Merge pull request #792 from BulkSecurityGeneratorProjectV2/fix/JLL/t…

…emporary_file_local_information_disclosure [SECURITY] Fix Temporary File Information Disclosure Vulnerability
jenkinsci · Jan 6, 2023 · 948fc87 · 948fc87
2 parents 4b931d2 + 1a553df
commit 948fc87
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/src/main/java/hudson/plugins/ec2/ssh/EC2MacLauncher.java b/src/main/java/hudson/plugins/ec2/ssh/EC2MacLauncher.java
@@ -47,6 +47,7 @@
 import java.net.InetSocketAddress;
 import java.net.Proxy;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -294,7 +295,7 @@ private File createIdentityKeyFile(EC2Computer computer) throws IOException {
             privateKey = ec2PrivateKey.getPrivateKey();
         }
 
-        File tempFile = File.createTempFile("ec2_", ".pem");
+        File tempFile = Files.createTempFile("ec2_", ".pem").toFile();
 
         try {
             FileOutputStream fileOutputStream = new FileOutputStream(tempFile);

diff --git a/src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java b/src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java
@@ -45,6 +45,7 @@
 import java.net.InetSocketAddress;
 import java.net.Proxy;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 import java.util.Base64;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -316,7 +317,7 @@ private File createIdentityKeyFile(EC2Computer computer) throws IOException {
             privateKey = ec2PrivateKey.getPrivateKey();
         }
 
-        File tempFile = File.createTempFile("ec2_", ".pem");
+        File tempFile = Files.createTempFile("ec2_", ".pem").toFile();
 
         try {
             FileOutputStream fileOutputStream = new FileOutputStream(tempFile);
@@ -344,7 +345,7 @@ private File createHostKeyFile(EC2Computer computer, String ec2HostAddress, Task
         if (ec2HostKey == null){
             return null;
         }
-        File tempFile = File.createTempFile("ec2_", "_known_hosts");
+        File tempFile = Files.createTempFile("ec2_", "_known_hosts").toFile();
         String knownHost = "";
         knownHost = String.format("%s %s %s", ec2HostAddress, ec2HostKey.getAlgorithm(), Base64.getEncoder().encodeToString(ec2HostKey.getKey()));