...
This compliant solution retrieves the server IP address from an external file located in a secure directory. Exposure , as recommended by FIO00-J. Do not operate on files in shared directories. It reads the file in compliance with FIO10-J. Ensure the array is filled when using read() to fill an array. Exposure of the IP address is further limited by clearing storing it in a char array rather than a java.lang.String, and by clearing the server IP address from memory immediately after use.
| Code Block | ||
|---|---|---|
| ||
class IPaddress {
public static void main(String[] args) throws IOException {
char[] ipAddress = new char[100];
int offset = 0;
int charsRead = 0;
BufferedReader br = null;
try {
br = new BufferedReader(new InputStreamReader(
new FileInputStream("serveripaddress.txt")));
// Reads thewhile server((charsRead IP address into the char array,
= br.read(ipAddress, offset, ipAddress.length - offset))
// returns the number of bytes read != -1) {
int noffset += br.read(ipAddress);
charsRead;
if (offset >= ipAddress.length) {
// Validate server IP addressbreak;
// Manually clear}
the server IP address
}
// immediately after use
for (int i = n - 1; i >= 0; i--) { // ... Work with IP address
} finally {
ipAddress[i] =Arrays.fill(ipAddress, (byte) 0);
}
br.close();
}
}
}
|
To further limit the exposure time of the sensitive server IP address, replace BufferedReader with a direct native input/output (NIO) buffer, which can be cleared immediately after use.
...