lingwei.kong/hawkbit
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Fix createTempFile security (#1982)

Browse Source 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2024-11-09 14:36:52 +02:00
committed by GitHub
parent fe8fb3a602
commit 17fb7efe42
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hawkbit-core/src/main/java/org/eclipse/hawkbit/artifact/repository/AbstractArtifactRepository.java
View File

@@ -108,6 +108,11 @@ public abstract class AbstractArtifactRepository implements ArtifactRepository {
private static File createTempFile() {
try {
final File file = Files.createTempFile(TEMP_FILE_PREFIX, TEMP_FILE_SUFFIX).toFile();
if (!(file.setReadable(true, true) &&
file.setWritable(true, true) &&
file.setExecutable(false))) {
throw new IOException("Can't set proper permissions!");
}
file.deleteOnExit();
return file;
} catch (final IOException e) {