From 49aeca0bfa342205fa25f1d29c48c9aeb29ae085 Mon Sep 17 00:00:00 2001 From: Jonathan Leitschuh Date: Tue, 4 Oct 2022 00:16:22 +0000 Subject: [PATCH] vuln-fix: Temporary Directory Hijacking or Information Disclosure This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure. Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions Severity: High CVSSS: 7.3 Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory) Reported-by: Jonathan Leitschuh Signed-off-by: Jonathan Leitschuh Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/10 Co-authored-by: Moderne --- .../tomcat/maven/plugin/tomcat7/run/RunMojo.java | 13 ++----------- .../tomcat/maven/plugin/tomcat8/run/RunMojo.java | 13 ++----------- 2 files changed, 4 insertions(+), 22 deletions(-) diff --git a/tomcat7-maven-plugin/src/main/java/org/apache/tomcat/maven/plugin/tomcat7/run/RunMojo.java b/tomcat7-maven-plugin/src/main/java/org/apache/tomcat/maven/plugin/tomcat7/run/RunMojo.java index feae81b8..28aa1469 100644 --- a/tomcat7-maven-plugin/src/main/java/org/apache/tomcat/maven/plugin/tomcat7/run/RunMojo.java +++ b/tomcat7-maven-plugin/src/main/java/org/apache/tomcat/maven/plugin/tomcat7/run/RunMojo.java @@ -46,6 +46,7 @@ import java.io.FileWriter; import java.io.IOException; import java.io.StringWriter; +import java.nio.file.Files; import java.util.List; import java.util.Set; @@ -153,17 +154,7 @@ public void run() private static File createTempDirectory( File baseTmpDirectory ) throws IOException { - final File temp = File.createTempFile( "temp", Long.toString( System.nanoTime() ), baseTmpDirectory ); - - if ( !( temp.delete() ) ) - { - throw new IOException( "Could not delete temp file: " + temp.getAbsolutePath() ); - } - - if ( !( temp.mkdir() ) ) - { - throw new IOException( "Could not create temp directory: " + temp.getAbsolutePath() ); - } + final File temp = Files.createTempDirectory(baseTmpDirectory.toPath(), "temp" + Long.toString(System.nanoTime())).toFile(); return temp; } diff --git a/tomcat8-maven-plugin/src/main/java/org/apache/tomcat/maven/plugin/tomcat8/run/RunMojo.java b/tomcat8-maven-plugin/src/main/java/org/apache/tomcat/maven/plugin/tomcat8/run/RunMojo.java index e4e40404..d79daea7 100644 --- a/tomcat8-maven-plugin/src/main/java/org/apache/tomcat/maven/plugin/tomcat8/run/RunMojo.java +++ b/tomcat8-maven-plugin/src/main/java/org/apache/tomcat/maven/plugin/tomcat8/run/RunMojo.java @@ -63,6 +63,7 @@ import java.net.URISyntaxException; import java.net.URL; import java.net.URLClassLoader; +import java.nio.file.Files; import java.util.ArrayList; import java.util.Collections; import java.util.Enumeration; @@ -182,17 +183,7 @@ public void run() private static File createTempDirectory( File baseTmpDirectory ) throws IOException { - final File temp = File.createTempFile( "temp", Long.toString( System.nanoTime() ), baseTmpDirectory ); - - if ( !( temp.delete() ) ) - { - throw new IOException( "Could not delete temp file: " + temp.getAbsolutePath() ); - } - - if ( !( temp.mkdir() ) ) - { - throw new IOException( "Could not create temp directory: " + temp.getAbsolutePath() ); - } + final File temp = Files.createTempDirectory(baseTmpDirectory.toPath(), "temp" + Long.toString(System.nanoTime())).toFile(); return temp; }