Skip to content

Commit

Permalink
vuln-fix: Temporary Directory Hijacking or Information Disclosure
Browse files Browse the repository at this point in the history
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <team@moderne.io>
  • Loading branch information
JLLeitschuh and TeamModerne committed Jul 27, 2022
1 parent 4b726e3 commit a65bf67
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
Expand Down Expand Up @@ -67,10 +68,8 @@ public HttpResponse doGenerate(@QueryParameter("name") String _name, @QueryParam
File settings = File.createTempFile("settings","xml");
FileUtils.copyURLToFile(getClass().getClassLoader().getResource("settings.xml"),settings);

final File tmpDir = File.createTempFile("plugin","gen");
final File tmpDir = Files.createTempDirectory("plugin" + "gen").toFile();
try {
tmpDir.delete();
tmpDir.mkdir();

List<String> args = new ArrayList<String>();
args.add(mvn.getAbsolutePath());
Expand Down
5 changes: 2 additions & 3 deletions src/main/java/org/jenkinsci/backend/jpicreate/WebAppMain.java
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import javax.sound.midi.SysexMessage;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;

/**
* @author Kohsuke Kawaguchi
Expand Down Expand Up @@ -41,9 +42,7 @@ private File extractMaven() throws IOException, InterruptedException {
FileUtils.copyURLToFile(
getClass().getClassLoader().getResource("maven.zip"),
zip);
File bin = File.createTempFile("maven","bin");
bin.delete();
bin.mkdirs();
File bin = Files.createTempDirectory("maven" + "bin").toFile();

Process unzip = new ProcessBuilder("unzip", zip.getAbsolutePath())
.directory(bin).redirectErrorStream(true).start();
Expand Down

1 comment on commit a65bf67

@rvullriede
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately the linked recipe is not readable without creating an account, which many people won't do just for the sake of getting access...

Please sign in to comment.