Fix createTempFile security (#1982)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -108,6 +108,11 @@ public abstract class AbstractArtifactRepository implements ArtifactRepository {
|
|||||||
private static File createTempFile() {
|
private static File createTempFile() {
|
||||||
try {
|
try {
|
||||||
final File file = Files.createTempFile(TEMP_FILE_PREFIX, TEMP_FILE_SUFFIX).toFile();
|
final File file = Files.createTempFile(TEMP_FILE_PREFIX, TEMP_FILE_SUFFIX).toFile();
|
||||||
|
if (!(file.setReadable(true, true) &&
|
||||||
|
file.setWritable(true, true) &&
|
||||||
|
file.setExecutable(false))) {
|
||||||
|
throw new IOException("Can't set proper permissions!");
|
||||||
|
}
|
||||||
file.deleteOnExit();
|
file.deleteOnExit();
|
||||||
return file;
|
return file;
|
||||||
} catch (final IOException e) {
|
} catch (final IOException e) {
|
||||||
|
|||||||
Reference in New Issue
Block a user