3.7.9.17038
as more recent agents no longer write out to the tmp folder. Issue
The temp folder (generally /tmp
or /var/tmp
on Linux systems or C:\temp
on Windows, but location can differ depending on the application hosting mechanism or server) on my system keeps filling up with files named contrastNNNNNNNNNNN.jar
(where N is some digit).
Cause
The Java Agent creates temporary files to support its security analysis. Temporary files are created using the standard Java APIs File.createTempFile
and File.deleteOnExit
and these temporary files will be created in the directory specified by the standard java.io.tmpdir
Java system environment variable. These File APIs are the most portable way to create temporary files on a Java system; however, they cannot guarantee that the files will be cleaned up when the JVM exits. The JVM will only delete the temporary files when the JVM exits normally. If the JVM exits abnormally, then the files will remain on the file system, because the JVM exited before it could delete them. There are many reasons why a JVM could exit abnormally, and if exiting abnormally happens regularly, there is something unusual with the system's configuration.
Resolution
The most robust solution for ensuring that temporary files are always cleaned up depends heavily on the user's environment. On one hand, environments that typically use ephemeral temporary file systems for each JVM process (like a Docker container), do not have an issue with leftover temporary files, because the temporary file system disappears when the process halts. On the other hand, users running their JVM services on a Linux system with systemd will want to configure their systemd unit to use an isolated java.io.tmpdir
directory (see the related article There was a problem while creating the temporary file and for details on configuring that location) and clean up its temporary directory on service startup.