vuln-fix: Temporary Directory Hijacking or Information Disclosure

This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>

Author: JLLeitschuh

src/main/java/org/bridj/Platform.java

@@ -40,6 +40,7 @@
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLClassLoader;
+import java.nio.file.Files;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Iterator;
@@ -710,8 +711,8 @@ static File extractEmbeddedLibraryResource(String name) throws IOException {
     static File createTempDir(String prefix) throws IOException {
         File dir;
         for (int i = 0; i < maxTempFileAttempts; i++) {
-            dir = File.createTempFile(prefix, "");
-            if (dir.delete() && dir.mkdirs()) {
+            dir = Files.createTempDirectory(prefix).toFile();
+            if (true) {
                 return dir;
             }
         }

src/test/java/org/bridj/NativeLibraryTest.java

@@ -35,6 +35,7 @@
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
+import java.nio.file.Files;
 
 import org.bridj.ann.Library;
 import org.bridj.ann.Runtime;
@@ -46,9 +47,7 @@
 public class NativeLibraryTest {
 
 	static File tempDir() throws IOException {
-		File f = File.createTempFile("bridj", "natlibtest");
-		f.delete();
-		f.mkdir();
+		File f = Files.createTempDirectory("bridj" + "natlibtest").toFile();
 		f.deleteOnExit();
 		return f;
 	}