUpload components.
-
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static String
checkPathTraversal(String relativePath)
OWASP prevent directory path traversal of "../../image.png".protected static String
convertJavaScriptRegex(String jsRegex)
Converts a JavaScript regular expression like '/(\.|\/)(gif|jpe?g|png)$/i' to the Java usable format '(\\.|\\/)(gif|jpe?g|png)$'static <T extends javax.servlet.http.HttpServletRequest>
PathgetChunkDir(T request)
static <T extends javax.servlet.http.HttpServletRequest>
FileUploadChunkDecoder<T>getFileUploadChunkDecoder(T request)
static String
getValidFilename(String filename)
static String
getValidFilePath(String filePath)
static boolean
isSystemWindows()
static boolean
isValidType(PrimeApplicationContext context, FileUpload fileUpload, UploadedFile uploadedFile)
Check if an uploaded file meets all specifications regarding its filename and content type.static List<Path>
listChunks(Path path)
static <T extends javax.servlet.http.HttpServletRequest>
List<Path>listChunks(T request)
static void
performVirusScan(javax.faces.context.FacesContext facesContext, UploadedFile file)
static void
tryValidateFile(javax.faces.context.FacesContext context, FileUpload fileUpload, UploadedFile uploadedFile)
static void
tryValidateFiles(javax.faces.context.FacesContext context, FileUpload fileUpload, List<UploadedFile> files)
-
-
-
Method Detail
-
getValidFilePath
public static String getValidFilePath(String filePath) throws ValidationException
- Throws:
ValidationException
-
isSystemWindows
public static boolean isSystemWindows()
-
isValidType
public static boolean isValidType(PrimeApplicationContext context, FileUpload fileUpload, UploadedFile uploadedFile)
Check if an uploaded file meets all specifications regarding its filename and content type. It evaluatesFileUploadBase.getAllowTypes()
as well asFileUploadBase.getAccept()
and uses the installedFileTypeDetector
implementation. For most reliable content type checking it's recommended to plug in Apache Tika as an implementation.- Parameters:
fileUpload
- the fileUpload componentuploadedFile
- the details of the uploaded file- Returns:
true
, if all validations regarding filename and content type passed,false
else
-
convertJavaScriptRegex
protected static String convertJavaScriptRegex(String jsRegex)
Converts a JavaScript regular expression like '/(\.|\/)(gif|jpe?g|png)$/i' to the Java usable format '(\\.|\\/)(gif|jpe?g|png)$'- Parameters:
jsRegex
- the client side JavaScript regex- Returns:
- the Java converted version of the regex
-
performVirusScan
public static void performVirusScan(javax.faces.context.FacesContext facesContext, UploadedFile file) throws VirusException
- Throws:
VirusException
-
tryValidateFile
public static void tryValidateFile(javax.faces.context.FacesContext context, FileUpload fileUpload, UploadedFile uploadedFile) throws javax.faces.validator.ValidatorException
- Throws:
javax.faces.validator.ValidatorException
-
tryValidateFiles
public static void tryValidateFiles(javax.faces.context.FacesContext context, FileUpload fileUpload, List<UploadedFile> files)
-
checkPathTraversal
public static String checkPathTraversal(String relativePath)
OWASP prevent directory path traversal of "../../image.png".- Parameters:
relativePath
- the relative path to check for path traversal- Returns:
- the relative path
- Throws:
javax.faces.FacesException
- if any error is detected- See Also:
- https://owasp.org/www-community/attacks/Path_Traversal
-
listChunks
public static <T extends javax.servlet.http.HttpServletRequest> List<Path> listChunks(T request)
-
getFileUploadChunkDecoder
public static <T extends javax.servlet.http.HttpServletRequest> FileUploadChunkDecoder<T> getFileUploadChunkDecoder(T request)
-
getChunkDir
public static <T extends javax.servlet.http.HttpServletRequest> Path getChunkDir(T request)
-
-