Need Help - Java: Insecure Temporary Files

Question

This exercise appears to be fairly simple at first glance, however I am unable to meet the criteria for my code to be accepted. When I click on "Test My Code", it says "Working" but not "Secure".

The Deployment Log says,
"VERIFY: Testing application functionality...
VERIFY: PASS: Healthcheck page retrieved successfully
VERIFY: PASS: Login page retrieved successfully
VERIFY: PASS: Logged in with valid credentials
VERIFY: PASS: User data loaded
VERIFY: Tests complete. Application is WORKING

Ideally, either the Application Log or the Deployment Log should provide some clue of the error or the task that is not completed.
I have used the recommended method to create a Temporary File and delete it in a finally block after use. I can provide my code changes here, if needed.

morningstar · Accepted Answer

I restarted the course. Perhaps the previous failure was because I hadn't explicitly visited the /webapp/tmp.json file path before providing the fix. At any rate, I punched in the file name in the url (and saw the exact same contents as /webapp/data) and resubmitted the same code as before and this time it completed the task.
It would have been a great help if the log provided me information as to which of the tasks had not been met to satisfaction. At any rate, I do not need help with this exercise any longer.

Forum Discussion

Need Help - Java: Insecure Temporary Files

Related Content

Java: XSS – Ineffective Filters

OWASP 2017 Java: Underprotected APIs

Find the Flaw: C – Insecure Design - Level 6

Re: Application Security Languages

Combatting Software Vulnerabilities with GenAI

Recent Discussions

AWS Security Hub: Integrations and Custom Actions

Need help on question 10 in "Wizard Spider DFIR: Ep.2 – Ransomware Analysis" lab

Need Help for Pwntools: Ep. 6 — Demonstrate Your Skills

Anyone finished the "Etherium Smart Contracts"?

Foundational Static Analysis: API Analysis