SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #1734

Back to the previous page...Back to the previous page

Test Case IDCandidate1734
Bad / Good / MixedBadBad test case
AuthorN/A
Associated test case N/A
ContributorMichael Kass
LanguageJava
Type of test caseSource Code
Input stringN/A
Expected OutputN/A
InstructionsN/A
Submission date2006-08-15
DescriptionTest of tool to identify potential resource injection weakness in source code.
Filename
Flaw
  • (?) CWE-099: Insufficient Control of Resource Identifiers (Resource Injection) at line 24

There are 2 comments :: Submit a comment

ResourceInjection.java
  1. import java.io.*;
  2.  
  3. public class ResourceInjection {
  4.        
  5.     private static void test() {
  6.  
  7.         String fileName = null;
  8.         int    checkInteger  = 0;
  9.  
  10.         try {
  11.             BufferedReader inStream = new BufferedReader (
  12.                                           new InputStreamReader(System.in)
  13.                                       );
  14.             System.out.print("Please enter a filename: ");
  15.             fileName = inStream.readLine();
  16.            
  17.         }  catch (IOException e) {
  18.             System.out.println("IOException: " + e);
  19.             return;
  20.         }
  21.    
  22.         File myFile = new File("/var/tmp/" + fileName);
  23.        
  24.         if (myFile.delete())
  25.             System.out.println ("deleted file");
  26.  
  27.         
  28.        
  29.        
  30.     }
  31.  
  32. public static void main(String[] args) {
  33.     test();
  34. }
  35. }