You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@commons.apache.org by bu...@apache.org on 2004/04/20 15:23:23 UTC

DO NOT REPLY [Bug 28496] New: - org.apache.commons.io.FileUtils.copyFile shouldn't allow to copy a file on itself

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=28496>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=28496

org.apache.commons.io.FileUtils.copyFile shouldn't allow to copy a file on itself

           Summary: org.apache.commons.io.FileUtils.copyFile shouldn't allow
                    to copy a file on itself
           Product: Commons
           Version: 1.0 Alpha
          Platform: All
               URL: http://??
        OS/Version: All
            Status: NEW
          Severity: Critical
          Priority: Other
         Component: IO
        AssignedTo: commons-dev@jakarta.apache.org
        ReportedBy: drizzi@largesys.it


The bug is described by a one-line code      

FileUtils.copyFile(new File("c:/hello.txt"), new File("c:/hello.txt"));

Try run it and check hello.txt size before and after: you will find
that the file has been razed to 0 bytes.

It should be illegal to copy a file with the same path as the destination,
or better, with the same getCanonicalPath(), so I suggest the following 
enhancement:

------------ in FileUtils.java -------------



        //make sure we can write to destination
        if (destination.exists() && !destination.canWrite()) {
            String message =
                "Unable to open file " + destination + " for writing.";
            throw new IOException(message);
        }
        
        //makes sure it is not the same file        
        if(source.getCanonicalPath().equals(destination.getCanonicalPath())) {
            String message =
                "Unable to write file " + source + " on itself.";
            throw new IOException(message);
            
        }

-- end --
this code should be safe regarding path and canonical path: you
are querying OS after existence test, and anyway you are sure
that there is a source file and it has a canonical path.
(anyway getCanonicalPath throws a IOException, which is sound
in the context)

hope this may help
daniele rizzi (drizzi@largesys.it)

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org