How to check if one path is a child of another path?
Unfortunately it's not as simple as StartsWith
.
Here's a better answer, adapted from this duplicate question. I've made it an extension method for ease of use. Also using a brute-force catch
as just about any method that accesses the file system can fail based on user permissions.
public static bool IsSubDirectoryOf(this string candidate, string other)
{
var isChild = false;
try
{
var candidateInfo = new DirectoryInfo(candidate);
var otherInfo = new DirectoryInfo(other);
while (candidateInfo.Parent != null)
{
if (candidateInfo.Parent.FullName == otherInfo.FullName)
{
isChild = true;
break;
}
else candidateInfo = candidateInfo.Parent;
}
}
catch (Exception error)
{
var message = String.Format("Unable to check directories {0} and {1}: {2}", candidate, other, error);
Trace.WriteLine(message);
}
return isChild;
}
I've used an extension method like this:
/// <summary>
/// Check if a directory is the base of another
/// </summary>
/// <param name="root">Candidate root</param>
/// <param name="child">Child folder</param>
public static bool IsBaseOf(this DirectoryInfo root, DirectoryInfo child)
{
var directoryPath = EndsWithSeparator(new Uri(child.FullName).AbsolutePath);
var rootPath = EndsWithSeparator(new Uri(root.FullName).AbsolutePath);
return directoryPath.StartsWith(rootPath, StringComparison.OrdinalIgnoreCase);
}
private static string EndsWithSeparator(string absolutePath)
{
return absolutePath?.TrimEnd('/','\\') + "/";
}
Any string-based solution is potentially subject to directory traversal attacks or correctness issues with things like trailing slashes. Unfortunately, the .NET Path
class does not provide this functionality, however the Uri
class does, in the form of Uri.IsBaseOf()
.
Uri potentialBase = new Uri(@"c:\dir1\");
Uri regular = new Uri(@"c:\dir1\dir2");
Uri confusing = new Uri(@"c:\temp\..\dir1\dir2");
Uri malicious = new Uri(@"c:\dir1\..\windows\system32\");
Console.WriteLine(potentialBase.IsBaseOf(regular)); // True
Console.WriteLine(potentialBase.IsBaseOf(confusing)); // True
Console.WriteLine(potentialBase.IsBaseOf(malicious)); // False