This rule identifies instances where temporary files are created but not properly deleted after use. Leaving temporary files undeleted can lead to resource leaks, unnecessary disk space consumption, and potential exposure of sensitive data if the files contain confidential information.
To comply with this rule, always delete temporary files explicitly when they are no longer needed, or use mechanisms like deleteOnExit() to schedule automatic deletion when the JVM terminates. For example, after creating a temporary file with File.createTempFile(), invoke tempFile.deleteOnExit() to ensure cleanup. This practice helps maintain application stability and security.
Non-Compliant Code Examples
importjava.io.File;importjava.io.IOException;publicclassSecureTempFileExample{publicstaticvoidmain(String[]args)throwsIOException{FiletempFile=File.createTempFile("tempfile_",".tmp");System.out.println("Temporary file created at: "+tempFile.getAbsolutePath());}}
Compliant Code Examples
importjava.io.File;importjava.io.IOException;publicclassSecureTempFileWithPermissionsExample{publicstaticvoidmain(String[]args)throwsIOException{FiletempFile=File.createTempFile("secure_tempfile_",".tmp");tempFile.deleteOnExit();System.out.println("Temporary file created with secure permissions at: "+tempFile.getAbsolutePath());}}
Seamless integrations. Try Datadog Code Security
Datadog Code Security
Try this rule and analyze your code with Datadog Code Security
How to use this rule
1
2
rulesets:- java-security # Rules to enforce Java security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Security scans to your CI pipelines