[jira] [Commented] (IO-567) FilenameUtils is unaware of NTFS alternate data streams

Tue, 30 Jan 2018 23:13:24 -0800 

    [ 
https://issues.apache.org/jira/browse/IO-567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16346342#comment-16346342
 ] 

Jochen Wiedmann commented on IO-567:
------------------------------------

 

> it should be sanitised by the caller before use.

Which is, why we are throwing an Exception: So, that the caller knows.

 

> FilenameUtils is unaware of NTFS alternate data streams
> -------------------------------------------------------
>
>                 Key: IO-567
>                 URL: https://issues.apache.org/jira/browse/IO-567
>             Project: Commons IO
>          Issue Type: Bug
>            Reporter: Jochen Wiedmann
>            Assignee: Jochen Wiedmann
>            Priority: Minor
>
> Windows NTFS has a feature, called ADS (Alternate Data Streams). Basically, 
> it works like this: Traditionally, a file called "foo" consists of a byte 
> stream, which can be read,if we open the file "foo". Not so with NTFS. A file 
> may have other byte streams, the so-called alternate data streams. These are 
> addressed by using file names like "foo:alternate_stream_name". (Colon as a 
> separator.)
>  
> While that is not a problem in itself, it may become difficult in connection 
> with file name extensions. As you know, these have a special meaning on 
> Windows. A .exe file may be executed. Thus, a .exe file with unknown contents 
> would be dangerous. In the case of NTFS, this must be rephrased: A .exe file 
> with unknown contents in its default data stream would be dangerous.
>  
> Now consider the case of a name like "foo.exe:bar.txt". This would be the 
> alternate data stream named "bar.txt" in a file, named "foo.exe". If that 
> name is passed to FilenameUtils.getExtension(String), it would happily return 
> ".txt", although the Windows Explorer, or whatever other tool would show us 
> "foo.exe".
>  
> Commons IO should implement special case handling for this in 
> FilenameUtils.getExtension(String), and FilenameUtils.indexOfExtension(String)
>  
> Suggestion:
>  
>     a) Document the problem in Javadoc, and
>     b) Throw an IllegalArgumentException, if the file name contains a ':'.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to