Java's file-manipulation functions methods often indicate failure with a return value , rather than instead of throwing an exception. The Java Tutorial for Java 7 notes:
Prior to the Java SE 7 release, the
java.io.Fileclass was the mechanism used for file I/O, but it had several drawbacks.Many methods didn't throw exceptions when they failed, so it was impossible to obtain a useful error message. For example, if a file deletion failed, the program would receive a "delete fail" but wouldn't know if it was because the file didn't exist, the user didn't have permissions, or there was some other problem.
Consequently, it is easy for file operations to fail silently, if the methods' return values are ignored. Therefore, do not ignore return values of file-based methods. (This guideline Consequently, programs that ignore the return values from file operations often fail to detect that those operations have failed. Java programs must check the return values of methods that perform file I/O. This is a specific instance of EXP00-J. Do not ignore values returned by methods.)
Noncompliant Code Example (delete())
This noncompliant code example attempts to delete the a specified file specified, but gives no indication of its success. The [API 2006] defines Java platform requires File.delete() to only throw a SecurityException, if only when the program is not authorized lacks authorization to delete the file [API 2014]. No other exceptions are thrown; , so it is easy for the deletion to fail, with no indication of whycan silently fail.
| Code Block | ||
|---|---|---|
| ||
File file = /* initialize */new File(args[0]); file.delete(); |
Compliant Solution
This compliant solution checks the return value of delete().:
| Code Block | ||
|---|---|---|
| ||
File file = new File(args[0]"file"); if (!file.delete()) { System.out.println("// Deletion failed");, handle error } |
Compliant Solution
This compliant solution uses the java.nio.file.Files.delete() method from Java
...
SE 7 to delete the file:
| Code Block | ||
|---|---|---|
| ||
Path file = new File(args[0]).toPath(); try { Files.delete(file); } |
...
catch |
...
(IOException |
...
x) |
...
{ |
...
|
...
// |
...
Deletion |
...
failed, handle error } |
The Java SE 7 Documentation [J2SE 2011] defines file. \[[J2SE 2011|AA. Bibliography#J2SE 11]\] defines {{Files.delete()}} to throw the following exceptions:
Exception | Reason |
|---|---|
|
...
File does not exist |
...
|
...
File is a directory and could not otherwise be deleted because the directory is not empty |
...
|
...
An I/O error occurs | |
|
...
In the case of the default provider |
...
and a security manager is installed, the |
...
| bgColor | #ccccFF |
|---|
...
Because SecurityException is a runtime exception, it need not be declared. Because NoSuchFileException and DirectoryNotExmptyException both inherit from IOException, they will be caught by the compliant solution's catch clause.
Risk Assessment
Failure to check file operation errors the return values of methods that perform file I/O can result in unexpected behavior.
Guideline
FIO09
medium
probable
high
P4
L3
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|
FIO02-J |
Medium |
Probable |
Medium |
P8 |
L2 |
Automated Detection
...
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| JAVA.FUNCS.IRV | Ignored Return Value (Java) | ||||||
| SonarQube |
| S899 |
Related Guidelines
...
...
CERT C Secure Coding Standard: FIO04-C. Detect and handle input and output errors
Bibliography
...
[API |
...
2014] |
|
...
[J2SE |
...
...
] |
|
...
Chapter 8, "File I/O" |
...
[Seacord 2005a|AA. Bibliography#Seacord 05]\] Chapter 7, "File I/O"FIO01-J. Do not expose buffers created using the wrap() or duplicate() methods to untrusted code 12. Input Output (FIO) FIO05-J. Do not create multiple buffered wrappers on a single InputStream