RFR: JDK-8319626: Override toString() for ZipFile [v5]
Justin Lu
jlu at openjdk.org
Thu Nov 30 21:11:34 UTC 2023
On Thu, 30 Nov 2023 10:17:23 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:
>> I like the new wording (have no oppinion if absolute path is better).
>
> Hello Justin,
>
>> I am not sure if you have a preference one way or another regarding providing the full path versus just the file name, but I can switch the full path for just the file name if need be.
>
> My opinion is that we should not use the absolute path here. Section 2.1 of secure coding guidelines https://www.oracle.com/java/technologies/javase/seccodeguide.html#2-1 suggests not to include full paths in exception messages.
>
> With the proposed change to the toString() method here, which uses absolute paths, I think it would then mean that we would have to review (within the JDK) usages of (explicit or implicit) `ZipFile.toString()` to prevent accidentally including the complete paths in the exceptions, like in the case below:
>
>
> final ZipFile zf = new ZipFile("/home/me/xyz.zip");
> ... // do something
> throw new Exception("failed to handle zipfile " + zf);
Thanks Jai, that makes sense. Replaced full path with just the base name in latest commit.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/16643#discussion_r1411262907
More information about the core-libs-dev
mailing list