16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
56 lines
1.2 KiB
Plaintext
56 lines
1.2 KiB
Plaintext
== Why is this an issue?
|
|
|
|
Using ``++File.createTempFile++`` as the first step in creating a temporary directory causes a race condition and is inherently unreliable and insecure. Instead, ``++Files.createTempDirectory++`` (Java 7+) should be used.
|
|
|
|
|
|
This rule raises an issue when the following steps are taken in immediate sequence:
|
|
|
|
* call to ``++File.createTempFile++``
|
|
* delete resulting file
|
|
* call ``++mkdir++`` on the File object
|
|
|
|
*Note* that this rule is automatically disabled when the project's ``++sonar.java.source++`` is lower than ``++7++``.
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,java]
|
|
----
|
|
File tempDir;
|
|
tempDir = File.createTempFile("", ".");
|
|
tempDir.delete();
|
|
tempDir.mkdir(); // Noncompliant
|
|
----
|
|
|
|
=== Compliant solution
|
|
|
|
[source,java]
|
|
----
|
|
Path tempPath = Files.createTempDirectory("");
|
|
File tempDir = tempPath.toFile();
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Use "Files.createTempDirectory" to create this directory instead.
|
|
|
|
|
|
=== Highlighting
|
|
|
|
"mkdir" method call
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|