Java Developer Tools

Audit - Rules - File Usage

Description
This group contains audit rules that check for problems related to the use of files and their security.

Rules:

Details

Delete Temporary Files

Summary
If a file contains sensitive information, it is better to delete it as soon as possible.

Description
If a file contains sensitive information, it is better to delete it as soon as possible. This audit rule looks for places where a file created using File.createTempFile() and not deleted explicitly with the delete() method before the method returns.

Security Implications
Using the method deleteOnExit() is not enough because, especially in web development, an application can run for a significantly long time. We also assume that storing sensitive data for the duration of a session is also insecure.

Example
The following code would be flagged as a violation because it does not delete the created temporary file:

    public void doSomeStoring() {
        File temp = File.createTempFile();
        ...
    }

Filename Given Out

Authentication required

You need to be signed in with Google+ to do that.

Signing you in...

Google Developers needs your permission to do that.