On Thu, 30 Nov 2023 10:17:23 GMT, Jaikiran Pai <j...@openjdk.org> wrote:
>> I like the new wording (have no oppinion if absolute path is better). > > Hello Justin, > >> I am not sure if you have a preference one way or another regarding >> providing the full path versus just the file name, but I can switch the full >> path for just the file name if need be. > > My opinion is that we should not use the absolute path here. Section 2.1 of > secure coding guidelines > https://www.oracle.com/java/technologies/javase/seccodeguide.html#2-1 > suggests not to include full paths in exception messages. > > With the proposed change to the toString() method here, which uses absolute > paths, I think it would then mean that we would have to review (within the > JDK) usages of (explicit or implicit) `ZipFile.toString()` to prevent > accidentally including the complete paths in the exceptions, like in the case > below: > > > final ZipFile zf = new ZipFile("/home/me/xyz.zip"); > ... // do something > throw new Exception("failed to handle zipfile " + zf); Thanks Jai, that makes sense. Replaced full path with just the base name in latest commit. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/16643#discussion_r1411262907
