From d90e7820cd8badb34603c9c03e31d21381410d6d Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 8 Nov 2014 06:08:21 -0500
Subject: [PATCH] improved file path validation and error handling

Former-commit-id: 20d4011b031ac956e9803e807de75e7e505172ae
---
 .../main/java/org/owasp/dependencycheck/CliParser.java | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
index 9dc642215..28214bc61 100644
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
@@ -134,14 +134,20 @@ public final class CliParser {
      * @throws FileNotFoundException is thrown if the path being validated does not exist.
      */
     private void validatePathExists(String path, String argumentName) throws FileNotFoundException {
-        if (!path.contains("*") && !path.contains("?")) {
+        if (path == null) {
+            final String msg = String.format("Invalid '%s' argument: null", argumentName);
+            throw new FileNotFoundException(msg);
+        } else if (!path.contains("*") && !path.contains("?")) {
             final File f = new File(path);
             if (!f.exists()) {
                 isValid = false;
                 final String msg = String.format("Invalid '%s' argument: '%s'", argumentName, path);
                 throw new FileNotFoundException(msg);
             }
-        } // else { // TODO add a validation for *.zip extensions rather then relying on the engine to validate it.
+        } else if (path.startsWith("//") || path.startsWith("\\\\")) {
+            final String msg = String.format("Invalid '%s' argument: '%s'%nUnable to scan paths that start with '//'.", argumentName, path);
+            throw new FileNotFoundException(msg);
+        }
     }
 
     /**