SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 89

changes.mady.by.user Pranjal Jumde

Saved on

compared with

New Version 90

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO00-J

Medium

Unlikely

Medium

P4

L3

Related Guidelines

CERT C Secure Coding Standard

FIO32-C. Do not perform operations on devices that are only appropriate for files

CERT C++ Secure Coding Standard

FIO32-CPP. Do not perform operations on devices that are only appropriate for files

MITRE CWE

CWE-67. Improper handling of windows device names

Android Implementation Details

On Android, the SD card ( /sdcard or /mnt/sdcard ) is shared among multiple applications, thus sensitive files should not be stored on the SD card.

See: DRD00-J. Do not store sensitive information on external storage (SD card)

Bibliography

[API 2006]

Class File, methods createTempFile, delete, deleteOnExit

[Darwin 2004]

11.5, Creating a Transient File

[Garfinkel 1996]

Section 5.6, Device Files

[Howard 2002]

Chapter 11, Canonical Representation Issues

[J2SE 2011]

The try-with-resources Statement

[Open Group 2004]

open()

[SDN 2008]

Bug IDs 4171239, 4405521, 4635827, 4631820

[Secunia 2008]

Secunia Advisory 20132

...