updated Java Logic

sahildari · sahildari · commit de08a1aec7c6 · 2025-03-22T14:40:04.000+05:30
diff --git a/Path Manipulation/while File Read/java/fileread.pathmanipulation/src/main/java/securecodingexamples/fileread/pathmanipulation/DownloadController.java b/Path Manipulation/while File Read/java/fileread.pathmanipulation/src/main/java/securecodingexamples/fileread/pathmanipulation/DownloadController.java
@@ -83,27 +83,34 @@ public ResponseEntity<?> downloadFile(@RequestParam(name = "filename", required
         }
     }
 
-    private static boolean isValidName(String filename) {
-        String name = filename.split("\\.", 2)[0];
-        if(name.isEmpty()) {
+    //Logic to validate just the extension part of the filename
+    private static boolean isValidExtension(String filename) {
+        if(!filename.contains(".")){
             return false;
         }
-        return name.matches(FILENAME_REGEX_PATTERN.pattern());
-    }
-
-    private static String validFilename(String filename) {
-        String name = filename.split("\\.", 2)[0];
-        String extension = filename.split("\\.", 2)[1];
-        return name + "." + extension;
-    }
-
-    private static boolean isValidExtension(String filename) {
-        String extension = filename.split("\\.", 2)[1];
+        String extension = filename.substring(filename.lastIndexOf(".") + 1);
         for (String ext : ALLOWED_EXTENSIONS) {
             if (ext.equals(extension)) {
                 return true;
             }
         }
         return false;
     }
+
+    //Logic to Validate just the name part of the filename
+    private static boolean isValidName(String filename) {
+        if(!filename.contains(".")){
+            return false;
+        }
+        String name = filename.substring(0, filename.lastIndexOf("."));
+        return name.matches(FILENAME_REGEX_PATTERN.pattern());
+    }
+
+    //Logic to return the valide Filename (after validating)
+    private static String validFilename(String filename) {
+        int dotIndex = filename.lastIndexOf(".");
+        String name = filename.substring(0, dotIndex);
+        String extension = filename.substring(dotIndex + 1);
+        return name + "." + extension;
+    }
 }
diff --git a/Path Manipulation/while File Upload/java/fileupload.pathmanipulation/src/main/java/securecodingexamples/fileupload/pathmanipulation/UploadController.java b/Path Manipulation/while File Upload/java/fileupload.pathmanipulation/src/main/java/securecodingexamples/fileupload/pathmanipulation/UploadController.java
@@ -73,8 +73,12 @@ public ResponseEntity<?> uploadFile(@RequestParam("file") MultipartFile file) {
         }
     }
 
+    //Logic to validate just the extension part of the filename
     private static boolean isValidExtension(String filename) {
-        String extension = filename.split("\\.", 2)[1];
+        if(!filename.contains(".")){
+            return false;
+        }
+        String extension = filename.substring(filename.lastIndexOf(".") + 1);
         for (String ext : ALLOWED_EXTENSIONS) {
             if (ext.equals(extension)) {
                 return true;
@@ -83,17 +87,24 @@ private static boolean isValidExtension(String filename) {
         return false;
     }
 
+    //Logic to Validate just the name part of the filename
     private static boolean isValidName(String filename) {
-        String name = filename.split("\\.", 2)[0];
+        if(!filename.contains(".")){
+            return false;
+        }
+        String name = filename.substring(0, filename.lastIndexOf("."));
         return name.matches(FILENAME_REGEX_PATTERN.pattern());
     }
 
+    //Logic to return the valide Filename (after validating)
     private static String validFilename(String filename) {
-        String name = filename.split("\\.", 2)[0];
-        String extension = filename.split("\\.", 2)[1];
+        int dotIndex = filename.lastIndexOf(".");
+        String name = filename.substring(0, dotIndex);
+        String extension = filename.substring(dotIndex + 1);
         return name + "." + extension;
     }
 
+    //Logic to return the unique Filename, so the file with same filename will not be overwritten
     private static String getUniqueFilename(String filename) {
         String name = filename.split("\\.", 2)[0];
         String extension = filename.split("\\.", 2)[1];
diff --git a/Unrestriced File Upload/java/src/main/java/securecodingexamples/unrestricted/fileupload/UploadController.java b/Unrestriced File Upload/java/src/main/java/securecodingexamples/unrestricted/fileupload/UploadController.java
@@ -31,7 +31,7 @@ public class UploadController{
     private static final String[] ALLOWED_EXTENSIONS = {"jpg", "png", "pdf"}; //jpg, png, pdf
     private static final Pattern FILENAME_REGEX_PATTERN = Pattern.compile("[a-zA-Z0-9-_]+");
 
-    //MAGIC_NUMBERS HashMap to contain the magic numbers of the files.
+    //MAGIC_NUMBERS HashMap to contain the allowed magic numbers of the files.
     private static final Map<String, String> MAGIC_NUMBERS = new HashMap<String, String>();
 
     static{
