SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 36

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 37

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
Path file = new File("file").toPath();

// Throw exception rather than overwrite existing file
Set<OpenOption> options = new HashSet<OpenOption>();
options.add(StandardOpenOption.CREATE_NEW);
options.add(StandardOpenOption.APPEND);

// File permissions should be such that only user may read/write file
Set<PosixFilePermission> perms = PosixFilePermissions.fromString("rw-------");
FileAttribute<Set<PosixFilePermission>> attr = PosixFilePermissions.asFileAttribute(perms);

try (SeekableByteChannel sbc = Files.newByteChannel(file, options, attr)) {
  // write data
};

Exceptions

FIO03FIO01-EX0: If a file is created inside a directory that is both secure and unreadable by untrusted users, then that file may be created with the default access permissions. See FIO03 FIO01-J. Remove temporary files before termination for the definition of a secure directory. This could be the case if, for example, the entire file system is trusted, or is accessible only to trusted users.

FIO03FIO01-EX1: Files that do not contain sensitive information need not be created with specific access permissions.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO03 FIO01-J

medium

probable

high

P4

L3

Automated Detection

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="861bcdf2adbc0180-67f118ba-49dc4c39-85bb8c40-a5f644886b7c6622d96c0cab"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="03097877211f6689-ebbf2ca3-4b6943af-95969a8d-254cd5c0ac68c56dc1345488"><ac:plain-text-body><![CDATA[

[[CVE

AA. Bibliography#CVE]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d46c52e62217d9f2-dd0b0407-4ea344fe-b07c8ca4-3db29b99b60759865c5dc0a4"><ac:plain-text-body><![CDATA[

[[Dowd 2006

AA. Bibliography#Dowd 06]]

Chapter 9, "UNIX 1: Privileges and Files"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7403db729609b5a6-d1fc3b10-4a9a4a71-b0399322-5652d84b222d311a8da408b4"><ac:plain-text-body><![CDATA[

[[J2SE 2011

AA. Bibliography#J2SE 11]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e8bafe6c96a740f8-d6aeb50c-4b3149d0-91b7bb62-4a9144984bb7a4a0ee07577c"><ac:plain-text-body><![CDATA[

[[OpenBSD

AA. Bibliography#OpenBSD]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9974c8ed65f21b8d-4b5b8fe6-444a43fa-9f33829d-b63d0a4bf565ba5a02615097"><ac:plain-text-body><![CDATA[

[[Open Group 2004

AA. Bibliography#Open Group 04]]

"The open function," and "The umask function"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9f6a1d09b91fbba9-232b8434-4e854774-95cd80fe-f8c784a7f3dd508644acc695"><ac:plain-text-body><![CDATA[

[[Viega 2003

AA. Bibliography#Viega 03]]

Section 2.7, "Restricting Access Permissions for New Files on UNIX"

]]></ac:plain-text-body></ac:structured-macro>

...