Many file-related security vulnerabilities result from a program accessing an unintended file object because file names are only loosely bound to underlying file objects. File names provide no information regarding the nature of the file object itself. Furthermore, the binding of a file name to a file object is re-assumed every time the file name is used in an operation. Objects of type java.io.File and of type java.nio.file.Path are bound to underlying file objects by the operating system.
The java.io.File constructors and the java.io.File methods renameTo() and delete() rely solely on file names for file identification. The same holds for the java.nio.file.Path.get() methods for creating Path objects and the move and delete methods of java.nio.file.Files. Use all of these methods with caution.
Fortunately, files Identifying that the file being opened is the right one can be difficult; see Intro-FIO51-JG. Be careful using methods that use file names for identification for more details. Files can often be identified by other attributes in addition to the file name, for example, by comparing file creation time or modification times. Information about a file that has been created and closed can be stored and then used to validate the identity of the file when it is reopened.
...