From a4bef1075e29016c44b4d84c3fa30331ccd7d4da Mon Sep 17 00:00:00 2001 From: Jonathan Leitschuh Date: Sat, 19 Nov 2022 03:01:17 +0000 Subject: [PATCH] vuln-fix: Temporary File Information Disclosure This fixes temporary file information disclosure vulnerability due to the use of the vulnerable `File.createTempFile()` method. The vulnerability is fixed by using the `Files.createTempFile()` method which sets the correct posix permissions. Weakness: CWE-377: Insecure Temporary File Severity: Medium CVSSS: 5.5 Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.SecureTempFileCreation) Reported-by: Jonathan Leitschuh Signed-off-by: Jonathan Leitschuh Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/18 Co-authored-by: Moderne --- core/src/main/java/com/threerings/getdown/tools/Differ.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/src/main/java/com/threerings/getdown/tools/Differ.java b/core/src/main/java/com/threerings/getdown/tools/Differ.java index 4f8e50eb..a686e862 100644 --- a/core/src/main/java/com/threerings/getdown/tools/Differ.java +++ b/core/src/main/java/com/threerings/getdown/tools/Differ.java @@ -12,6 +12,7 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; +import java.nio.file.Files; import java.security.MessageDigest; import java.util.ArrayList; import java.util.Enumeration; @@ -170,7 +171,7 @@ protected void createPatch (File patch, List orsrcs, protected File rebuildJar (File target) throws IOException { - File temp = File.createTempFile("differ", "jar"); + File temp = Files.createTempFile("differ", "jar").toFile(); try (ZipFile jar = new ZipFile(target); FileOutputStream tempFos = new FileOutputStream(temp); BufferedOutputStream tempBos = new BufferedOutputStream(tempFos);