Audit - Rules - File UsageDescriptionThis group contains audit rules that check for problems related to the use of files and their security. |
Rules: |
Summary
If a file contains sensitive information, it is better to delete it as soon as possible.
Description
If a file contains sensitive information, it is better to delete it as soon as possible. This audit rule looks for places where a file created using File.createTempFile()
and not deleted explicitly with the delete()
method before the method returns.
Security Implications
Using the method deleteOnExit()
is not enough because, especially in web development, an application can run for a significantly long time. We also assume that storing sensitive data for the duration of a session is also insecure.
Example
The following code would be flagged as a violation because it does not delete the created temporary file:
public void doSomeStoring() {
File temp = File.createTempFile();
...
}
Summary
The name of a locally used file is valuable information for an attacker.
Description
This rule violates printing file names and paths to the HttpServletResponse output stream.
Security Implications
If the name of a locally used file is displayed to the user over a web-interface, this information could be used by an attacker to retrieve valuable information from the system. Such an action should therefore be avoided.
Example
The following code would be flagged as a violation because it displays a filename to the user:
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
File file = File.createTempFile("somefile", ".tmp");
if (debug.equals("true")) resp.getOutputStream().print("Using " + file.toString());
...