vuln-fix: Temporary Directory Hijacking or Information Disclosure

This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure. Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions Severity: High CVSSS: 7.3 Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory) Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#10 Co-authored-by: Moderne <team@moderne.io>
jenkinsci · Jul 27, 2022 · b6ceb60 · b6ceb60
1 parent 0b4f1e6
commit b6ceb60
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/src/test/java/com/vectorcast/plugins/vectorcastcoverage/VectorCASTPublisherTest.java b/src/test/java/com/vectorcast/plugins/vectorcastcoverage/VectorCASTPublisherTest.java
@@ -6,6 +6,7 @@
 import junit.framework.Assert;
 
 import java.io.File;
+import java.nio.file.Files;
 
 /**
  * 
@@ -16,9 +17,7 @@ public class VectorCASTPublisherTest extends AbstractVectorCASTTestBase {
 	public void testLocateReports() throws Exception {
 
 		// Create a temporary workspace in the system 
-		File w = File.createTempFile("workspace", ".test");
-		w.delete();
-		w.mkdir();
+		File w = Files.createTempDirectory("workspace" + ".test").toFile();
 		w.deleteOnExit();
 		FilePath workspace = new FilePath(w);
 
@@ -63,4 +62,4 @@ public void testLocateReports() throws Exception {
 
 	}
 
-}
+}