From 17fb7efe42bde4ac3014fda41eb24f32550fda3e Mon Sep 17 00:00:00 2001
From: Avgustin Marinov <Avgustin.Marinov@bosch.com>
Date: Sat, 9 Nov 2024 14:36:52 +0200
Subject: [PATCH] Fix createTempFile security (#1982)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
---
 .../artifact/repository/AbstractArtifactRepository.java      | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hawkbit-core/src/main/java/org/eclipse/hawkbit/artifact/repository/AbstractArtifactRepository.java b/hawkbit-core/src/main/java/org/eclipse/hawkbit/artifact/repository/AbstractArtifactRepository.java
index 0f6040757..8520d9c8a 100644
--- a/hawkbit-core/src/main/java/org/eclipse/hawkbit/artifact/repository/AbstractArtifactRepository.java
+++ b/hawkbit-core/src/main/java/org/eclipse/hawkbit/artifact/repository/AbstractArtifactRepository.java
@@ -108,6 +108,11 @@ public abstract class AbstractArtifactRepository implements ArtifactRepository {
     private static File createTempFile() {
         try {
             final File file = Files.createTempFile(TEMP_FILE_PREFIX, TEMP_FILE_SUFFIX).toFile();
+            if (!(file.setReadable(true, true) &&
+                    file.setWritable(true, true) &&
+                    file.setExecutable(false))) {
+                throw new IOException("Can't set proper permissions!");
+            }
             file.deleteOnExit();
             return file;
         } catch (final IOException e) {