A directory is an organizational file system structure that contains Files and Directorates. Even an attacker can try to traverse or access a folder which we name as ‘File Traversal Attack or Path Traversal Attack a different directory. In short here the directory is traversed which is outside the home/root directory. These files are server-internal files that are not accessible by the user.
Traversal Attacks
- The attacker can access the file from a different directory
- Directory Browsing is allowed when the server is misconfigured
- Sometimes even an attacker can access files that are beyond the root directories of the web browser
The prerequisites required are listFiles() and considering there are no path traversal attacks.
Different Ways to traverse in a Directory
- Using listFiles() Method of File class
- Using walk() method in Java 8 and onwards
Method 1: Using listFiles() Method of File class
Suppose there exists a directory with path C:\\GFG. The following image displays the files and directories present inside GFG folder. The subdirectory “Ritik” contains a file named “Logistics.xlsx” and the subdirectory “Rohan” contains a file named “Payments.xlsx”.
GFG Directory
Approach:
- Create a File array to store the name and path of files.
- Call displayFiles method() to display all the files.
Example:
Java
// Java Program to Traverse Through a Directory// Importing required classesimport java.io.File;// Main classclass GFG { // Method 1 // To display files public static void displayFiles(File[] files) { // Traversing through the files array for (File filename : files) { // If a sub directory is found, // print the name of the sub directory if (filename.isDirectory()) { System.out.println("Directory: " + filename.getName()); // and call the displayFiles function // recursively to list files present // in sub directory displayFiles(filename.listFiles()); } // Printing the file name present in given path else { // Getting the file name System.out.println("File: " + filename.getName()); } } } // Method 2 // Main driver method public static void main(String[] args) { // Storing the name of files and directories // in an array of File type File[] files = new File("C:\\GFG").listFiles(); // Calling method 1 to // display files displayFiles(files); }} |
Output:
File: article.docx File: GFG.txt File: numbers.txt Directory: Ritik File: Logistics.xlsx Directory: Rohan File: Payments.xlsx
Method 2: Using walk() method in Java 8 and onwards
Java 8 onwards, the walk() method was introduced to iterate over the entire directory recursively and retrieve Stream<Path> as the return value.
Approach:
- Create a stream of file paths.
- Print entire directory and file path.
- Throw Exception if no such directory exists as provided in the path.
Example:
Java
// Java Program to Display Files with// Complete Path Present in a Directory// Importing required classesimport java.io.*;import java.nio.file.*;import java.util.stream.Stream;// Main classclass GFG { // Main driver method public static void main(String[] args) throws IOException { // Creating try-catch block and // providing the directory path of local machine try (Stream<Path> filepath = Files.walk(Paths.get("c:\\GFG"))) { // Printing the name of directories and files // with entire path filepath.forEach(System.out::println); } // Catch block to handle exceptions catch (IOException e) { // If no such directory exists throw an // exception throw new IOException("Directory Not Present!"); } }} |
Output:
c:\GFG c:\GFG\article.docx c:\GFG\GFG.txt c:\GFG\numbers.txt c:\GFG\Ritik c:\GFG\Ritik\Logistics.xlsx c:\GFG\Rohan c:\GFG\Rohan\Payments.xlsx
