Here we have another easy Java tutorial. You want to delete a file. Easy, right?
import java.io.File;
class j4vaDelete
{
void deleteJohn() {
String filename="john.txt";
File file = new File(filename);
if(file.exists()){ file.delete(); }
}
// public
public static void main(String [] args)
{
j4vaDelete a = new j4vaDelete();
a.deleteJohn();
}
}
Well, it never is just that easy. What if you don't have permission to delete this file?
javac j4vaDelete.java echo data > john.txt chmod a-w . java j4vaDelete
What do you expect the outcome to be? Deleted file? No. Runtime Exception? No. It does nothing. There are two ways to detect whether the file was actually deleted. The first is to check the return value. The second is after you delete a file, check whether it was deleted by checking the value of file.exists(). If that doesn't work you either have to throw an exception yourself, inform the user, or do nothing. Fun, eh? What is more fun is when you have a lot of code relying upon this deletion. What if the user accidentally uploaded a file they didn't want to display? You delete it and you say it was deleted but it doesn't actually delete.
Java's documentation of the File.delete method
Read more »This page will simply list exploits.
The main list of CVEs for Java can be found at CVE Details. Some have ended up under Oracle instead of Sun.
If you use Java on a server or on a mobile phone, there are different vulnerabilities. JBoss and Oracle Application Server are two of the most popular J2EE setups. Tomcat is by far the most popular Java server product.
Read more »Check out the Development tag for another article on Java.
While most of this site is about exploiting Java, remember that exploiting Java sometimes requires advanced knowledge of Java. Let's take a quick look at a snippet of code.
class j4vaThrow
{
void printJohn()
{
String name = "Peter";
String age = "48";
String description = name + " is " + age + " years old.";
System.out.println("result:" + description);
throw new RuntimeException("It was a bad idea.");
}
// public
public static void main(String [] args)
{
j4vaThrow a = new j4vaThrow();
a.printJohn();
}
}
Runtime Exceptions have a specific use. Unlike normal exceptions, Runtime Exceptions don't need to be caught. Looking the documentation, we can see that NullPointerException is a subclass of RuntimeException. That means that if you set a variable to null and then call a method, you get a NullPointerException and the compiler won't complain about it. Why do we care about this? There's a great article here about Java Anti-Patterns.
Read more »
