Checker Resources

belongs to group Basic
Identify incorrect uses of the resources of the application

Frameworks supported by this checker

  • java up to 11
  • android up to API level 28
  • dotnet

Warnings generated by this checker

  • HardcodedFileNameWarning: a file name is provided as a hardcoded string [ CWE547 ]

Options accepted by this checker

  • none

Annotations understood by this checker

  • @com.juliasoft.julia.checkers.resources.FileName


Description

This checker identifies problems with the use of the external resources of the application. These are resource files, scripts or XML configuration files.

Action: Verify if the problem is real and the resource is actually used in an incorrect way. Avoid hardcoded file names: move them to a configuration file. Avoid OS-dependent resources and resource names.

This checker identifies problems with the use of the external resources of the application. These are resource files, scripts or XML configuration files.

Action: Verify if the problem is real and the resource is actually used in an incorrect way. Avoid hardcoded file names: move them to a configuration file. Avoid OS-dependent resources and resource names.

Examples

Consider the following program:

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;

public class Resources {

  public static void main(String[] args) throws FileNotFoundException {
    new File("hello.txt");
    new FileInputStream("C:\\myfile.txt");
    new FileOutputStream("/home/spoto/myfile.bmp");
    if (args.length > 0)
      new File(args[0]);
  }
}

This checker issues the following warnings:

Resources.java:9: [Resources: HardcodedFileNameWarning] a hardcoded file name is used here. Move it to a configuration file
Resources.java:10: [Resources: HardcodedFileNameWarning] a OS-dependent hardcoded file name is used here. Move it to a configuration file and make it OS-independent
Resources.java:11: [Resources: HardcodedFileNameWarning] a OS-dependent hardcoded file name is used here. Move it to a configuration file and make it OS-independent

since hardcoded file names are used for files or streams. Moreover, two of those file names are also OS-dependent, which means that the program will not work properly across distinct operating systems.

In this example, the programmer should move the file names into configuration files, so that they can be modified and swapped for distinct operating systems. He might also think about using File.separatorChar to split path components in a OS-independent way.

Consider the following program:

using System.IO;

namespace DocumentationExamples
{
    public class Resources
    {
        public static void Main(string[] args)
        {
            File.Create("hello.txt");
            new FileStream("C:\\myfile.txt", FileMode.OpenOrCreate);
            new FileStream("/home/user/myfile.bmp", FileMode.OpenOrCreate);
            if (args.Length > 0)
                File.Create(args[0]);
        }
    }
}

This checker issues the following warnings:

DocumentationExamples.cs:9: [Resources: HardcodedFileNameWarning] A hardcoded file name is used here. Move it to a configuration file
DocumentationExamples.cs:10: [Resources: HardcodedFileNameWarning] An OS-dependent hardcoded file name is used here. Move it to a configuration file and make it OS-independent
DocumentationExamples.cs:11: [Resources: HardcodedFileNameWarning] An OS-dependent hardcoded file name is used here. Move it to a configuration file and make it OS-independent

since hardcoded file names are used for files or streams. Moreover, two of those file names are also OS-dependent, which means that the program will not work properly across distinct operating systems.

In this example, the programmer should move the file names into configuration files, so that they can be modified and swapped for distinct operating systems. He might also think about using Path.DirectorySeparatorChar to split path components in a OS-independent way.