From a1279d15a35ffa964d030fc09ca1d8035a206d15 Mon Sep 17 00:00:00 2001 From: Philip Helger Date: Tue, 10 Sep 2024 20:32:02 +0200 Subject: [PATCH] Fix for error CWE-377 --- .../com/helger/phase4/util/AS4ResourceHelper.java | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/phase4-lib/src/main/java/com/helger/phase4/util/AS4ResourceHelper.java b/phase4-lib/src/main/java/com/helger/phase4/util/AS4ResourceHelper.java index d58e9100f..c090b7c36 100644 --- a/phase4-lib/src/main/java/com/helger/phase4/util/AS4ResourceHelper.java +++ b/phase4-lib/src/main/java/com/helger/phase4/util/AS4ResourceHelper.java @@ -20,6 +20,7 @@ import java.io.File; import java.io.IOException; import java.io.OutputStream; +import java.nio.file.Files; import java.util.concurrent.atomic.AtomicBoolean; import javax.annotation.Nonnull; @@ -53,7 +54,10 @@ */ public class AS4ResourceHelper implements Closeable { + private static final String TEMP_FILE_PREFIX = "phase4-res-"; + private static final String TEMP_FILE_SUFFIX = ".tmp"; private static final Logger LOGGER = LoggerFactory.getLogger (AS4ResourceHelper.class); + private static File s_aTempDir; /** @@ -110,7 +114,12 @@ public File createTempFile () throws IOException throw new IllegalStateException ("ResourceManager is already closing/closed!"); // Create - final File ret = File.createTempFile ("phase4-res-", ".tmp", s_aTempDir); + final File ret = s_aTempDir != null ? Files.createTempFile (s_aTempDir.toPath (), + TEMP_FILE_PREFIX, + TEMP_FILE_SUFFIX).toFile () : Files.createTempFile ( + TEMP_FILE_PREFIX, + TEMP_FILE_SUFFIX) + .toFile (); // And remember m_aRWLock.writeLocked ( () -> m_aTempFiles.add (ret));