...
| Code Block | ||
|---|---|---|
| ||
public void processFile_nce(String filename){
// Identify a file by its path
Path file1 = Paths.get(filename);
// Open the file for writing
try (BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(Files.newOutputStream(file1)))) {
// Write to file...
} catch (IOException e) {
// Handle error
}
// Close the file
/*
* A race condition here allows for an attacker to switch
* out the file for another
*/
// Reopen the file for reading
Path file2 = Paths.get(filename);
try (BufferedReader br = new BufferedReader(new InputStreamReader(Files.newInputStream(file2)))) {
String line;
while ((line = br.readLine()) != null) {
System.out.println(line);
}
} catch (IOException e) {
// Handle error
}
} |
...
| Code Block | ||
|---|---|---|
| ||
public void sameFile_nceprocessFile(String filename){ // Identify a file by its path Path file1 = Paths.get(filename); // Open the file for writing try(BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(Files.newOutputStream(file1)))) { // Write to file } catch (IOException e) { // Handle error } // ... // Reopen the file for reading Path file2 = Paths.get(filename); if (!Files.isSameFile(file1, file2)) { System.out.println("File tampered with"); // Handle error } try(BufferedReader br = new BufferedReader(new InputStreamReader(Files.newInputStream(file2)))) { String line; while ((line = br.readLine()) != null) { System.out.println(line); } } catch (IOException e) { // Handle error } } |
...
| Code Block | ||
|---|---|---|
| ||
public void sameFile_csprocessFile(String filename) throws IOException{ // Identify a file by its path Path file1 = Paths.get(filename); BasicFileAttributes attr1 = Files.readAttributes(file1, BasicFileAttributes.class); FileTime creation1 = attr1.creationTime(); FileTime modified1 = attr1.lastModifiedTime(); // Open the file for writing try (BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(Files.newOutputStream(file1)))) { // Write to file... } catch (IOException e) { // Handle error } // Reopen the file for reading Path file2 = Paths.get(filename); BasicFileAttributes attr2 = Files.readAttributes(file2, BasicFileAttributes.class); FileTime creation2 = attr2.creationTime(); FileTime modified2 = attr2.lastModifiedTime(); if ( (!creation1.equals(creation2)) || (!modified1.equals(modified2)) ) { System.out.println("File tampered with"); // Handle error } try(BufferedReader br = new BufferedReader( new InputStreamReader(Files.newInputStream(file2)))){ String line; while ((line = br.readLine()) != null) { System.out.println(line); } } catch (IOException e) { // Handle error } } |
...
| Code Block | ||
|---|---|---|
| ||
public void filekey_csprocessFile(String filename) throws IOException{ // Identify a file by its path Path file1 = Paths.get(filename); BasicFileAttributes attr1 = Files.readAttributes(file1, BasicFileAttributes.class); Object key1 = attr1.fileKey(); // Open the file for writing try(BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(Files.newOutputStream(file1)))) { // Write to file } catch (IOException e) { // Handle error } // Reopen the file for reading Path file2 = Paths.get(filename); BasicFileAttributes attr2 = Files.readAttributes(file2, BasicFileAttributes.class); Object key2 = attr2.fileKey(); if ( !key1.equals(key2) ) { System.out.println("File tampered with"); // handle error } try(BufferedReader br = new BufferedReader(new InputStreamReader(Files.newInputStream(file2)))) { String line; while ((line = br.readLine()) != null) { System.out.println(line); } } catch (IOException e) { // Handle error } } |
...
| Code Block | ||
|---|---|---|
| ||
public void randomAccess_csprocessFile(String filename) throws IOException{ // Identify a file by its path RandomAccessFile file = new RandomAccessFile( filename, "rw"); // Write to file... // Go back to beginning and read contents file.seek(0); try { while (true) { String s = file.readUTF(); System.out.print(s); } } catch (EOFException x) { // Ignore, this breaks out of while loop } br.close(); } |
...