Java's file-manipulation functions methods often indicate failure with a return value , rather than instead of throwing an exception. The Java Tutorial for Java 7 notes:
Prior to the Java SE 7 release, the
java.io.File
class was the mechanism used for file I/O, but it had several drawbacks.Many methods didn't throw exceptions when they failed, so it was impossible to obtain a useful error message. For example, if a file deletion failed, the program would receive a "delete fail" but wouldn't know if it was because the file didn't exist, the user didn't have permissions, or there was some other problem.
Consequently, file operations can silently fail if the methods' return values are ignored. Consequently, programs that ignore the return values from file operations often fail to detect that those operations have failed. Java programs must check the return values of method methods that perform file I/O (this . This is a specific instance of rule EXP00-J. Do not ignore values returned by methods.)
Noncompliant Code Example (delete()
)
This noncompliant code example attempts to delete a specified file , but gives no indication of its success. The [API 2006] Java platform requires File.delete()
to only throw a SecurityException
if only when the program is not authorized lacks authorization to delete the file [API 2014]. No other exceptions are thrown; , so the deletion can silently fail.
Code Block | ||
---|---|---|
| ||
File file = /* initialize */new File(args[0]); file.delete(); |
Compliant Solution
This compliant solution checks the return value of delete()
.:
Code Block | ||
---|---|---|
| ||
File file = new File(args[0]"file"); if (!file.delete()) { System.out.println("// Deletion failed");, handle error } |
Compliant Solution
...
This compliant solution uses the java.nio.file.Files.delete()
method from Java 1.SE 7 to delete the file.:
Code Block | ||
---|---|---|
| ||
Path file = new File("file"args[0]).toPath(); try { Files.delete(file); } catch (IOException x) { // Deletion failed, handle error } |
...
The Java⢠Java SE 7 Documentation \[ [J2SE 2011|AA. Bibliography#J2SE 11] \] defines {{Files.delete()
}} to throw the following exceptions:
Exception | Reason |
---|---|
| File does not exist |
| File is a directory and could not otherwise be deleted because the directory is not empty |
| An I/O error occurs |
| In the case of the default provider |
and a security manager is installed, the |
Because SecurityException
is a runtime exception, it need not be declared. Because NoSuchFileException
and DirectoryNotExmptyException
both inherit from IOException
, they will be caught by the compliant solution's catch
clause.
Risk Assessment
Failure to check the return values of methods that perform file I/O can result in unexpected behavior.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|
FIO02-J |
Medium |
Probable |
Medium |
P8 |
L2 |
Automated Detection
...
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| JAVA.FUNCS.IRV | Ignored Return Value (Java) | ||||||
SonarQube |
| S899 |
Related Guidelines
Bibliography
[API |
2014] |
|
] |
|
[ |
[[Seacord 2005a
Chapter |
8, "File I/O" |
]]></ac:plain-text-body></ac:structured-macro>
...
FIO08-J. Do not log sensitive information outside a trust boundary 12. Input Output (FIO) FIO10-J. Do not let external processes block on IO buffers