Although creating a file is generally usually accomplished with a single method call, this apparently-simple single action raises multiple security-related questions. What should be done if the file cannot be created? What should be done if the file already exists? What should be the file's initial attributes, such as permissions? Java provides several generations of file handling facilities. The original input/output facilities, which included basic file handling, are in the package java.io. More comprehensive facilities were included in JDK 1.4 with the New I/O package java.nio (see New I/O APIs [Oracle 2010b]). This package Still more comprehensive facilities were included in JDK 1.7 with the New IO 2 package java.nio.file. Both packages introduced a number of methods to support finer-grained control of file creation.
The rule FIO01-J. Create files with appropriate access permissions addresses the issue of how to formally indicate the permissions of a newly-created file.
Noncompliant Code Example
...