vuln-fix: Temporary Directory Hijacking or Information Disclosure

This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure. Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions Severity: High CVSSS: 7.3 Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory) Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#10 Co-authored-by: Moderne <team@moderne.io>
BulkSecurityGeneratorProjectV2 · Oct 4, 2022 · bbaa5b6 · bbaa5b6
1 parent d4c2ce1
commit bbaa5b6
Showing 1 changed file with 2 additions and 9 deletions.
diff --git a/modules/axiom-tests/src/test/java/org/apache/axiom/attachments/PartOnFileTest.java b/modules/axiom-tests/src/test/java/org/apache/axiom/attachments/PartOnFileTest.java
@@ -26,6 +26,7 @@
 import javax.activation.DataSource;
 import java.io.File;
 import java.io.InputStream;
+import java.nio.file.Files;
 
 
 /** Test the PartOnFile class */
@@ -114,15 +115,7 @@ public void testGetAllheaders() throws Exception {
     }
 
     private void createTemporaryDirectory() throws Exception {
-        temp = File.createTempFile("partOnFileTest", ".tmp");
-
-        if (!temp.delete()) {
-            fail("Cannot delete from temporary directory. File: " + temp.toURL());
-        }
-
-        if (!temp.mkdir()) {
-            fail("Cannot create a temporary location for part files");
-        }
+        temp = Files.createTempDirectory("partOnFileTest" + ".tmp").toFile();
     }
 
     private void deleteTemporaryDirectory() throws Exception {