File#createTempFile is also sink for Path Traversal

plugin/src/main/resources/injection-sinks/path-traversal-in.txt

@@ -8,3 +8,6 @@ java/io/FileReader.<init>(Ljava/lang/String;)V:0
 java/io/FileInputStream.<init>(Ljava/lang/String;)V:0
 
 java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;:0,1
+
+java/io/File.createTempFile(Ljava/lang/String;Ljava/lang/String;)Ljava/io/File;:0,1
+java/io/File.createTempFile(Ljava/lang/String;Ljava/lang/String;Ljava/io/File;)Ljava/io/File;:0,1,2

plugin/src/test/java/com/h3xstream/findsecbugs/file/PathTraversalDetectorTest.java

@@ -43,7 +43,7 @@ public void detectPathTraversal() throws Exception {
         EasyBugReporter reporter = spy(new SecurityReporter());
         analyze(files, reporter);
 
-        for (Integer line : Arrays.asList(17, 18, 19, 20, 22, 23)) {
+        for (Integer line : Arrays.asList(17, 18, 19, 20, 22, 23, 35, 36, 37)) {
             verify(reporter).doReportBug(
                     bugDefinition()
                             .bugType("PATH_TRAVERSAL_IN")
@@ -61,7 +61,7 @@ public void detectPathTraversal() throws Exception {
             );
         }
 
-        verify(reporter, times(6)).doReportBug(bugDefinition().bugType("PATH_TRAVERSAL_IN").build());
+        verify(reporter, times(9)).doReportBug(bugDefinition().bugType("PATH_TRAVERSAL_IN").build());
         verify(reporter, times(4)).doReportBug(bugDefinition().bugType("PATH_TRAVERSAL_OUT").build());
     }
 }

plugin/src/test/java/testcode/pathtraversal/PathTraversal.java

@@ -31,5 +31,9 @@ public static void main(String[] args) throws IOException, URISyntaxException {
         new RandomAccessFile("safe", args[0]);
         new FileWriter("safe".toUpperCase());
         new File(new URI("safe"));
+
+        File.createTempFile(input, "safe");
+        File.createTempFile("safe", input);
+        File.createTempFile("safe", input, new File("safeDir"));
     }
 }