A program may leak resources when it relies on finalize() to release system resources or when there is confusion over which part of the program is responsible for releasing system resources. In a busy system, the delay before the finalize() method is called for an object provides a window of vulnerability during which an attacker could induce a denial-of-service attack. See the guideline rule MET18-J. Do not use finalizers for additional reasons to avoid the use of finalizers.
...
Also note that on the Windows platform, attempts to delete open files fail silently. See guideline rule FIO07-J. Do not create temporary files in shared directories for more information.
See also the related locking guideline rule LCK08-J. Ensure actively held locks are released on exceptional conditions.
...
Search for vulnerabilities resulting from the violation of this guideline rule on the CERT website.
Other Languages
This guideline rule appears in the C Secure Coding Standard as FIO42-C. Ensure files are properly closed when they are no longer needed.
This guideline rule appears in the C++ Secure Coding Standard as FIO42-CPP. Ensure files are properly closed when they are no longer needed.
...