...
Unfortunately, there is no guarantee that the method isSameFile() really checks that the files are the same file. The Java 7 API for isSameFile() says:
If both Path objects are equal then this method returns true without checking if the file exists.
...
This approach will not work on all platforms. For example, on an Intel Core i5-2400 machine running Windows 7 Enterprise, all fileKey attributes are null.
...
Applicability
Many file-related vulnerabilities are exploited to cause a program to access an unintended file. Proper file identification is necessary to prevent exploitation.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO52-JG | medium | probable | medium | P8 | L2 |
Automated Detection
In general, it is not possible to automatically detect this problem.
Related Guidelines
C Secure Coding Standard: FIO05-C. Identify files using multiple file attributes.
Bibliography
...