-
Type:
Improvement
-
Status: Resolved (View Workflow)
-
Priority:
Minor
-
Resolution: Fixed
-
Component/s: core
-
Labels:
-
Environment:OSX
-
Similar Issues:
Using File.createTempFile as the first step in creating a temporary directory causes a race condition and is inherently unreliable and insecure.
- relates to
-
-
- Closed
-
- links to
Effectively this is a part of JENKINS-47324
Code changed in jenkins
User: Larry Singleton
Path:
core/src/main/java/hudson/FilePath.java
core/src/test/java/hudson/FilePathTest.java
http://jenkins-ci.org/commit/jenkins/8e78ab1c660de81f48beecedced25d9b2cbbf64a
Log:
JENKINS-48227 Use "Files.createTempDirectory" to create temp directory (#3161)
- Use "Files.createTempDirectory" to create temp directory instead
See SonarQube critical vulnerability squid:S2976 (tag: owasp-a9)
https://next.sonarqube.com/sonarqube/coding_rules#rule_key=squid%3AS2976
JENKINS-48227
Creating a utility "static Path toPath(File file) throws IOException" method,
which wraps InvalidPathException to IOException so that it will be checked.
- also fixed public static final reference
- fixed broken test cases
- added new test cases for toPath() and createTempDir()
- Revert back to public static int
- adjustments due to merges
- Add posix check to determine if Posix FileAttributes should be included
in call to Files.createTempDirectory()
- Remove reference to private element
- Updated to use explicit imports
Seems to be fixed actually, isn't it?
https://github.com/jenkinsci/jenkins/pull/3161 ?
Larry Singleton can you comment and mark this issue as resolved if confirmed? Thanks!
Yes. Issue is resolved.
Thanks!
Link to personal sonar cloud analysis report