This rule identifies instances where temporary files are created but not properly deleted after use. Leaving temporary files undeleted can lead to resource leaks, unnecessary disk space consumption, and potential exposure of sensitive data if the files contain confidential information.
To comply with this rule, always delete temporary files explicitly when they are no longer needed, or use mechanisms like deleteOnExit() to schedule automatic deletion when the JVM terminates. For example, after creating a temporary file with File.createTempFile(), invoke tempFile.deleteOnExit() to ensure cleanup. This practice helps maintain application stability and security.
Non-Compliant Code Examples
importjava.io.File;importjava.io.IOException;publicclassSecureTempFileExample{publicstaticvoidmain(String[]args)throwsIOException{FiletempFile=File.createTempFile("tempfile_",".tmp");System.out.println("Temporary file created at: "+tempFile.getAbsolutePath());}}
Compliant Code Examples
importjava.io.File;importjava.io.IOException;publicclassSecureTempFileWithPermissionsExample{publicstaticvoidmain(String[]args)throwsIOException{FiletempFile=File.createTempFile("secure_tempfile_",".tmp");tempFile.deleteOnExit();System.out.println("Temporary file created with secure permissions at: "+tempFile.getAbsolutePath());}}
シームレスな統合。 Datadog Code Security をお試しください
Datadog Code Security
このルールを試し、Datadog Code Security でコードを解析する
このルールの使用方法
1
2
rulesets:- java-security # Rules to enforce Java security.
