SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 61

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 62

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added back last CS, belongs here rather than FIO04-J

...

Code Block
bgColor#ccccff
class TempFile {
  public static void main(String[] args) {
    Path tempFile = null;
    try {
      tempFile = Files.createTempFile("tempnam", ".tmp");
      try (BufferedWriter writer = Files.newBufferedWriter(tempFile, Charset.forName("UTF8"),
                                                           StandardOpenOption.DELETE_ON_CLOSE)) {
          // write to file
      }
      System.out.println("Temporary file write done, file erased");
    } catch (FileAlreadyExistsException x) {
      System.err.println("File exists: " + tempFile);
    } catch (IOException x) {
      // Some other sort of failure, such as permissions.
      System.err.println("Error creating temporary file: " + x);
    }
  }
}

Compliant Solution

If a secure directory for storing temporary files is not available, then the vulnerabilities that result from using temporary files in insecure directories can be avioded by using alternate mechanisms including:

  • other IPC mechanisms such as sockets and remote procedure calls
  • the low-level Java Native Interface (JNI).
  • memory mapped files
  • threads to share heap data within the same JVM (applies to data sharing between Java processes only)
  • a secure directory that can be accessed only by application instances, provided that multiple instances of the application running on the same platform avoid competing for the same files.

Risk Assessment

Failure to follow best practices while creating, using and deleting temporary files can lead to information leakage, misinterpretations and alterations in control flow.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0974f116b7988918-9c789c30-4cc148d7-a9dca51b-9aef92e5fa2b534f3fefeffc"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

Class File, methods createTempFile, delete, deleteOnExit

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="245ec7263bda4f7b-ba23d433-47914b23-8a08975f-7ad9564efe7f315ea2f1c150"><ac:plain-text-body><![CDATA[

[[CVE 2008

AA. Bibliography#CVE 08]]

[CVE-2008-5354

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="914de2ded620eeb7-77fa16a6-4d544f31-ad1cb74a-af024e1ceb858251cd0b28c0"><ac:plain-text-body><![CDATA[

[[Darwin 2004

AA. Bibliography#Darwin 04]]

11.5 Creating a Transient File

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="aae3c7789097c586-373505a1-40c3498e-a0b8937e-bd3dd13d9e765391327a5ad6"><ac:plain-text-body><![CDATA[

[[J2SE 2011

AA. Bibliography#J2SE 11]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="32eba9f75d674ffb-301304cc-4d0041df-b964a549-bff83a3e38ae4f748c27cb7a"><ac:plain-text-body><![CDATA[

[[SDN 2008

AA. Bibliography#SDN 08]]

Bug IDs: 4171239, 4405521, 4635827, 4631820

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="87ea107882b29d70-e075a7c3-4fc246a6-8a2d9d71-427a88ca2207ce95adda6cf3"><ac:plain-text-body><![CDATA[

[[Secunia 2008

AA. Bibliography#Secunia 08]]

[Secunia Advisory 20132

http://secunia.com/advisories/20132/]

]]></ac:plain-text-body></ac:structured-macro>

...