Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#342 FIle(File, String) is unsafe and must be suppressed

Need_for_security
open
9
2007-02-21
2007-02-21
No

Reported by Adrian Mettler

The doc-comment for File(File, String) states:

* <p> If <code>parent</code> is <code>null</code> then the new
* <code>File</code> instance is created as if by invoking the
* single-argument <code>File</code> constructor on the given
* <code>child</code> pathname string.

This "helpful" convenience behavior is a security hole, since File(String) is, of course, suppressed.

Discussion