220.127.116.1138as more recent agents no longer write out to the tmp folder.
The temp folder (generally
/var/tmp on Linux systems or
C:\temp on Windows, but location can differ depending on the application hosting mechanism or server) on my system keeps filling up with files named
contrastNNNNNNNNNNN.jar (where N is some digit).
The Java Agent creates temporary files to support its security analysis. Temporary files are created using the standard Java APIs
File.deleteOnExitand these temporary files will be created in the directory specified by the standard
java.io.tmpdir Java system environment variable. These File APIs are the most portable way to create temporary files on a Java system; however, they cannot guarantee that the files will be cleaned up when the JVM exits. The JVM will only delete the temporary files when the JVM exits normally. If the JVM exits abnormally, then the files will remain on the file system, because the JVM exited before it could delete them. There are many reasons why a JVM could exit abnormally, and if exiting abnormally happens regularly, there is something unusual with the system's configuration.
The most robust solution for ensuring that temporary files are always cleaned up depends heavily on the user's environment. On one hand, environments that typically use ephemeral temporary file systems for each JVM process (like a Docker container), do not have an issue with leftover temporary files, because the temporary file system disappears when the process halts. On the other hand, users running their JVM services on a Linux system with systemd will want to configure their systemd unit to use an isolated
java.io.tmpdir directory (see the related article There was a problem while creating the temporary file and for details on configuring that location) and clean up its temporary directory on service startup.