Compliant solution does not work on windows

Rule: “Make sure publicly writable directories are used safely here.”
Languge: Java (15)
Environment: SonarCloud

The rules suggest the following solution:

FileAttribute<Set<PosixFilePermission>> attr = PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString("w+"));
Files.createTempFile("prefix", "suffix", attr); // Compliant, created with explicit attributes.

This solution does not work on java 11 and 15.

Exception:

java.lang.IllegalArgumentException: Invalid mode

	at java.base/java.nio.file.attribute.PosixFilePermissions.fromString(PosixFilePermissions.java:128)

So I replaced w+ by rwx------.
That solves the problem on Linux.
On Windows using the PosixFilePermissions does, however still not work. (Which is reasonable since windows is not posix-compatible)

Exception:

java.lang.UnsupportedOperationException: 'posix:permissions' not supported as initial attribute

	at java.base/sun.nio.fs.WindowsSecurityDescriptor.fromAttribute(WindowsSecurityDescriptor.java:358)
	at java.base/sun.nio.fs.WindowsFileSystemProvider.newByteChannel(WindowsFileSystemProvider.java:227)
	at java.base/java.nio.file.Files.newByteChannel(Files.java:375)
	at java.base/java.nio.file.Files.createFile(Files.java:652)
	at java.base/java.nio.file.TempFileHelper.create(TempFileHelper.java:137)
	at java.base/java.nio.file.TempFileHelper.createTempFile(TempFileHelper.java:160)
	at java.base/java.nio.file.Files.createTempFile(Files.java:917)

In my opinion the suggested solution should platform independent.

My suggestion:

final File myFile = Files.createTempFile("prefix", "suffix").toFile();
myFile.setReadable(false); //deny for all
myFile.setWritable(false);
myFile.setExecutable(false);
myFile.setReadable(true, true); //allow for owner
myFile.setWritable(true, true);
myFile.setWritable(true, true); //optional

In contrast to the current suggested solution, this solution uses the platform-independent Java API.

I would suggest changing the suggested solution and change the rule to also accept the above solution.

3 Likes

Hey all,

This would help us conform to Sonar Rules and build on Windows. Could you please have a look?

Hello @jakob.braun and @m.orazow

thanks for the advice on this rule and indeed what you are suggesting makes a lot of sense.

We created ticket SONARJAVA-3830 to handle this and the compliant solution of the rule description will be updated too.

Eric

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.