cwe-377-insecure-temporary-file - SKILL.md Agent Skill

name: cwe-377-insecure-temporary-file description: Use this skill when you need to remediate CWE-377 (Insecure Temporary File) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing insecure temporary file issues. version: 1.0.0 license: MIT tags:

security
java
cwe-377
remediation
sast

CWE-377 Insecure Temporary File

Description

Insecure Temporary File

Reference: https://cwe.mitre.org/data/definitions/377.html

OWASP Category: A01:2021 – Broken Access Control

Vulnerable Pattern

❌ Example 1: Vulnerable Pattern

// VULNERABLE: Predictable temp file name
File tempFile = new File("/tmp/myapp_" + userId + ".tmp");
tempFile.createNewFile();

Why it's vulnerable: This pattern is vulnerable to Insecure Temporary File

Deterministic Fix

✅ Secure Implementation: Secure Implementation

// SECURE: Use Files.createTempFile with restrictive permissions
Path tempFile = Files.createTempFile("myapp_", ".tmp");
// Set restrictive permissions (owner only)
Set<PosixFilePermission> perms = EnumSet.of(
    PosixFilePermission.OWNER_READ,
    PosixFilePermission.OWNER_WRITE
);
Files.setPosixFilePermissions(tempFile, perms);
// Ensure cleanup
tempFile.toFile().deleteOnExit();

Why it's secure: Implements proper protection against Insecure Temporary File

Detection Pattern

Look for these patterns in your codebase:

# Find temp file creation
grep -rn "createNewFile\\|File.*tmp" --include="*.java"

Remediation Steps

Use Files.createTempFile() for random file names
Set restrictive file permissions
Use deleteOnExit() or try-with-resources
Consider using system temp directory

Key Imports


import java.nio.file.Files;

import java.nio.file.attribute.PosixFilePermission;

Verification

After remediation:

Run SAST scanner to confirm vulnerability is resolved
Review all instances of the vulnerable pattern
Add unit tests that verify the secure implementation
Check for similar patterns in related code

Trigger Examples

Fix CWE-377 vulnerability
Resolve Insecure Temporary File issue
Secure this Java code against insecure temporary file
SAST reports CWE-377

Common Vulnerable Locations

Layer	Files	Patterns

| Controller | *Controller.java | User input handling |

| Service | *Service.java | Business logic |

| Repository | *Repository.java | Data access |

References

CWE-377: Insecure Temporary File

Source: Generated by Java CWE Security Skills Generator Last Updated: 2026-03-07