Wiki Markup
Noncompliant Code Example (
...
delete())
In this This noncompliant code example , the file referenced by file is opened for writing. This example is noncompliant if the programmer's intent was to create a new file, but the referenced file already existsattempts to delete a specified file but gives no indication of its success. The Java platform requires File.delete() to throw a SecurityException only when the program lacks authorization to delete the file [API 2014]. No other exceptions are thrown, so the deletion can silently fail.
| Code Block | ||
|---|---|---|
| ||
StringFile file; OutputStream out = new FileOutputStream(fileFile(args[0]); file.delete(); |
Compliant Solution
...
This compliant solution uses the CREATE_NEW option from Java 1.7, which causes an exception to be thrown if the file being created already exists.checks the return value of delete():
| Code Block | ||
|---|---|---|
| ||
PathFile file = new File("file").toPath(); tryif (OutputStream out = Files.newOutputStream( file, StandardOpenOption.CREATE_NEW);!file.delete()) { // Deletion writefailed, tohandle outerror }; |
Noncompliant Code Example (FileWriter())
In this noncompliant code example, the file referenced by file is opened for writing. Again, the example is noncompliant if the programmer's intent was to create a new file, but the referenced file already exists.
| Code Block | ||
|---|---|---|
| ||
String file;
Writer out = new FileWriter(file);
|
Compliant Solution (Java 1.7, StandardOpenOption.CREATE_NEW)
Compliant Solution
This compliant solution uses the java.nio.file.Files.delete() method from Java SE 7 to delete the file:This compliant solution uses the CREATE_NEW option from Java 1.7, which causes an exception to be thrown if the file being created already exists.
| Code Block | ||
|---|---|---|
| ||
Path file = new File("file"args[0]).toPath(); try (BufferedWriter{ out = Files.newBufferedWriterdelete( file, Charset.forName("UTF8"), StandardOpenOption.CREATE_NEW);); } catch (IOException x) { // Deletion writefailed, tohandle outerror }; |
...
The ability to determine if an existing file has been opened or a new file has been created provides greater assurance that a file other than the intended file is not acted upon.Java SE 7 Documentation [J2SE 2011] defines Files.delete() to throw the following exceptions:
Exception | Reason |
|---|---|
| File does not exist |
| File is a directory and could not otherwise be deleted because the directory is not empty |
| An I/O error occurs |
| In the case of the default provider and a security manager is installed, the |
Because SecurityException is a runtime exception, it need not be declared. Because NoSuchFileException and DirectoryNotExmptyException both inherit from IOException, they will be caught by the compliant solution's catch clause.
Risk Assessment
Failure to check the return values of methods that perform file I/O can result in unexpected behavior.
Rule |
|---|
Severity | Likelihood | Remediation Cost | Priority | Level |
|---|
FIO02-J |
Medium |
Probable |
Medium |
P8 |
L2 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Related Guidelines
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| JAVA.FUNCS.IRV | Ignored Return Value (Java) | ||||||
| SonarQube |
| S899 |
Related Guidelines
...
...
...
...
Bibliography
[API 2014] |
|
| |
Chapter 8, "File I/O" |
...
Bibliography
| Wiki Markup |
|---|
[[API 2006|AA. Bibliography#API 06]\] Class {{InputStream}}, {{DataInputStream}}
\[[J2SE 2011|AA. Bibliography#J2SE 11]\] The try-with-resources Statement
\[[Seacord 2005a|AA. Bibliography#Seacord 05]\] Chapter 7, "File I/O" |
FIO01-J. Do not expose buffers created using the wrap() or duplicate() methods to untrusted code 12. Input Output (FIO) FIO05-J. Do not create multiple buffered wrappers on a single InputStream