返回 Skill 列表
extension
分类: 开发与工程无需 API Key

cwe-377-insecure-temporary-file

在需要修复Java代码中的CWE-377(不安全的临时文件)漏洞时使用此技能。在静态应用程序安全测试发现、安全审查或修复不安全临时文件问题时触发。

person作者: jakexiaohubgithub

CWE-377 Insecure Temporary File

Description

Insecure Temporary File

Reference: https://cwe.mitre.org/data/definitions/377.html

OWASP Category: A01:2021 – Broken Access Control


Vulnerable Pattern

❌ Example 1: Vulnerable Pattern

// VULNERABLE: Predictable temp file name
File tempFile = new File("/tmp/myapp_" + userId + ".tmp");
tempFile.createNewFile();

Why it's vulnerable: This pattern is vulnerable to Insecure Temporary File


Deterministic Fix

✅ Secure Implementation: Secure Implementation

// SECURE: Use Files.createTempFile with restrictive permissions
Path tempFile = Files.createTempFile("myapp_", ".tmp");
// Set restrictive permissions (owner only)
Set<PosixFilePermission> perms = EnumSet.of(
    PosixFilePermission.OWNER_READ,
    PosixFilePermission.OWNER_WRITE
);
Files.setPosixFilePermissions(tempFile, perms);
// Ensure cleanup
tempFile.toFile().deleteOnExit();

Why it's secure: Implements proper protection against Insecure Temporary File


Detection Pattern

Look for these patterns in your codebase:

# Find temp file creation
grep -rn "createNewFile\\|File.*tmp" --include="*.java"

Remediation Steps

  1. Use Files.createTempFile() for random file names

  2. Set restrictive file permissions

  3. Use deleteOnExit() or try-with-resources

  4. Consider using system temp directory


Key Imports


import java.nio.file.Files;

import java.nio.file.attribute.PosixFilePermission;


Verification

After remediation:

  • Run SAST scanner to confirm vulnerability is resolved

  • Review all instances of the vulnerable pattern

  • Add unit tests that verify the secure implementation

  • Check for similar patterns in related code


Trigger Examples

Fix CWE-377 vulnerability
Resolve Insecure Temporary File issue
Secure this Java code against insecure temporary file
SAST reports CWE-377

Common Vulnerable Locations

| Layer | Files | Patterns | |-------|-------|----------|

| Controller | *Controller.java | User input handling |

| Service | *Service.java | Business logic |

| Repository | *Repository.java | Data access |


References


Source: Generated by Java CWE Security Skills Generator Last Updated: 2026-03-07