org.primefaces.util

Class FileUploadUtils

java.lang.Object

org.primefaces.util.FileUploadUtils

public class FileUploadUtils
extends Object

Utilities for FileUpload components.

Method Summary

Modifier and Type	Method and Description
static boolean	areValidFiles(javax.faces.context.FacesContext context, FileUpload fileUpload, List<UploadedFile> files)
static String	checkPathTraversal(String relativePath) OWASP prevent directory path traversal of "../../image.png".
static String	getValidFilename(String filename)
static String	getValidFilePath(String filePath)
static boolean	isSystemWindows()
static boolean	isValidFile(javax.faces.context.FacesContext context, FileUpload fileUpload, UploadedFile uploadedFile)
static boolean	isValidType(PrimeApplicationContext context, FileUpload fileUpload, UploadedFile uploadedFile) Check if an uploaded file meets all specifications regarding its filename and content type.
static void	performVirusScan(javax.faces.context.FacesContext facesContext, InputStream inputStream)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getValidFilename

public static String getValidFilename(String filename)

getValidFilePath

public static String getValidFilePath(String filePath)
                               throws ValidationException

Throws:

ValidationException

isSystemWindows

public static boolean isSystemWindows()

isValidType

public static boolean isValidType(PrimeApplicationContext context,
                                  FileUpload fileUpload,
                                  UploadedFile uploadedFile)

Check if an uploaded file meets all specifications regarding its filename and content type. It evaluates FileUploadBase.getAllowTypes() as well as FileUploadBase.getAccept() and uses the installed FileTypeDetector implementation. For most reliable content type checking it's recommended to plug in Apache Tika as an implementation.

Parameters:

fileUpload - the fileUpload component

uploadedFile - the details of the uploaded file

Returns:

true, if all validations regarding filename and content type passed, false else

performVirusScan

public static void performVirusScan(javax.faces.context.FacesContext facesContext,
                                    InputStream inputStream)
                             throws VirusException

Throws:

VirusException

isValidFile

public static boolean isValidFile(javax.faces.context.FacesContext context,
                                  FileUpload fileUpload,
                                  UploadedFile uploadedFile)
                           throws IOException

Throws:

IOException

areValidFiles

public static boolean areValidFiles(javax.faces.context.FacesContext context,
                                    FileUpload fileUpload,
                                    List<UploadedFile> files)
                             throws IOException

Throws:

IOException

checkPathTraversal

public static String checkPathTraversal(String relativePath)

OWASP prevent directory path traversal of "../../image.png".

Parameters:

relativePath - the relative path to check for path traversal

Returns:

the relative path

Throws:

javax.faces.FacesException - if any error is detected

See Also:

https://www.owasp.org/index.php/Path_Traversal