SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 108

changes.mady.by.user Pranjal Jumde

Saved on

compared with

New Version 109

changes.mady.by.user Will Snavely

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This example also uses the deleteOnExit() method to ensure that the temporary file is deleted when the Java Virtual Machine (JVM) terminates. However, according to the Java API [API 2006] Class File, method deleteOnExit() documentation,

...

Consequently, the file is not deleted if the JVM terminates unexpectedly. A longstanding bug on Windows-based systems reported as Bug ID: 4171239 [SDN 2008] causes JVMs to fail to delete a file when deleteOnExit() is invoked before the associated stream or RandomAccessFile is closed.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO03-J

Medium

Probable

Medium

P8

L2

Related Guidelines

SEI CERT C Coding Standard

FIO21-C. Do not create temporary files in shared directories

SEI CERT C++ Coding Standard

FIO19-CPP. Do not create temporary files in shared directories

MITRE CWE

CWE-377. Insecure temporary file

 

CWE-459. Incomplete cleanup

Bibliography

[API 2006]

Class File, methods createTempFile, delete, deleteOnExit

[Darwin 2004]

11.5, Creating a Transient File

[J2SE 2011]

 

[SDN 2008]

Bug IDs 4171239, 4405521, 4635827, 4631820

[Secunia 2008]

Secunia Advisory 20132

 

...

      Rule 13: Input Output (FIO)Image Added