// 此代码有路径操纵风险
File file = new File(FilenameUtils.normalize(path));
解决方案
import org.apache.commons.io.FilenameUtils;
File file = new File(FilenameUtils.normalize(path));
依赖
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</dependency>