From 47d889c78c5347fbbe58207913707483fb98f460 Mon Sep 17 00:00:00 2001 From: Jonathan Leitschuh Date: Tue, 4 Oct 2022 00:23:54 +0000 Subject: [PATCH] vuln-fix: Temporary Directory Hijacking or Information Disclosure This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure. Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions Severity: High CVSSS: 7.3 Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory) Reported-by: Jonathan Leitschuh Signed-off-by: Jonathan Leitschuh Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/10 Co-authored-by: Moderne --- .../controller/audit/FileAuditLogHandlerUnitTestCase.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/controller/src/test/java/org/jboss/as/controller/audit/FileAuditLogHandlerUnitTestCase.java b/controller/src/test/java/org/jboss/as/controller/audit/FileAuditLogHandlerUnitTestCase.java index e64b079ce0a..db54b6a1c0d 100644 --- a/controller/src/test/java/org/jboss/as/controller/audit/FileAuditLogHandlerUnitTestCase.java +++ b/controller/src/test/java/org/jboss/as/controller/audit/FileAuditLogHandlerUnitTestCase.java @@ -25,6 +25,7 @@ import java.io.File; import java.io.IOException; +import java.nio.file.Files; import org.jboss.as.controller.services.path.PathManagerService; import org.junit.After; @@ -73,10 +74,7 @@ private void initializeHandler(boolean rotateAtStartup) { private static File createTempDir() { try { - File tempFile = File.createTempFile("test-config", ""); - if (!tempFile.delete() || !tempFile.mkdir()) { - throw new IOException("Couldn't create temp directory."); - } + File tempFile = Files.createTempDirectory("test-config").toFile(); return tempFile; } catch (Exception e) { throw new RuntimeException("Couldn't create temp directory.", e);