Insecure ways of creating temporary files and directories can lead to race conditions (which can be exploited for denial of service attacks) and other security vulnerabilities such as privilege escalation.
1public void withDeleteNoncompliant() throws Exception {
2 File tmp = File.createTempFile("myprefix", "mysuffix");
3 tmp.delete();
4 // Noncompliant: uses a temporary file path to create a temporary directory.
5 tmp.mkdir();
6}
1public void usingCreateTempDirectoryCompliant() throws Exception {
2 Path where = Paths.get("/tmp");
3 // Compliant: uses the correct mechanism to create a temporary directory.
4 Path path = Files.createTempDirectory(where, "myprefix");
5 File tmpDir = path.toFile();
6}