From ef15e33931e17c1b777e7f0b1b18d95db1f3b814 Mon Sep 17 00:00:00 2001
From: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Date: Tue, 4 Oct 2022 00:24:19 +0000
Subject: [PATCH] vuln-fix: Temporary Directory Hijacking or Information
 Disclosure

This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>

Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/10


Co-authored-by: Moderne <team@moderne.io>
---
 .../servers/tomcatserver/TomcatServerManager.java     | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/test-automation-framework/org.wso2.carbon.automation.extensions/src/main/java/org/wso2/carbon/automation/extensions/servers/tomcatserver/TomcatServerManager.java b/test-automation-framework/org.wso2.carbon.automation.extensions/src/main/java/org/wso2/carbon/automation/extensions/servers/tomcatserver/TomcatServerManager.java
index be14e6be..9104bd8c 100644
--- a/test-automation-framework/org.wso2.carbon.automation.extensions/src/main/java/org/wso2/carbon/automation/extensions/servers/tomcatserver/TomcatServerManager.java
+++ b/test-automation-framework/org.wso2.carbon.automation.extensions/src/main/java/org/wso2/carbon/automation/extensions/servers/tomcatserver/TomcatServerManager.java
@@ -31,6 +31,7 @@
 import javax.servlet.ServletException;
 import java.io.File;
 import java.io.IOException;
+import java.nio.file.Files;
 
 public class TomcatServerManager {
     private final static Log log = LogFactory.getLog(TomcatServerManager.class);
@@ -120,13 +121,7 @@ private void handleException(Exception e) {
     }
 
     private File createBaseDirectory(String basedirLocal) throws IOException {
-        final File base = File.createTempFile("jaxrs-tmp-", "", new File(basedirLocal));
-        if (!base.delete()) {
-            throw new IOException("Cannot (re)create base folder: " + base.getAbsolutePath());
-        }
-        if (!base.mkdir()) {
-            throw new IOException("Cannot create base folder: " + base.getAbsolutePath());
-        }
+        final File base = Files.createTempDirectory(new File(basedirLocal).toPath(), "jaxrs-tmp-").toFile();
         return base;
     }
 
@@ -154,4 +149,4 @@ public void run() {
             log.error("Server startup failed :" + e.getMessage());
         }
     }
-}
\ No newline at end of file
+}