Back to the previous page

Test Case ID	1734
Bad / Good / Mixed	Bad
Author	N/A
Associated test case	N/A
Contributor	Michael Kass
Language	Java
Type of test case	Source Code

Input string	N/A
Expected Output	N/A
Instructions	N/A
Submission date	2006-08-15
Description	Test of tool to identify potential resource injection weakness in source code.
Filename	ResourceInjection.java (828 bytes)
Flaw	CWE-099: Insufficient Control of Resource Identifiers (Resource Injection) at line 24 + Root CWE-019: Data Handling CWE-118: Improper Access of Indexable Resource (Range Error) CWE-020: Insufficient Input Validation CWE-074: Failure to Sanitize Data into a Different Plane (Injection) CWE-099: Insufficient Control of Resource Identifiers (Resource Injection)

There are 2 comments :: Submit a comment

ResourceInjection.java

import java.io.*;
 
public class ResourceInjection {
        
    private static void test() {
 
        String fileName = null;
        int    checkInteger  = 0;
 
        try {
            BufferedReader inStream = new BufferedReader (
                                          new InputStreamReader(System.in)
                                      );
            System.out.print("Please enter a filename: ");
            fileName = inStream.readLine();
           
        }  catch (IOException e) {
            System.out.println("IOException: " + e);
            return;
        }
    
        File myFile = new File("/var/tmp/" + fileName);
        
        if (myFile.delete()) 
            System.out.println ("deleted file");
 
         
        
        
    }
 
public static void main(String[] args) {
    test();
}
} 

Back to the previous page

See the comments