SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 27

changes.mady.by.user Pranjal Jumde

Saved on

compared with

New Version 28

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Minor changes to the NCCE and CS function names

...

Code Block
bgColor#FFcccc
public void fio52_ncence1(String filename){
	// Identify a file by its path
    Path file1 = Paths.get(filename);
 
 
    // Open the file for writing
    try(BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(Files.newOutputStream(file1)))) {
        // Write to file...
    } catch (Exception e) {
    	System.out.println("Exception during file access" + e);
    } 
    // Close the file
    /*
     * A race condition here allows for an attacker to switch
     * out the file for another
     */

    // Reopen the file for reading
    Path file2 = Paths.get(filename);
    
    
    try(BufferedReader br = new BufferedReader(new InputStreamReader(Files.newInputStream(file2)))){
        String line;
        while ((line = br.readLine()) != null) {
            System.out.println(line);
        }
    } catch (Exception e) {
        System.out.println("Exception during file access" + e);
    }
}

...

Code Block
bgColor#FFcccc
public void fio52_nce1nce2(String filename){
    // Identify a file by its path
    Path file1 = Paths.get(filename);
    // Open the file for writing
    try(BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(Files.newOutputStream(file1)))) {
            // Write to file
    } catch (Exception e) {
      System.out.println("Exception during file access" + e);
    } 
    // ...
    // Reopen the file for reading
    Path file2 = Paths.get(filename);
    if (!Files.isSameFile(file1, file2)) {
      System.out.println("File tampered with");
      // Handle error
    }
    try(BufferedReader br = new BufferedReader(new InputStreamReader(Files.newInputStream(file2)))) { 
            String line;
            while ((line = br.readLine()) != null) {
                    System.out.println(line);
            }
    } catch (Exception e) {
      System.out.println("Exception during file access" + e);
    }
}

...

Code Block
bgColor#ccccff
public void fio52_cecs1(String filename) throws IOException{
   // Identify a file by its path
   Path file1 = Paths.get(filename);
   BasicFileAttributes attr1 = Files.readAttributes(file1, BasicFileAttributes.class);
   FileTime creation1 = attr1.creationTime();
   FileTime modified1 = attr1.lastModifiedTime();

   // Open the file for writing
   try(BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(Files.newOutputStream(file1)))) {
           // Write to file...
   } catch (Exception e){
           System.out.println("Exception during file access" + e);
   } 
   // Reopen the file for reading
   Path file2 = Paths.get(filename);
   BasicFileAttributes attr2 = Files.readAttributes(file2, BasicFileAttributes.class);
   FileTime creation2 = attr2.creationTime();
   FileTime modified2 = attr2.lastModifiedTime();
   if ( (!creation1.equals(creation2)) || (!modified1.equals(modified2)) ) {
     System.out.println("File tampered with");
     // Handle error
   }
   try(BufferedReader br = new BufferedReader( new InputStreamReader(Files.newInputStream(file2)))){
		String line;
        while ((line = br.readLine()) != null) {
        	System.out.println(line);
        }
   } catch (Exception e){
       System.out.println("Exception during file access" + e);
   }
}

...

Code Block
bgColor#ccccff
public void fio52_ce1cs2(String filename) throws IOException{
    // Identify a file by its path
    Path file1 = Paths.get(filename);
    BasicFileAttributes attr1 = Files.readAttributes(file1, BasicFileAttributes.class);
    Object key1 = attr1.fileKey();
    // Open the file for writing
    try(BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(Files.newOutputStream(file1)))) {
            // Write to file
    } catch (Exception e) {
    	System.out.println("Exception during file access" + e);
    } 
    // Reopen the file for reading
    Path file2 = Paths.get(filename);
    BasicFileAttributes attr2 = Files.readAttributes(file2, BasicFileAttributes.class);
    Object key2 = attr2.fileKey();

    if ( !key1.equals(key2) ) {
      System.out.println("File tampered with");
      // Handle error
    }

    try(BufferedReader br = new BufferedReader(new InputStreamReader(Files.newInputStream(file2)))) {
    	String line;
        while ((line = br.readLine()) != null) {
        	System.out.println(line);
        }
    } catch (Exception e) {
        System.out.println("Exception during file access" + e);
    }
}

...

Code Block
bgColor#ccccff
public void fio52_ce2cs3(String filename) throws IOException{
    // Identify a file by its path
    RandomAccessFile file = new RandomAccessFile( filename, "rw");

    // Write to file...

    // Go back to beginning and read contents
    file.seek(0);
    try {
      while (true) {
        String s = file.readUTF();
        System.out.print(s);
      }
    } catch (EOFException x) {
      // Ignore, this breaks out of while loop
    }
    br.close();
}

...