42 lines
1.1 KiB
Plaintext
42 lines
1.1 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
new File("/tmp/myfile.txt"); // Sensitive
|
|
Paths.get("/tmp/myfile.txt"); // Sensitive
|
|
|
|
java.io.File.createTempFile("prefix", "suffix"); // Sensitive, will be in the default temporary-file directory.
|
|
java.nio.file.Files.createTempDirectory("prefix"); // Sensitive, will be in the default temporary-file directory.
|
|
----
|
|
|
|
----
|
|
Map<String, String> env = System.getenv();
|
|
env.get("TMP"); // Sensitive
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
----
|
|
new File("/myDirectory/myfile.txt"); // Compliant
|
|
|
|
File.createTempFile("prefix", "suffix", new File("/mySecureDirectory")); // Compliant
|
|
|
|
if(SystemUtils.IS_OS_UNIX) {
|
|
FileAttribute<Set<PosixFilePermission>> attr = PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString("rwx------"));
|
|
Files.createTempFile("prefix", "suffix", attr); // Compliant
|
|
}
|
|
else {
|
|
File f = Files.createTempFile("prefix", "suffix").toFile(); // Compliant
|
|
f.setReadable(true, true);
|
|
f.setWritable(true, true);
|
|
f.setExecutable(true, true);
|
|
}
|
|
----
|
|
|
|
include::../see.adoc[]
|