You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by bu...@apache.org on 2004/04/20 15:23:23 UTC
DO NOT REPLY [Bug 28496] New: -
org.apache.commons.io.FileUtils.copyFile shouldn't allow to copy a file on itself
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=28496>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=28496
org.apache.commons.io.FileUtils.copyFile shouldn't allow to copy a file on itself
Summary: org.apache.commons.io.FileUtils.copyFile shouldn't allow
to copy a file on itself
Product: Commons
Version: 1.0 Alpha
Platform: All
URL: http://??
OS/Version: All
Status: NEW
Severity: Critical
Priority: Other
Component: IO
AssignedTo: commons-dev@jakarta.apache.org
ReportedBy: drizzi@largesys.it
The bug is described by a one-line code
FileUtils.copyFile(new File("c:/hello.txt"), new File("c:/hello.txt"));
Try run it and check hello.txt size before and after: you will find
that the file has been razed to 0 bytes.
It should be illegal to copy a file with the same path as the destination,
or better, with the same getCanonicalPath(), so I suggest the following
enhancement:
------------ in FileUtils.java -------------
//make sure we can write to destination
if (destination.exists() && !destination.canWrite()) {
String message =
"Unable to open file " + destination + " for writing.";
throw new IOException(message);
}
//makes sure it is not the same file
if(source.getCanonicalPath().equals(destination.getCanonicalPath())) {
String message =
"Unable to write file " + source + " on itself.";
throw new IOException(message);
}
-- end --
this code should be safe regarding path and canonical path: you
are querying OS after existence test, and anyway you are sure
that there is a source file and it has a canonical path.
(anyway getCanonicalPath throws a IOException, which is sound
in the context)
hope this may help
daniele rizzi (drizzi@largesys.it)
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org