[MSCMPUB-56] vuln-fix: Temporary Directory Hijacking or Information D…

…isclosure This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure. Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions Severity: High CVSSS: 7.3 Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory) Reported-by: Jonathan Leitschuh <[email protected]> Signed-off-by: Jonathan Leitschuh <[email protected]> Bug-tracker: JLLeitschuh/security-research#10 Co-authored-by: Moderne <[email protected]> Closes #7
apache · Mar 4, 2023 · 973eb14 · 973eb14
1 parent d8e0878
commit 973eb14
Showing 1 changed file with 5 additions and 7 deletions.
diff --git a/src/main/java/org/apache/maven/plugins/scmpublish/AbstractScmPublishMojo.java b/src/main/java/org/apache/maven/plugins/scmpublish/AbstractScmPublishMojo.java
@@ -176,7 +176,7 @@ public abstract class AbstractScmPublishMojo
      */
     @Component
     protected ScmRepositoryConfigurator scmRepositoryConfigurator;
-    
+
     /**
      * The serverId specified in the settings.xml, which should be used for the authentication.
      */
@@ -232,10 +232,10 @@ public abstract class AbstractScmPublishMojo
      */
     @Parameter( defaultValue = "${settings}", readonly = true, required = true )
     protected Settings settings;
-    
+
     @Component
     private SettingsDecrypter settingsDecrypter;
- 
+
 
     /**
      * Collections of paths not to delete when checking content to delete.
@@ -320,7 +320,7 @@ private ReleaseDescriptor setupScm()
 
             String provider = ScmUrlUtils.getProvider( pubScmUrl );
             String delimiter = ScmUrlUtils.getDelimiter( pubScmUrl );
-            
+
             String providerPart = "scm:" + provider + delimiter;
 
             // X TODO: also check the information from releaseDescriptor.getScmRelativePathProjectDirectory()
@@ -592,9 +592,7 @@ public void execute()
             try
             {
                 tmpCheckout = true;
-                checkoutDirectory = File.createTempFile( "maven-scm-publish", ".checkout" );
-                checkoutDirectory.delete();
-                checkoutDirectory.mkdir();
+                checkoutDirectory = Files.createTempDirectory( "maven-scm-publish" + ".checkout" ).toFile();
             }
             catch ( IOException ioe )
             {