fmeum/PathTraversalSanitizer.java Secret

## PathTraversalSanitizer.java
class PathTraversalSanitizer {
  @MethodHook(type = HookType.AFTER, targetClassName = "java.io.File",
         targetMethod = "<init>", targetMethodDescriptor = "(Ljava/lang/String;)")
  public static void
  fileConstructorHook(MethodHandle method, Object thisObject, Object[] arguments, int hookId, Object returnValue) {
    File file = (File) thisObject;
    String pathname = (String) arguments[0];
    try {
         // Check whether the canonical path of `file` lies inside a known list of allowed paths.
         if (!file.getCanonicalPath().startsWith("/expected/path")) {
             // If not, throw a distinctive exception that is reported by Jazzer.
             throw new PotentialPathTraversalException();
         }
     } catch(IOException e) {
         // ...
     }
  }
}
	class PathTraversalSanitizer {
	@MethodHook(type = HookType.AFTER, targetClassName = "java.io.File",
	targetMethod = "<init>", targetMethodDescriptor = "(Ljava/lang/String;)")
	public static void
	fileConstructorHook(MethodHandle method, Object thisObject, Object[] arguments, int hookId, Object returnValue) {
	File file = (File) thisObject;
	String pathname = (String) arguments[0];
	try {
	// Check whether the canonical path of `file` lies inside a known list of allowed paths.
	if (!file.getCanonicalPath().startsWith("/expected/path")) {
	// If not, throw a distinctive exception that is reported by Jazzer.
	throw new PotentialPathTraversalException();
	}
	} catch(IOException e) {
	// ...
	}
	}
	}