Skip to content
This repository has been archived by the owner on Jul 3, 2023. It is now read-only.

[SECURITY] Fix Temporary Directory Hijacking or Information Disclosure Vulnerability #150

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[SECURITY] Fix Temporary Directory Hijacking or Information Disclosure Vulnerability #150

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions commons/src/test/java/org/apache/oodt/commons/util/EnterpriseEntityResolverTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
package org.apache.oodt.commons.util;

import java.io.File;
import java.nio.file.Files;
import java.util.Collections;
import java.util.List;
import junit.framework.TestCase;
Expand All @@ -41,9 +42,7 @@ public EnterpriseEntityResolverTest(String name) {
*/
public void setUp() throws Exception {
super.setUp();
testDir = File.createTempFile("eet", ".dir");
testDir.delete();
testDir.mkdir();
testDir = Files.createTempDirectory("eet" + ".dir").toFile();
testFile = new File(testDir, "test-entry-do-not-remove.dtd");
if (!testFile.createNewFile())
throw new Exception(testFile + " already exists, but shouldn't");
Expand Down
14 changes: 5 additions & 9 deletions commons/src/test/java/org/apache/oodt/commons/util/UtilityTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@

import java.io.File;
import java.io.IOException;
import java.nio.file.Files;

import junit.framework.TestCase;

public class UtilityTest extends TestCase {
Expand All @@ -25,18 +27,12 @@ public UtilityTest(String caseName) {
}

public void testDelete() throws IOException {
File top = File.createTempFile("topdir", ".dir");
top.delete();
top.mkdir();
File top = Files.createTempDirectory("topdir" + ".dir").toFile();
File f1 = File.createTempFile("nesteddir", ".file", top);
File f2 = File.createTempFile("nesteddir", ".file", top);
File d1 = File.createTempFile("nesteddir", ".dir", top);
d1.delete();
d1.mkdir();
File d1 = Files.createTempDirectory(top.toPath(), "nesteddir" + ".dir").toFile();
File f3 = File.createTempFile("nesteddir", ".file", d1);
File d2 = File.createTempFile("nesteddir", ".dir", d1);
d2.delete();
d2.mkdir();
File d2 = Files.createTempDirectory(d1.toPath(), "nesteddir" + ".dir").toFile();
File f4 = File.createTempFile("nesteddir", ".file", d2);

assertTrue(Utility.delete(top));
Expand Down
7 changes: 2 additions & 5 deletions metadata/src/test/java/org/apache/oodt/cas/metadata/MetadataTestCase.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import java.io.File;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.nio.file.Files;
import java.io.IOException;

// Junit Testing framework
Expand Down Expand Up @@ -51,11 +52,7 @@ public MetadataTestCase(String name) {
*/
public void setUp() throws Exception {
super.setUp(); // Set up the framework test harness
tmpDir = File.createTempFile("metadata", ".tests"); // Get a temporary file
if (!tmpDir.delete()) // File?! We don't want no stinkin' file
throw new IOException("Cannot delete temporary file " + tmpDir);
if (!tmpDir.mkdirs()) // Directory is what we want
throw new IOException("Cannot create temporary directory " + tmpDir);
tmpDir = Files.createTempDirectory("metadata" + ".tests").toFile();
//tmpDir.deleteOnExit();
}

Expand Down