From 9e78844ccc92f4b6fc0a9ed9a2e582ea9ec816df Mon Sep 17 00:00:00 2001
From: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Date: Tue, 4 Oct 2022 00:20:07 +0000
Subject: [PATCH] vuln-fix: Temporary Directory Hijacking or Information
 Disclosure

This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>

Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/10


Co-authored-by: Moderne <team@moderne.io>
---
 .../org/bouncycastle/tsp/test/ERSTest.java    | 89 +++++++++----------
 1 file changed, 41 insertions(+), 48 deletions(-)

diff --git a/pkix/src/test/java/org/bouncycastle/tsp/test/ERSTest.java b/pkix/src/test/java/org/bouncycastle/tsp/test/ERSTest.java
index cf195627c7..7305d5258e 100644
--- a/pkix/src/test/java/org/bouncycastle/tsp/test/ERSTest.java
+++ b/pkix/src/test/java/org/bouncycastle/tsp/test/ERSTest.java
@@ -5,6 +5,7 @@
 import java.io.FileOutputStream;
 import java.io.OutputStream;
 import java.math.BigInteger;
+import java.nio.file.Files;
 import java.security.KeyPair;
 import java.security.MessageDigest;
 import java.security.PrivateKey;
@@ -1066,56 +1067,48 @@ public void test4NodeBuild()
     public void testDirUtil()
         throws Exception
     {
-        File rootDir = File.createTempFile("ers", ".dir");
-        rootDir.delete();
-        if (rootDir.mkdir())
-        {
-            DigestCalculatorProvider digestCalculatorProvider = new JcaDigestCalculatorProviderBuilder().build();
-            DigestCalculator digestCalculator = digestCalculatorProvider.get(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256));
-
-            File h1 = new File(rootDir, "h1");
-            OutputStream fOut = new FileOutputStream(h1);
-            fOut.write(H1_DATA);
-            fOut.close();
-
-            File h2 = new File(rootDir, "h2");
-            fOut = new FileOutputStream(h2);
-            fOut.write(H2_DATA);
-            fOut.close();
-
-            File h3 = new File(rootDir, "h3");
-            h3.mkdir();
-            fOut = new FileOutputStream(new File(h3, "a"));
-            fOut.write(H3A_DATA);
-            fOut.close();
-            fOut = new FileOutputStream(new File(h3, "b"));
-            fOut.write(H3B_DATA);
-            fOut.close();
-            fOut = new FileOutputStream(new File(h3, "c"));
-            fOut.write(H3C_DATA);
-            fOut.close();
-
-            ERSArchiveTimeStampGenerator ersGen = new ERSArchiveTimeStampGenerator(digestCalculator);
-
-            ersGen.addData(new ERSFileData(h1));
-            ersGen.addData(new ERSFileData(h2));
-            ersGen.addData(new ERSDirectoryDataGroup(h3));
-
-            TimeStampRequestGenerator tspReqGen = new TimeStampRequestGenerator();
-
-            tspReqGen.setCertReq(true);
-
-            TimeStampRequest tspReq = ersGen.generateTimeStampRequest(tspReqGen);
-   
-            Assert.assertTrue(Arrays.areEqual(Hex.decode("98fbf91c1aebdfec514d4a76532ec95f27ebcf4c8b6f7e2947afcbbfe7084cd4"),
+        File rootDir = Files.createTempDirectory("ers" + ".dir").toFile();
+        DigestCalculatorProvider digestCalculatorProvider = new JcaDigestCalculatorProviderBuilder().build();
+        DigestCalculator digestCalculator = digestCalculatorProvider.get(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256));
+
+        File h1 = new File(rootDir, "h1");
+        OutputStream fOut = new FileOutputStream(h1);
+        fOut.write(H1_DATA);
+        fOut.close();
+
+        File h2 = new File(rootDir, "h2");
+        fOut = new FileOutputStream(h2);
+        fOut.write(H2_DATA);
+        fOut.close();
+
+        File h3 = new File(rootDir, "h3");
+        h3.mkdir();
+        fOut = new FileOutputStream(new File(h3, "a"));
+        fOut.write(H3A_DATA);
+        fOut.close();
+        fOut = new FileOutputStream(new File(h3, "b"));
+        fOut.write(H3B_DATA);
+        fOut.close();
+        fOut = new FileOutputStream(new File(h3, "c"));
+        fOut.write(H3C_DATA);
+        fOut.close();
+
+        ERSArchiveTimeStampGenerator ersGen = new ERSArchiveTimeStampGenerator(digestCalculator);
+
+        ersGen.addData(new ERSFileData(h1));
+        ersGen.addData(new ERSFileData(h2));
+        ersGen.addData(new ERSDirectoryDataGroup(h3));
+
+        TimeStampRequestGenerator tspReqGen = new TimeStampRequestGenerator();
+
+        tspReqGen.setCertReq(true);
+
+        TimeStampRequest tspReq = ersGen.generateTimeStampRequest(tspReqGen);
+
+        Assert.assertTrue(Arrays.areEqual(Hex.decode("98fbf91c1aebdfec514d4a76532ec95f27ebcf4c8b6f7e2947afcbbfe7084cd4"),
                 tspReq.getMessageImprintDigest()));
 
-            deleteDirectory(rootDir);
-        }
-        else
-        {
-            throw new Exception("can't create temp dir");
-        }
+        deleteDirectory(rootDir);
     }
 
     public void testBSIData()