From 68c851ef1a1335a4f22356826fd6328ba1332aa8 Mon Sep 17 00:00:00 2001 From: Jonathan Leitschuh Date: Wed, 27 Jul 2022 16:35:29 +0000 Subject: [PATCH] vuln-fix: Temporary Directory Hijacking or Information Disclosure This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure. Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions Severity: High CVSSS: 7.3 Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory) Reported-by: Jonathan Leitschuh Signed-off-by: Jonathan Leitschuh Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/10 Co-authored-by: Moderne --- src/main/java/tahrir/tools/TrUtils.java | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/src/main/java/tahrir/tools/TrUtils.java b/src/main/java/tahrir/tools/TrUtils.java index 1bf5dd1..3d86d89 100644 --- a/src/main/java/tahrir/tools/TrUtils.java +++ b/src/main/java/tahrir/tools/TrUtils.java @@ -17,6 +17,7 @@ import java.io.*; import java.lang.reflect.Type; +import java.nio.file.Files; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.util.Random; @@ -162,13 +163,7 @@ public static BroadcastMessage getBroadcastMessageFrom(TrNode node, UserIdentity public static File createTempDirectory() throws IOException { final File temp; - temp = File.createTempFile("temp", Long.toString(System.nanoTime())); - - if (!(temp.delete())) - throw new IOException("Could not delete temp file: " + temp.getAbsolutePath()); - - if (!(temp.mkdir())) - throw new IOException("Could not create temp directory: " + temp.getAbsolutePath()); + temp = Files.createTempDirectory("temp" + Long.toString(System.nanoTime())).toFile(); return (temp); }