SV.DOS.TMPFILEDEL

This error occurs when a temporary file is scheduled to be deleted on exit but is not explicitly deleted. This error mostly presents a problem in a server or servlet context.

Vulnerability and risk

Temporary files should be deleted as soon as possible. If a file contains sensitive information, the longer it exists, the better chance an attacker has to gain access to its contents. Also, because directories typically have limits on the number of files allowed, it is possible to overflow the number of temporary files, leading to a denial-of-service (DoS) problem.

Klocwork security vulnerability (SV) checkers identify calls that create potentially dangerous data; these calls are considered unsafe sources. An unsafe source can be any data provided by the user, since the user could be an attacker or has the potential for introducing human error.

Mitigation and prevention

Temporary files should be deleted immediately after use.

Example 1

17
18
19
20
21
22
23
24
     protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
         String name = req.getParameter("userName");
         File file = File.createTempFile("file", ".dat");
         file.deleteOnExit();
         fillWithUserData(name);
         char[] data = readData(file);
         resp.getWriter().print(data);
     }

SV.DOS.TMPFILEDEL is reported for line 19: File 'file' scheduled for 'delete on exit', meaning that it will remain for the lifetime of the jvm (which can be very long in the case of a server or servlet). Server-side applications should remove files explicitly.

External guidance

• CERT FIO03-J: Remove temporary files before termination
• CWE-459: Incomplete Cleanup
• STIG-ID:APP3100 Temporary objects not removed from system
• STIG-ID:APP3760 Web Service Availability
• STIG-ID:APP3780 Web Service Availability

Extension

This checker can be extended through the Klocwork knowledge base. See Tuning Java analysis for more information.