SV.DOS.TMPFILEEXIT

This error appears when a temporary file is created and not scheduled to be deleted on exit or after use.

Vulnerability and risk

If a temporary file contains sensitive information, an attacker could get access to this information after the application exits. Moreover, a web application could cause resource exhaustion, because the application could run out of temporary file names, or the directory might not be able to hold all the files.

Klocwork security vulnerability (SV) checkers identify calls that create potentially dangerous data; these calls are considered unsafe sources. An unsafe source can be any data provided by the user, since the user could be an attacker or has the potential for introducing human error.

Mitigation and prevention

Temporary files should be deleted immediately after use. At the very least, mark all temporary files deleteOnExit.

Example 1

17
18
19
20
21
22
23
     protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
         String name = req.getParameter("userName");
         File file = File.createTempFile("file", ".dat");
         fillWithUserData(name);
         char[] data = readData(file);
         resp.getWriter().print(data);
     }

SV.DOS.TMPFILEEXIT is reported for line 19: File 'file' is a temporary file, but it is not deleted on exit.

External guidance

• CERT FIO03-J: Remove temporary files before termination
• CWE-459: Incomplete Cleanup
• STIG-ID:APP3100 Temporary objects not removed from system
• STIG-ID:APP3760 Web Service Availability
• STIG-ID:APP3780 Web Service Availability

Extension

This checker can be extended through the Klocwork knowledge base. See Tuning Java analysis for more information.