SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 65

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 66

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: moved 'all-code-examples' paragraph

...

Noncompliant Code Example

For this and subsequent code examples, we will assume that the files are automatically being created in a secure directory, to comply with rule FIO04-J. Do not operate on files in shared directories. We will also assume the files are created with proper access permissions, to compy with FIO03-J. Create files with appropriate access permissions. Both requirements may be managed outside the JVM.

This noncompliant code example makes no attempt to remove the file upon completion.

...

Code Block
bgColor#ccccff
class TempFile {
  public static void main(String[] args) {
    Path tempFile = null;
    try {
      tempFile = Files.createTempFile("tempnam", ".tmp");
      try (BufferedWriter writer = Files.newBufferedWriter(tempFile, Charset.forName("UTF8"),
                                                           StandardOpenOption.DELETE_ON_CLOSE)) {
          // write to file
      }
      System.out.println("Temporary file write done, file erased");
    } catch (FileAlreadyExistsException x) {
      System.err.println("File exists: " + tempFile);
    } catch (IOException x) {
      // Some other sort of failure, such as permissions.
      System.err.println("Error creating temporary file: " + x);
    }
  }
}

...

Compliant Solution
If a secure directory for storing temporary files is not available, then the vulnerabilities that result from using temporary files in insecure directories can be avoided by using alternate mechanisms including:
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="177c4c3e40be54ac-ebe83884-496c44bd-8042809e-88481003782886a98dd05351"><ac:plain-text-body><![CDATA[
 [[API 2006
AA. Bibliography#API 06]] 
 Class File, methods createTempFile, delete, deleteOnExit 
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="415a64fdd818496a-7ad8f87a-4a684b2f-82b7895a-94a6c329c4d6203730771355"><ac:plain-text-body><![CDATA[
 [[Darwin 2004
AA. Bibliography#Darwin 04]] 
 11.5 Creating a Transient File 
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c34a547cd40eda83-634fade6-487e4600-8de3ba6c-cd7c436fcc481881af794bad"><ac:plain-text-body><![CDATA[
 [[J2SE 2011
AA. Bibliography#J2SE 11]] 
 
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="93193f33d17771fc-7178695a-45034148-9789be33-3300ff7e8228684692387fbe"><ac:plain-text-body><![CDATA[
 [[SDN 2008
AA. Bibliography#SDN 08]] 
 Bug IDs: 4171239, 4405521, 4635827, 4631820 
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="90549099b11cf470-3bbe4786-4cfe452a-859b9e3d-be821ca8d9861f600ab0f882"><ac:plain-text-body><![CDATA[
 [[Secunia 2008
AA. Bibliography#Secunia 08]] 
 [Secunia Advisory 20132
http://secunia.com/advisories/20132/] 
]]></ac:plain-text-body></ac:structured-macro>
...